Holy crap! All of sudden every forum has acquired 100s to 1000s of new posts/threads (at least as given on the homepage in parentheses), although none such show up in any of the forums.

Explanation?! Is this another malicious blast out of the ether? Or just some monstrous internal struggle of the website with itself?

Neither; you've been logged out and must re-log in (or at least that's what happened to me a coupl'a nights ago).

Wrong. I've been logged in for several days straight. This just appeared as I was between forum views.
So, the question remains.

artie: You presented an interesting possibility, so I logged out and logged back just now, and the anomalies disappeared. So whatever caused the problem has resolved itself.

That's strange!

I see that multitude of new threads/posts about once a month, and on every occasion I look to the upper right-hand corner of my screen and see that I've been logged out. I assume it's continuing fallout from the change in UBB.threads that was discussed a bunch of months ago (I can't locate the thread.), but the frequency/timing seem to have changed, so I'm not sure.

And, by the way, I never log out on my own; it just happens on it's own, usually while I'm away from my deuced Mac(hina). It's never happened suddenly as you've described, but I assume it would if I was visiting FTM when it happened.

Neither do I. You'll recall that tacit mentioned the new setup would only permit a finite (ca 4-week) login period. I just wait until that happens.
As mentioned, I wasn't logged out when the bizarre behavior happened. But logging out and back in resolved the issue.

You must be logged out when your modem's turned off, because you aren't listed in "Who's Online" 100% of the time, as I am.

At any rate, what you experienced may have been anomalous, so let's see if it happens again...to anybody.

There does exist an option in user prefs not to be shown in Who's Online. It's been there as long as I can remember, since way back in the MFIF years.

I assume that I saw and dealt with that option years ago and then totally forgot about its existence; thanks for reminding me of it.

Now I've got to take a look and see how grelber's got it checked. (It seems to me that I've seen his name, but I wouldn't bet on it.)

Edit: But that doesn't change the fact that he must be logged out of FTM when his modem is turned off, does it?

Nope. Whenever FTM's maximum login period expires, I always check "Remember me on each visit" when I re-login.

I've always thought that checking that box set a cookie that populated the login box the next time it came up, not that it kept you logged in.

So you're saying that when you turn your modem back on and visit FTM you're already, i.e. still, logged in? Maybe it's the same as my quitting Safari and still being logged in to FTM when I return?

I think I'm confused, but I'm not quite certain about what. (Maybe it's about precisely how a browsing session is terminated?)

Edit: I just quit Safari and deleted my FTM cookies, and I had to log in when I relaunched, so I learned something, but my login box was populated, so now I'm confused about what's stored where.

The only modem I use is to get on line — as you'll recall my access to the Internet is via dialup.
Clearing cookies would log you out, but simply quitting the browser wouldn't (since the cookies are retained unless you've set the browser to delete cookies under such circumstances).

A crafty person can sometimes go into their cookie jar and update the expiration date. Those are almost never checked by the websites, they rely on the browser dumping them when they are supposed to expire.

I know someone that's been using the same tweaked cookie to access a resource page on a service he hasn't been associated with for well over two years

One word, five letters, starts with A

#1 Too bad I ain't crafty, but the current situation with FTM's login expiry ain't all that onerous.

#2 I thought it had 7 letters ...

The lack of Mod input may have answered this question, but I'd prefer positive to negative confirmation...

Does retaining FTM's cookies leave you logged in when you quit your browser or turn off your modem, i.e. do you still show under "Who's Online", or does it auto-log you in when you return to the website?

Turn on Safari's Developer menu if you haven't already

With THIS page up, select Show Web Inspector

In the window below that opens up, select Cookies. Mine shows five cookies for finetunedmac.com, two of which expire on May 27. Two more are "session" and expire when I close this page. The first one "ubbt_x" looks like it expires May 3 of next year for some reason, I wonder if that's when UBB's license is up for renewal?

ubbt_myid and ubbt_hash are probably my user id and password here, those are the two that expire on the 27th. THEORETICALLY if I edited those cookies, I could increment the year on those dates, and I would stay logged in potentially for a year even if I never visited this site during that time. (this is because UBB relies on my BROWSER to delete the cookie when it expires, UBB only cares if the browser provides the right hash or not when requested, it has no idea how old my cookie is) Normally those cookies will get "refreshed" by my browser anytime I load a page here. The 27th is two weeks from now, which is probably a value set in the UBB admin console, "allow users to stay logged in [14] days". Though depending on how it's coded, UBB being reloaded at the server may invalidate my cookie. That just depends on if they were thoughtful enough to mix a UBB session ID in with my user id and password before they hashed it to create my ubbt_hash. (and if they weren't, *hand slap* "shame on you!")

Whether the username and password fields on the login page are blank or populated is determined by your browser auto-fill preferences.

AFAIK, if you check the "Remember me on each visit" box when you log in then you'll stay logged in unless/until you log out or delete your FTM cookies or they expire. Being logged in doesn't necessarily mean you'll show up in Who's Online, though. That page only displays those who have been active in the last x amount of time (where x has been 6 hours at FTM for years).

The way it works for me is that keeping my cookie means I automatically log in even after I've restarted or turned off the computer. I don't get taken to the login screen; I'm just logged in.

