Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Forum log in weirdness on TFF

M

MacFoxG4

macrumors 6502
Original poster
Nov 22, 2019
450
628
Hi,

So I have this forum bookmarked on TFF FPR 22 on my Sawtooth and when I clicked on the bookmark and got taken to the home page I saw a message that said that “the active user may have changed, refresh the page.” I looked and I saw that a user by the name of Rabidbadger was logged in instead of me. When I tried to log this user out, I got asked to log in. If I navigate away from the main page I don’t see Rabidbadger anymore and I see the login and register buttons one normally sees when you are not logged in.

Anybody know why this is happening? This only happened on the Sawtooth. I don’t see Rabidbadger when using the forum on my iPhone, which is what I am doing now.
 
Last edited:
  • Like
Reactions: RogerWilco6502
eyoungren said:
You can report it to the mods, or at least ask questions.
Click to expand...

I’m sorry I got all freaked out and that’s why I made this thread. I should have contacted the mods. I also should have taken a screenshot.

I just booted up the Sawtooth again and navigated to the forums and I don’t see Rabidbadger anymore. Should I still contact the mods?
 
Raging Dufus said:
I saw that. Trying to be funny, failing as usual. One of these days I might stop... nah...
Click to expand...


I thought your post was funny. I wasn’t trying to correct you, I was responding to Roger’s post but the quote text got messed up (typing on iPhone is a pain sometimes) so I got frustrated with my phone and just ended up not quoting anyone. I’m gonna edit my post.
 
  • Like
Reactions: RogerWilco6502 and Raging Dufus
MacFoxG4 said:
I’m sorry I got all freaked out and that’s why I made this thread. I should have contacted the mods. I also should have taken a screenshot.

I just booted up the Sawtooth again and navigated to the forums and I don’t see Rabidbadger anymore. Should I still contact the mods?
Click to expand...
I would. Just let them know it's a concern.

I once had someone call me using a GV number. Since it's my policy to not answer calls that are not from people in my contacts list it went to voicemail. In the VM they left me they claimed to be a MacRumors forum moderator and were chastising me for a post I'd 'made' in a thread. They accused me of bringing up torrenting and that this was against the rules and I was in trouble.

The problem was I had never made a post like that and MR didn't have my phone number (at that time). Furthermore, as the mod who responded to my request noted, the mods do not have access to that sort of personal info. And even if they did, phone calls is not policy. That's what their forum moderation tools are for.

But they wouldn't have known anything about it if I had not contacted them. You have nothing to lose.

PS. I suspect it was someone from a different forum that was pissed off about my opinion of a certain user on their forum. This person would have had the means to find (or pay to find) my phone number as it's not listed. I was fairly opinionated about a certain cellular carrier at that time and had engaged in many threads expressing that opinion.
 
Raging Dufus said:
I saw that. Trying to be funny, failing as usual. One of these days I might stop... nah...
Click to expand...

I thought the succeeding feet, watermelon, and explosion post I made a couple of years ago for slapstick purposes was pretty funny.

Unfortunately, the sentiment was not returned... :(
 
  • Like
Reactions: Raging Dufus
Oh mah gosh, I would’ve been seriously tempted to educate everyone about how W10 is better than MacOS & how Steve Jobs OSX totally ripped off Windows Vista.

Oh boy. SO tempted if I Mysteriously logged in as a Rabidbadger.

:D
 
  • Like
  • Haha
Reactions: Raging Dufus and eyoungren
Amethyst1 said:
@eyoungren - Wow. That story is creepy. Some people just don't know where to draw the line.
Click to expand...
Yeah, I blocked the number at the time. For whatever good that did. They were smart enough to use a GV number and not their own number. Throwaway number essentially.

At the time though there was a lot of hate over that particular cell carrier and the rock throwing was back and forth between three individual forums.
 
eyoungren said:
I would. Just let them know it's a concern.

I once had someone call me using a GV number. Since it's my policy to not answer calls that are not from people in my contacts list it went to voicemail. In the VM they left me they claimed to be a MacRumors forum moderator and were chastising me for a post I'd 'made' in a thread. They accused me of bringing up torrenting and that this was against the rules and I was in trouble.

The problem was I had never made a post like that and MR didn't have my phone number (at that time). Furthermore, as the mod who responded to my request noted, the mods do not have access to that sort of personal info. And even if they did, phone calls is not policy. That's what their forum moderation tools are for.

But they wouldn't have known anything about it if I had not contacted them. You have nothing to lose.

PS. I suspect it was someone from a different forum that was pissed off about my opinion of a certain user on their forum. This person would have had the means to find (or pay to find) my phone number as it's not listed. I was fairly opinionated about a certain cellular carrier at that time and had engaged in many threads expressing that opinion.
Click to expand...

This is precisely why I hide behind an alias. Bent asshats with the skills and means to doxx you or worse, just because they didn't like what you said and because they can.

I totally get your approach, and it's laudable. There's integrity behind it, just as with people like Dronecatcher and others who put an actual photo of themselves here. But I worked for a long time in law enforcement and I know what people are capable of. Combine that with what they believe is anonymity and the ability to strike at a distance with what they think is no accountability, and you get stuff like this, which took place not far from me. They're not really anonymous or unaccountable, as that case proves, but by the time they're found out the harm to you has already been done.
 
  • Like
Reactions: z970
Raging Dufus said:
This is precisely why I hide behind an alias. Bent asshats with the skills and means to doxx you or worse, just because they didn't like what you said and because they can.
Click to expand...
Same, I have a few different aliases I use and will use one of a few artistic representations of how I look online. I don't like giving out more than enough information to get a point across on the public web if I don't have to.
 
z970mp said:
I thought the succeeding feet, watermelon, and explosion post I made a couple of years ago for slapstick purposes was pretty funny.

