Date   

moderated Re: Update login expiration on site visit #suggestion

Jim Higgins
 

Received from Bruce Bowman at 11/22/2018 01:21 PM UTC:

On Wed, Nov 21, 2018 at 09:21 PM, Jim Higgins wrote:
Received from Bruce Bowman at 11/21/2018 11:35 PM UTC:
On Fri, Nov 16, 2018 at 01:12 PM, Mark Fletcher wrote:
The login cookie is refreshed with every request...
I remain a little unclear as to what constitutes a "request" in this context.
It might be better explained as "refreshed with every VISIT to Groups.io" (Understanding that "refreshed" requires the cookie to exist and not be expired in order for it to be "refreshed"... otherwise you need to log in to recreate (not refresh) the log-in cookie.)
Seems that all we've done here is replace "request" with "visit."
Well.. yes... but you said you didn't understand what "request" meant... while I bet you DO understand what "visit" means. Right?

By way of some detail... browsers don't "request" cookies from websites... websites offer cookies to browsers and attempt to read cookies from browsers... and the browsers only allow cookies to be read by the same entity that created the cookie.

The question remains: what exactly causes the 30-day cookie clock to be restarted?
If the 30-day cookie exists, it's restarted by any visit to Groups.io. If the 30-day cookie has expired, then it's restarted (actually recreated) by logging in.

And I assume that if the subscriber *does* log in at that point (or any subsequent point in time), a new non-expiring cookie is created. Am I right?
That's the intent.
But is it what actually happens?
Yes.

Jim H


moderated Re: Thank you Mark, for your hard work and support of groups.io

Ellen Moody
 

I hope I am sending this thank you to the right group. I want to thank Mark too -- my three groups are very important to me and make my life much better more cheerful.  Sincerely, Ellen Moody


On Thu, Nov 22, 2018 at 1:38 PM Bob Bellizzi <cdfexec@...> wrote:
Mark, 
I want to take advantage of this Day of Thanksgiving to thank you on behalf of my online support group, myself and the many owners  moderators of groups here.  You have invested tremendous effort into making groups.io the best domain available for almost 10,000 groups and probably a half million subscribers.
Happy Thanksgiving
--

Bob Bellizzi

Founder, Fuchs Friends ®
Founder & Executive Director, The Corneal Dystrophy Foundation


moderated Thank you Mark, for your hard work and support of groups.io

Bob Bellizzi
 

Mark, 
I want to take advantage of this Day of Thanksgiving to thank you on behalf of my online support group, myself and the many owners  moderators of groups here.  You have invested tremendous effort into making groups.io the best domain available for almost 10,000 groups and probably a half million subscribers.
Happy Thanksgiving
--

Bob Bellizzi

Founder, Fuchs Friends ®
Founder & Executive Director, The Corneal Dystrophy Foundation


moderated Re: Update login expiration on site visit #suggestion

Bruce Bowman
 

On Wed, Nov 21, 2018 at 09:21 PM, Jim Higgins wrote:
Received from Bruce Bowman at 11/21/2018 11:35 PM UTC:
 
On Fri, Nov 16, 2018 at 01:12 PM, Mark Fletcher wrote:
The login cookie is refreshed with every request...
I remain a little unclear as to what constitutes a "request" in this context.
It might be better explained as "refreshed with every VISIT to Groups.io" (Understanding that "refreshed" requires the cookie to exist and not be expired in order for it to be "refreshed"... otherwise you need to log in to recreate (not refresh) the log-in cookie.)
Seems that all we've done here is replace "request" with "visit."

The question remains:  what exactly causes the 30-day cookie clock to be restarted?

And I assume that if the subscriber *does* log in at that point (or any subsequent point in time), a new non-expiring cookie is created. Am I right?
That's the intent.
But is it what actually happens?

This doesn't address the situation where someone purposely deletes all their cookies, or uses a different device/browser combo to access the site. In such a case they will still "mysteriously" find themselves logged out.
There are some things that can't be fully fixed.
Agreed. Thanks for your attempt at explanation.

I would still like to hear from Mark on this. There are GMF wiki entries to be updated, and I want to make sure we get them right.

Regards,
Bruce


moderated Re: Update login expiration on site visit #suggestion

Jim Higgins
 

Received from Bruce Bowman at 11/21/2018 11:35 PM UTC:
 
On Fri, Nov 16, 2018 at 01:12 PM, Mark Fletcher wrote:
The login cookie is refreshed with every request...

I remain a little unclear as to what constitutes a "request" in this context.


It might be better explained as "refreshed with every VISIT to Groups.io" (Understanding that "refreshed" requires the cookie to exist and not be expired in order for it to be "refreshed"... otherwise you need to log in to recreate (not refresh) the log-in cookie.)


- We now have a separate, non-expiring cookie that we use to determine if someone has a log in.
- If someone accesses the site without a login cookie but with the new non-expiring cookie, we redirect them to the login page and display the following alert: 'Your login has expired. Please login again.'. We also delete that non-expiring cookie at that point, so that they can move about the site without logging in if they wish.

