Author Topic: Total time logged in.  (Read 8499 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Total time logged in.
« Reply #15 on: December 26, 2010, 12:51:48 am »
If you leave your browser open on a page and don't click anything, the site has no way to know that you're still there (because you aren't sending it any requests).
I believe SMF keeps a 10 minute session open and then re-leases that time every new request you send. I don't remember where I read that though.
Yeah, that's pretty much the only way to do it. And it makes sense.

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: Total time logged in.
« Reply #16 on: December 26, 2010, 05:14:10 pm »
Yeah, that's pretty much the only way to do it. And it makes sense.
How do they keep timed session? Is it just a timestamp stored in a cookie that then gets read by the website?
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Total time logged in.
« Reply #17 on: December 26, 2010, 07:34:03 pm »
Yeah, that's pretty much the only way to do it. And it makes sense.
How do they keep timed session? Is it just a timestamp stored in a cookie that then gets read by the website?
No idea, but the most logical way to time a session would be to measure time between page hits. After a certain threshold, it counts as a new 'visit'.

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Total time logged in.
« Reply #18 on: December 27, 2010, 07:57:51 am »
They could just set a last visit field on your user row in the database. If you did it with a session variable cookie, you could hack it each time so your last load was 9 minutes and 50 seconds previous and rack up time very quickly. Then again, only the truly paranoid would protect against this attack.

EDIT -
It's 7:02 AM. That's my excuse and I'm sticking with it.
« Last Edit: December 27, 2010, 07:59:28 am by Joe »
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: Total time logged in.
« Reply #19 on: December 27, 2010, 11:33:49 am »
They could just set a last visit field on your user row in the database. If you did it with a session variable cookie, you could hack it each time so your last load was 9 minutes and 50 seconds previous and rack up time very quickly.
I'd understand for something meaningful why they would protect against that. My credit card website times you out after a certain amount of inactivity and you have to log back in. For SMF, I can't understand any reason for doing so.
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Total time logged in.
« Reply #20 on: December 27, 2010, 04:30:20 pm »
My credit card website times you out after a certain amount of inactivity and you have to log back in. For SMF, I can't understand any reason for doing so.

Likely the same way it does it.

The way the Last Activity page works is that it lists the last users logged in, the last page they loaded and how long ago that was. Within 15 minutes of you loading that page. Anyone wanna bet it has something to do with that?

(It adds your time between page loads to your total time logged in, and if you don't load a page after 15 minutes it adds 15 minutes and kills your session.)

Were we still really wondering how it works? Maybe I just jumped to conclusions.

Basically anyone that wanted to cheat that number could load Opera and have it refresh once every 15 minutes. Any faster than that and you're just wasting iago's precious bandwidth. :(
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT.