@
Mutron
It is almost always a sudden 400. If I am really on top of clearing cookies every other page load or so, it will log me out first.
@
Mutron
It is almost always a sudden 400. If I am really on top of clearing cookies every other page load or so, it will log me out first.
Okay, I don't know if this'll help anyone else, but I'm using Opera, I turned on it's built-in VPN (set to US) and I haven't had one 400 error. Before I couldn't log in and do 3 questions in Tomo before it kicked me out, I've been training fodder for like an hour now and nothing.
The cookie test page has been staying completely stable too with only 1 auxillary cookie, regardless of my refreshing and going to different pages to exalt and stuff.
Okay, I don't know if this'll help anyone else, but I'm using Opera, I turned on it's built-in VPN (set to US) and I haven't had one 400 error. Before I couldn't log in and do 3 questions in Tomo before it kicked me out, I've been training fodder for like an hour now and nothing.
The cookie test page has been staying completely stable too with only 1 auxillary cookie, regardless of my refreshing and going to different pages to exalt and stuff.
|
|
|
|
[/center]
|
Just in case it helps, here's my info. I've been leaving ghostery off and still haven't had any issues come up since I first mentioned turning it off. But that clearly doesn't seem to be the root cause as it doesn't work for everyone. Definitely curious what's going on and rooting for you guys to figure it out!
Here's from clicking the link:
Timestamp: 2020-03-27 15:14:15
Logged In: Yes
Overall Cookie Header Size: 2,047 bytes
Primary Login Cookie Size: 352 bytes
Auxiliary Login Cookie Count: 1
Here's from copy pasting url (did not clear or do anything else inbetween):
Timestamp: 2020-03-27 15:14:48
Logged In: Yes
Overall Cookie Header Size: 2,031 bytes
Primary Login Cookie Size: 348 bytes
Auxiliary Login Cookie Count: 1
Just in case it helps, here's my info. I've been leaving ghostery off and still haven't had any issues come up since I first mentioned turning it off. But that clearly doesn't seem to be the root cause as it doesn't work for everyone. Definitely curious what's going on and rooting for you guys to figure it out!
Here's from clicking the link:
Timestamp: 2020-03-27 15:14:15
Logged In: Yes
Overall Cookie Header Size: 2,047 bytes
Primary Login Cookie Size: 352 bytes
Auxiliary Login Cookie Count: 1
Here's from copy pasting url (did not clear or do anything else inbetween):
Timestamp: 2020-03-27 15:14:48
Logged In: Yes
Overall Cookie Header Size: 2,031 bytes
Primary Login Cookie Size: 348 bytes
Auxiliary Login Cookie Count: 1
Hello all, I have a quick update!
We were able to capture some instances of the unexpected logout issue which appears to be related to the 400 issue, and we are a little closer to understanding how these two events are interacting.
In the cases we have been able to inspect closely, it looks like the logouts occur because the browser literally stops sending cookies to our site. However, in these cases the browser appears to still be receiving and processing cookies we send back, which eventually pile up. When they are actually finally sent, an HTTP 400 because of too much cookie data in the request.
It is possible this is caused by antimalware or privacy programs/extensions, but at this point we are investigating whether the SameSite changes in Chrome 80 (and likely other browsers using the same base engine) are possibly causing these logouts. The timing and relation to cookies is suspicious. We will be posting some instructions soon to help determine if this is the case.
Hello all, I have a quick update!
We were able to capture some instances of the unexpected logout issue which appears to be related to the 400 issue, and we are a little closer to understanding how these two events are interacting.
In the cases we have been able to inspect closely, it looks like the logouts occur because the browser literally stops sending cookies to our site. However, in these cases the browser appears to still be receiving and processing cookies we send back, which eventually pile up. When they are actually finally sent, an HTTP 400 because of too much cookie data in the request.
It is possible this is caused by antimalware or privacy programs/extensions, but at this point we are investigating whether the SameSite changes in Chrome 80 (and likely other browsers using the same base engine) are possibly causing these logouts. The timing and relation to cookies is suspicious. We will be posting some instructions soon to help determine if this is the case.