If I delete my cookie, then when I log in, I do not see anything in the Username and Password fields--they're blanked. I have Autofill turned off, so that's consistent with what Cyn says.

Random stumbling around just now and I noticed under my My Stuff tab, I have "Cookies"... never seen a site DO that before, interesting.

Also it'd be nice to see how many posts users have made. A lot of other forums display the number on the left of every post along with location etc.

We made the decision not to include that stat because a large number of posts tends to confer upon the one who's made them an aura of authority which may or may not actually be deserved.

FWIW, you can calculate any user's total posts by going to their profile and clicking on the Show User's Posts link. At the default display of 50 posts per page, for example, your 40+ pages works out to 2024 posts as of 7:59 EDST. Other totals include 2326 for joemikeb, and 4752 for artie505.

But please let's not turn this into a general FTM Feedback discussion thread!

Thanks; I've been aware of that pane for quite a while.

I see the same cookies you see, but ubbt_myid and ubbt_hash expire on the 11th, which is curious, because when those cookies began expiring it happened around the 24th of each month, and even if time shut down advances the date, my deuced Mac(hina) hasn't been shut down anywhere near 18 days in the entire three years I've had it.

Anyhow, I don't see any way to edit those cookies, and their expiration is no big deal...certainly not one that calls for "hacking".

Thanks, cyn.

I remembered AutoFill (How could I have forgotten about it?) while I was rolling around in bed, and you had posted before I got back to FTM.

But doesn't your "if you check the ... box when you log in then you'll stay logged in" conflict with tacit's


which suggests that he thinks he's auto-logged out when he leaves and auto-re-logged in when he returns (not that it's of any significance in light of the rest of your post)?

A quick supporting anecdote: When I hit the requisite number of posts and became a "Mac Wizard" back at MFIF I asked cyn if I could run without the title, because my posts were nowhere near as authoritative as V1's and Hal's (e.g.), and I had no business being classed with them, and her inability to do that spawned my "Anti-Wiz" avatar.

Some forum software has a "reputation" based system, where readers can "up-vote" a helpful post, and that total appears by the user. That seems to be a better way of sorting out the prolific from the helpful.

Since there's no discernible difference between staying logged in to a site when you have none of its pages loaded and instantaneously becoming logged in as part of the process of loading one of its pages upon your return, is there any useful purpose served by this question? This is a purely semantic "conflict."

Maybe not "purely semantic".

In the former instance, wouldn't a hacker be unable to log in to a user's account, while in the latter instance that could happen?

Here's an informative experiment:

While logged into FTM in your usual browser, launch another browser and try to log in from there.

OK, I was able to log in to FTM in Firefox while I was logged in in Safari, but I don't know if that's the answer for which I'm looking.

The important question is would somebody be able to log in from a different computer at a different IP Address at the same time I was logged in? (Sorry, but I've got no way to experiment.)

And further, were I to experiment, could I extrapolate my FTM results as being applicable to all websites?

I am currently logged into FTM on both my phone and my computer, if that helps clarify things for you.

It's baaack! The issue was ostensibly fixed by tacit to the maximum allowable within UBB.threads' constraints (see above), but all of a sudden it seems that the problem crops up weekly (not monthly). Anybody know what's up?

I dunno what's up with you, but as far as I can tell I'm still on a monthly schedule...longer if anything, but certainly not shorter.

It may be a 31 day month, because I remember the first time I found myself logged out being on the 4th, and although I haven't been keeping track of the exact date, I know it's definitely happening later now.

Not that security is much of an issue at FTM, but doesn't that strike you as being a serious security issue?

I know several supposedly highly secure financial sites and any number of e-commerce sites that allow simultaneously logons using the same userid and password.

Perhaps you could elaborate on why you see that as a serious security issue.

I really can't say definitively, but it just seems pretty unreasonable that two of me should be able to be logged in from different machines in different locations at the same time.

I can't see any purpose for it other than mayhem.

Why shouldn't a simultaneous login to an account be challenged to either alert the real me that a phony me is already logged in or to stymy a phony me when the real me is already logged in?

What say you, grelber?

Maybe it was just a glitch (somewhere along the line), but it's been 2 Sundays in a row when I've been required to log in anew. Prior to the switch back to regular time it was on a monthly basis (as noted).

I say either "Hang 'em from the yardarm!" or "Makes me no nevermind."

It came up in spell-check.

Where's that legendary paranoia?

Apple dictionary (2.2.3) only gives the preferred spelling and presents a different present participle:
verb (stymies, stymieing, stymied).
But point taken.

In this case I packed it in and agree with joemikeb (for the same reasons).

It's not in Dictionary.app v 2.1.3, but it turns up in spell-check all the same.

joemike didn't offer any reasons.

I took the reasons to be implicit, namely that there are apparently no serious security issues, and I agree with that.
Some SSL/https sites (eg, Google) might alert the user(s) regarding simultaneous usage but they allow it.
Chacun à son goût.

Reminds me a little of several providers' features of "log out al other instances of my account". Gmail has this. It's useful if, for example, you left yourself logged in at the library, or you borrowed someone's phone to access your email and it insisted on remembering the password. You login on their web site and tell gmail to log you out everywhere, and it expires all valid tokens and cookies.

Also if someone happens to steal/acquire your password, they probably can't change it on you (since they don't control the verification email address) but you'd need some way to get them out. This may be the only way to do it.