I am not familiar with the behavior of expiring cookies. Do browsers automatically delete expired cookies? If not, we need to consider the case where the user has a login cookie, but it has expired.


All browsers "expire" cookies when the expiration date/time passes. At that point the user doesn't have a log-in cookie. That said some browsers don't physically delete expired cookies, but they do stop responding to queries from websites asking if the cookie exists... which is the same response that would be given if the cookie were fully deleted.


And I assume that if the subscriber *does* log in at that point (or any subsequent point in time), a new non-expiring cookie is created. Am I right?


That's the intent.


This doesn't address the situation where someone purposely deletes all their cookies, or uses a different device/browser combo to access the site. In such a case they will still "mysteriously" find themselves logged out.



There are some things that can't be fully fixed.

If someone deletes all their cookies the behavior they'll see when visitng Groups.io depends on where they land within Groups.io. I think there are three possible cases...

1) If they land directly in a group that's readable by non-subscribers, instead of being redirected to a log-in screen they'll find themselves in that group, and in the blue bar in the upper right they'll see three things... "Help," "Log In" and "Sign Up." As best I can recall, not having paid much attention to it, that's what they saw before the cookie change. (Of course remembering that too many not noticing that and realizing what it meant is why the cookie change was made in the first place.)

2) If they land in a group that's NOT readable by non-subscribers, they'll see a log-in screen.

3) In all cases, if a visitor arrives with no groups.io cookies at all, they should see a banner across the bottom of their screen saying Gio uses cookies and telling the visitor that they agree to this by continuing to use the website. Until the user clicks the "I Agree" button on that banner the banner continues to be displayed as the user moves from page to page. Once "I Agree" is clicked that agreement is remembered for a year... by means of a cookie with a 1-year expiration.

Corrections welcome, but I really do think that covers it.

Jim H


moderated in RSVP, "Additional information requested from attendees" truncated #bug #cal-invite

Amy
 

When a subscriber RSVP’s to an event and types a message into the field "Additional information requested from attendees,”  their answer is truncated.  The only way to see the full response is to export the page as HTML. Even exporting the responses doesn’t include the messages.  
 
Screen shot below. Thanks!
Amy


moderated Re: Update login expiration on site visit #suggestion

Bruce Bowman
 

On Fri, Nov 16, 2018 at 01:12 PM, Mark Fletcher wrote:
- The login cookie is refreshed with every request, which means the 30 day expiration is continually extended as long as you use the site.
I remain a little unclear as to what constitutes a "request" in this context. Do you mean we're updating the cookie date/timestamp (or creating a new one) every time user action queries a GIO database? Please clarify.

- We now have a separate, non-expiring cookie that we use to determine if someone has a log in. 
- If someone accesses the site without a login cookie but with the new non-expiring cookie, we redirect them to the login page and display the following alert: 'Your login has expired. Please login again.'. We also delete that non-expiring cookie at that point, so that they can move about the site without logging in if they wish.
I am not familiar with the behavior of expiring cookies. Do browsers automatically delete expired cookies? If not, we need to consider the case where the user has a login cookie, but it has expired. 

And I assume that if the subscriber *does* log in at that point (or any subsequent point in time), a new non-expiring cookie is created. Am I right?

This doesn't address the situation where someone purposely deletes all their cookies, or uses a different device/browser combo to access the site. In such a case they will still "mysteriously" find themselves logged out.

Just trying to think this through...it's not as simple as it sounds. What you've done strikes me as an improvement, but we're still going to be fielding some questions along these lines in GMF. I also suspect there is nothing you could do to eliminate that. Thanks for taking a stab at it!

Regards,
Bruce


moderated Re: Calendar - Date Format on Reminder Notices

Michael Morris
 

Our members are finding the use of US date format in the reminders confusing.  Please can we have option to have the reminders in the groups default date format?


moderated Re: Reason field for message deletion #suggestion

Leeni
 

Because I didn't know there was a note feature. That was why I requested it.
 
It wasn't until Bruce answered my question and told me that I found the information out.
 
 
 
 
 
 

-------Original Message-------
 
From: J_Catlady
Date: 11/17/2018 9:44:44 PM
Subject: Re: [beta] Reason field for message deletion #suggestion
 
On Sat, Nov 17, 2018 at 07:33 PM, magicalkingdomgroups@... wrote:
There is a place for notes when a member is banned...I was able to write in why this member was banned
 In that case, why did your request it ("it would be helpful if the "reason" for banning someone could be stated"), if you already have it? I think I am confused.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

 


moderated Re: Reason field for message deletion #suggestion

 

On Sat, Nov 17, 2018 at 07:33 PM, magicalkingdomgroups@... wrote:
There is a place for notes when a member is banned...I was able to write in why this member was banned
 In that case, why did your request it ("it would be helpful if the "reason" for banning someone could be stated"), if you already have it? I think I am confused.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Reason field for message deletion #suggestion

Leeni
 

There is a place for notes when a member is banned.
I followed the directions Bruce had given me and I was able to write in why this member was banned. I have a FREE group.
Ilene 
 