We are investigating a possibility that this is related to Chrome's preloading feature, which could possibly be invoked in the URL bar or some other situations. We are adding additional logging to determine if this is the case.
Edit: Logging for this case has been added.
If you want to help, experiment with loading pages via the URL bar in Chrome (typing/autocomplete/history) rather than navigating the site by our sidebar links or bookmarks, to see if that triggers logouts or 400s more often -- this will help contribute to our logging picture.
We are investigating a possibility that this is related to Chrome's preloading feature, which could possibly be invoked in the URL bar or some other situations. We are adding additional logging to determine if this is the case.
Edit: Logging for this case has been added.
If you want to help, experiment with loading pages via the URL bar in Chrome (typing/autocomplete/history) rather than navigating the site by our sidebar links or bookmarks, to see if that triggers logouts or 400s more often -- this will help contribute to our logging picture.
Haven't noticed anything happening faster when I load via the URL bar. I have noticed that it happens when my
www1.flightrising.com cookies hit 14, though.
I was at 5 cookies within minutes of clearing cookies and reopening FR, before I started looking, but it hasn't budged since I started looking at it. I loaded at least 10 pages via the URL bar, and no movement there.
Edit; just cleared all cookies, and the only thing I did was login, and was already at 3 cookies. Not sure if that's a normal amount or not, but it was where I was.
Edit edit: this time I got logged out at 7 cookies, and a 400 error at 9. It seemed the nail in the coffin this time was clicking on my notifications bar. No idea if that's common.
Haven't noticed anything happening faster when I load via the URL bar. I have noticed that it happens when my
www1.flightrising.com cookies hit 14, though.
I was at 5 cookies within minutes of clearing cookies and reopening FR, before I started looking, but it hasn't budged since I started looking at it. I loaded at least 10 pages via the URL bar, and no movement there.
Edit; just cleared all cookies, and the only thing I did was login, and was already at 3 cookies. Not sure if that's a normal amount or not, but it was where I was.
Edit edit: this time I got logged out at 7 cookies, and a 400 error at 9. It seemed the nail in the coffin this time was clicking on my notifications bar. No idea if that's common.
Hello all! I have some (sort of) good news.
With all the additional logging we have added, we have been able to narrow down the majority of the problems we are seeing to requests originating from
Google Chrome (or Chromium) extensions.
While we can't tell what extension they are coming from from our server logs,
we were able to reproduce the random logouts and 400 issues with Ghostery. As far as we can tell, this is not a problem with Chrome as a whole, but actually specific extensions that:
- Make requests to Flight Rising from a background context, without sending cookies
- Then use the responses to modify the cookies transmitted to Flight Rising.
So while we know Ghostery will cause problems, it is possible that other extensions have similar issues.
The downside is that because this is a result of extensions behaving incorrectly,
this is not an easy thing to fix. It may be possible to reduce the 400 errors, but without major effort, it would still be possible for Ghostery to cause 400s if left to its own devices long enough. We may have to actually rely on Ghostery to fix their extension. We are looking at our options now.
Some notes about what we see Ghostery doing: it appears to be kicking off requests to other pages on
Flight Rising, not linked from or related to the current page, apparently while the browser is idle. I am not sure why it is doing this, or how it is choosing the pages to request.
Hello all! I have some (sort of) good news.
With all the additional logging we have added, we have been able to narrow down the majority of the problems we are seeing to requests originating from
Google Chrome (or Chromium) extensions.
While we can't tell what extension they are coming from from our server logs,
we were able to reproduce the random logouts and 400 issues with Ghostery. As far as we can tell, this is not a problem with Chrome as a whole, but actually specific extensions that:
- Make requests to Flight Rising from a background context, without sending cookies
- Then use the responses to modify the cookies transmitted to Flight Rising.
So while we know Ghostery will cause problems, it is possible that other extensions have similar issues.
The downside is that because this is a result of extensions behaving incorrectly,
this is not an easy thing to fix. It may be possible to reduce the 400 errors, but without major effort, it would still be possible for Ghostery to cause 400s if left to its own devices long enough. We may have to actually rely on Ghostery to fix their extension. We are looking at our options now.