Unfortunately, the sentiment was not returned... :(
Click to expand...

Yeah, humor doesn't translate well in a format like this. Then again, not everyone has the same sense of humor. Oh well, we take what we can get. :)
[automerge]1589312526[/automerge]
RogerWilco6502 said:
I have a few different aliases I use and will use one of a few artistic representations of how I look online
Click to expand...

Oh, same. Frankly it's uncanny how much like I look like my avatar, forehead apple tattoo and all 😁
 
Raging Dufus said:
This is precisely why I hide behind an alias. Bent asshats with the skills and means to doxx you or worse, just because they didn't like what you said and because they can.

I totally get your approach, and it's laudable. There's integrity behind it, just as with people like Dronecatcher and others who put an actual photo of themselves here. But I worked for a long time in law enforcement and I know what people are capable of. Combine that with what they believe is anonymity and the ability to strike at a distance with what they think is no accountability, and you get stuff like this, which took place not far from me. They're not really anonymous or unaccountable, as that case proves, but by the time they're found out the harm to you has already been done.
Click to expand...
RogerWilco6502 said:
Same, I have a few different aliases I use and will use one of a few artistic representations of how I look online. I don't like giving out more than enough information to get a point across on the public web if I don't have to.
Click to expand...
If you were to search my username you'd find me originally on forums.quark.com. You'd then find me on reddit and of course, here. I use the same username precisely because I have nothing to hide from others across forums. That cuts back on accusations that I say one thing in one place and another in a different place. That, however, is not to say I am an open book and do not value my privacy.

I have a different alias on Twitter, but my Twitter account is solely to message support for my wireless carrier. I am not logged in there otherwise. I have and maintain several different passwords, the most important ones generated randomly. The others you would have to know me on a personal level to understand what they are. And that would limit who is the responsible party in revealing or accessing anything. My Facebook account was deleted entirely in early 2017. And I mean deleted, not archived. And before that I wiped everything I could off the account using an automated script in my browser.

I do everything I reasonably can to secure my accounts and I am also not in the habit of revealing personal identifying information on the web. That said, I have no illusions that anyone paying a basic public search company could find some info on me. Anyone with half a brain who is paying attention can find out my first and last name just by looking at the forums I am active on.

But therein is the rub. While, I, like anyone, have certain things I'd prefer not to be publicly known there is nothing in my history or background that is anything more than simply embarrassing. I am not in the financial spot where access to accounts would devastate me or my family as I don't have that kind of money. Which is not so say I do not lockdown as much as possible what little I do have.

None of that is a defense of course, but I don't hang my life out there for others to find it.

Now, if I was in an entirely different profession, say law enforcement - that would be another matter entirely. @Raging Dufus I therefore understand what you do in that context. I have a number of family members who have similar associations with various agencies or have had so this is not anything foreign to me.
 
  • Like
Reactions: Raging Dufus and RogerWilco6502
so, this is related to a caching issue. But I'm not entirely clear why this happened.

@MacFoxG4 obviously your computer pulled a cached page of a logged in user. Based on your cookies or lack-there-of, Xenforo knows it's not the right user and displays that error message "the active user may have changed". So you couldn't actually do anything as that user, as it's authenticated with each action.

As to how that could have happened. I'm not entirely sure.

We do cache guest pages. So if you aren't logged in, you may be pulling in a cached page.

However, we don't cache logged in users. We detect logged in users based on their cookies, and explicitly set a logged in cookie. If someone is logged in, the cache is supposed to be entirely bypassed, so you have to pull a new page from the server with each page load.

It's possible that someone could selectively erase cookies and somehow get their logged-in page to be cache-able. But that would require very specific cookies being deleted in a specific way.

There can be caches outside of our own. 3rd party proxies and servers can proxy sites... but logged in pages are set to NOT be cached by anyone (Cache-Control: private, no-cache, max-age=0). But proxies could ignore this if configured improperly.

We haven't changed our caching system in at least a month or so, so I don't think this is a widespread issue. If anyone else sees it, let me know.

arn
 
  • Like
Reactions: RogerWilco6502, iModFrenzy, MacFoxG4 and 2 others
arn said:
so, this is related to a caching issue. But I'm not entirely clear why this happened.

@MacFoxG4 obviously your computer pulled a cached page of a logged in user. Based on your cookies or lack-there-of, Xenforo knows it's not the right user and displays that error message "the active user may have changed". So you couldn't actually do anything as that user, as it's authenticated with each action.

As to how that could have happened. I'm not entirely sure.

We do cache guest pages. So if you aren't logged in, you may be pulling in a cached page.

However, we don't cache logged in users. We detect logged in users based on their cookies, and explicitly set a logged in cookie. If someone is logged in, the cache is supposed to be entirely bypassed, so you have to pull a new page from the server with each page load.

It's possible that someone could selectively erase cookies and somehow get their logged-in page to be cache-able. But that would require very specific cookies being deleted in a specific way.

There can be caches outside of our own. 3rd party proxies and servers can proxy sites... but logged in pages are set to NOT be cached by anyone (Cache-Control: private, no-cache, max-age=0). But proxies could ignore this if configured improperly.

We haven't changed our caching system in at least a month or so, so I don't think this is a widespread issue. If anyone else sees it, let me know.

arn
Click to expand...

Thanks for clearing things up.
 
  • Like
Reactions: eyoungren
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back