 
 
 

-------Original Message-------
 
From: J_Catlady
Date: 11/17/2018 9:13:22 PM
Subject: Re: [beta] Reason field for message deletion #suggestion
 
On Sat, Nov 17, 2018 at 06:49 PM, Duane wrote:
On a free group, there are no notes or history once a person is removed
Good point.
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

 


moderated Re: Reason field for message deletion #suggestion

Bruce Bowman
 

On Sat, Nov 17, 2018 at 09:49 PM, Duane wrote:
On a free group, there are no notes or history once a person is removed like there are on Premium groups.
Banned members are still available via the members list...only "past" members are not. Somewhat ironically, if you subsequently unban them, they mysteriously disappear, and have to be reinvited.

Bruce


moderated Re: Reason field for message deletion #suggestion

Leeni
 

Where can you store notes on a member?
 
 
 
 
 

-------Original Message-------
 
From: J_Catlady
Date: 11/17/2018 8:30:15 PM
Subject: Re: [beta] Reason field for message deletion #suggestion
 
I think giving a reason for banning (or removing, or changing the posting status of) a member could be more complicated, and there are notes and the member's history to refer to in any case. With removing a message, there's currently nothing to refer to. For example, I just removed a message not because there was anything wrong with the message, but because the person requested it, having accidentally sent it to the group instead of an individual. Having a place for a reason would be similar to a reason for rejecting a pending message.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

 


moderated Re: Reason field for message deletion #suggestion

 

On Sat, Nov 17, 2018 at 06:49 PM, Duane wrote:
On a free group, there are no notes or history once a person is removed
Good point.
 
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Reason field for message deletion #suggestion

Duane
 

On Sat, Nov 17, 2018 at 08:30 PM, J_Catlady wrote:
I think giving a reason for banning (or removing, or changing the posting status of) a member could be more complicated, and there are notes and the member's history to refer to in any case.
On a free group, there are no notes or history once a person is removed like there are on Premium groups.

Duane


moderated Re: Reason field for message deletion #suggestion

 

I think giving a reason for banning (or removing, or changing the posting status of) a member could be more complicated, and there are notes and the member's history to refer to in any case. With removing a message, there's currently nothing to refer to. For example, I just removed a message not because there was anything wrong with the message, but because the person requested it, having accidentally sent it to the group instead of an individual. Having a place for a reason would be similar to a reason for rejecting a pending message.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Re: Reason field for message deletion #suggestion

Leeni
 

On the same idea it would be helpful if the "reason" for banning someone could be stated too......... Ilene 
 
 
 
 

-------Original Message-------
 
From: J_Catlady
Date: 11/17/2018 7:56:34 PM
Subject: [beta] Reason field for message deletion #suggestion
 
It could be helpful in some cases to allow an optional "reason" to be entered into the log for when someone (moderator or other) deletes a message.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu

 


moderated Reason field for message deletion #suggestion

 

It could be helpful in some cases to allow an optional "reason" to be entered into the log for when someone (moderator or other) deletes a message.
--
J

Messages are the sole opinion of the author, especially the fishy ones.
My humanity is bound up in yours, for we can only be human together. - Desmond Tutu


moderated Site updates #changelog

 

Changes to the site this week:

Web:

  • NEW: We extend expiration of the login cookie each time a person accesses the site.
  • NEW: We have a new, non-expiring cookie that we use to determine when someone has previously been logged in, but whose cookie is now expired. In that case, we redirect the user to the login page, with a banner explaining that their login has expired.
  • INTERNAL: In some situations we were not deleting all S3 data associated with a group when the group was deleted.
  • BUGFIX: Topic/Message filter by custom date range didn't work if your date format preference was other than MM/DD/YYYY. Fixing this introduced another bug which caused dates to not be shown in the Topics screen.
  • CHANGE: Text changes to the Yahoo Transfer screens to make things more clear - thanks Shal.

Have a good weekend everyone.

Mark


moderated Re: BBCODE support #suggestion

Brian Vogel <britechguy@...>
 

On Fri, Nov 16, 2018 at 03:42 PM, Duane wrote:
Can you integrate BBCODE into a non-forum site?
I have no idea of the "under the hood" ramifications.   Just thought I'd ask to see if it were possible.

There's a reason I left software development 20 years ago! ;-)
 
--

Brian - Windows 10 Home, 64-Bit, Version 1809, Build 17763 
The terrible state of public education has paid huge dividends in ignorance.  Huge.  We now have a country that can be told blatant lies — easily checkable, blatant lies — and I’m not talking about the covert workings of the CIA. When we have a terrorist attack, on September 11, 2001 with 19 men — 15 of them are Saudis — and five minutes later the whole country thinks they’re from Iraq — how can you have faith in the public? This is an easily checkable fact. The whole country is like the O.J. Simpson jurors.

      ~ Fran Lebowitz in Ruminator Magazine interview with Susannah McNeely (Aug/Sept 2005)

12141 - 12160 of 30989