Some notes about what we see Ghostery doing: it appears to be kicking off requests to other pages on
Flight Rising, not linked from or related to the current page, apparently while the browser is idle. I am not sure why it is doing this, or how it is choosing the pages to request.
@
Mutron
This explains a lot! I came back as I was just about to say that I noticed it took far longer for me to get logged out/400'ed out when I had Ghostery off, but leaving it off long-term is a bit of a struggle. I wonder if it would help if I submitted a bug report to them directly?
@
Mutron
This explains a lot! I came back as I was just about to say that I noticed it took far longer for me to get logged out/400'ed out when I had Ghostery off, but leaving it off long-term is a bit of a struggle. I wonder if it would help if I submitted a bug report to them directly?
[quote name="brevityis" date="2020-03-28 20:21:22" ]
@Mutron
This explains a lot! I came back as I was just about to say that I noticed it took far longer for me to get logged out/400'ed out when I had Ghostery off, but leaving it off long-term is a bit of a struggle. I wonder if it would help if I submitted a bug report to them directly?
[/quote]
@brevityis We are currently experimenting with some of the Ghostery settings -- it might be possible to avoid this problem by tweaking them. It will take a bit to test, we will let you know afterward.
brevityis wrote on 2020-03-28 20:21:22:
@
Mutron
This explains a lot! I came back as I was just about to say that I noticed it took far longer for me to get logged out/400'ed out when I had Ghostery off, but leaving it off long-term is a bit of a struggle. I wonder if it would help if I submitted a bug report to them directly?
@
brevityis We are currently experimenting with some of the Ghostery settings -- it might be possible to avoid this problem by tweaking them. It will take a bit to test, we will let you know afterward.
Hello all. We believe we have a workaround for those of you who are having logouts and/or 400 errors and have Ghostery installed in a Chromium based browser.
[LIST=1]
[*]Click the Ghostery icon in the top right area of your browser.
[*]Click the "..." button in the top right of the Ghostery popup window.
[*]Choose "Settings"
[*]Select "Opt In / Out" in the left hand menu
[*][b]Uncheck[/b] the box labeled "Sharing Human Web Data"
[*]Use the "Clear Excess Auxiliary Cookies" button at https://www1.flightrising.com/site/cookie-test to clear out any excess cookies that may have been left over.
[*]If you cannot visit the above page due to a 400 error, you will have to clear all cookies for www1.flightrising.com from Chrome's settings.
[/LIST]
[img]https://www1.flightrising.com/static/cms/media/ghostery_off.png[/img]
With these steps, I was able to leave Ghostery on overnight without getting a logout or a 400, whereas after checking that box, they started showing up in under an hour.
Please note that this may explain why "pausing" Ghostery or "trusting" [i]Flight Rising[/i] would still result in this issue -- it is very possible that the background activity Ghostery was doing would still run in those cases.
Thank you @Hawkfeather for bringing Ghostery to our attention as a likely cause, and of course thanks to all of you for your patience and helpful responses!
Hello all. We believe we have a workaround for those of you who are having logouts and/or 400 errors and have Ghostery installed in a Chromium based browser.
- Click the Ghostery icon in the top right area of your browser.
- Click the "..." button in the top right of the Ghostery popup window.
- Choose "Settings"
- Select "Opt In / Out" in the left hand menu
- Uncheck the box labeled "Sharing Human Web Data"
- Use the "Clear Excess Auxiliary Cookies" button at https://www1.flightrising.com/site/cookie-test to clear out any excess cookies that may have been left over.
- If you cannot visit the above page due to a 400 error, you will have to clear all cookies for www1.flightrising.com from Chrome's settings.
With these steps, I was able to leave Ghostery on overnight without getting a logout or a 400, whereas after checking that box, they started showing up in under an hour.
Please note that this may explain why "pausing" Ghostery or "trusting"
Flight Rising would still result in this issue -- it is very possible that the background activity Ghostery was doing would still run in those cases.
Thank you @
Hawkfeather for bringing Ghostery to our attention as a likely cause, and of course thanks to all of you for your patience and helpful responses!
