staying logged in to LiveJournal

Thursday, September 22nd, 2016 10:13 pm[personal profile] darkoshi
darkoshi: (Default)
I'm configuring my "new" laptop. 13 months after getting it, I've finally moved my files over to it, and started using it as my main computer. I realized I might never finish doing all those other things I wanted to do before moving the files, so finally just went ahead and did the move.

Now, I kept being logged out of LiveJournal, even though I was selecting the checkbox to stay logged in.

My Firefox configuration is set to delete cookies when I close the browser, but I had added an exception for http://livejournal.com. I added another exception for http://www.livejournal.com, but still kept being logged out. Looking at the cookies after logging in showed that they were still set to expire at the end of the session.

Finally, I tried adding an exception for https://livejournal.com. That did the trick. So even though the LiveJournal login page shows "http" in the URL bar, it must be using https behind the scenes.

I didn't have the same trouble with Dreamwidth, as I had added its exception using "https" to begin with, thinking that the Dreamwidth pages used https by default. But now I see that the Dreamwidth pages show "http" in the URL bar too. I must have configured my old laptop to redirect to https for Dreamwidth. Still need to do that here.

I don't see anything on Firefox's Cookies page to indicate whether a cookie was added via HTTP vs HTTPS. I wonder if there is any way to know which version of the URL you need to add as an exception, other than trial and error.
Tags:
Flat | Top-Level Comments Only

Date: 2016-09-23 07:49 am (UTC)From: [personal profile] marahmarie
marahmarie: (M In M Forever) (Default)
Dreamwidth still defaults to http:// but uses https://if you invoke it yourself. Ways to invoke it (mostly for anyone else reading): 1) manually add https:// in the address bar to any DW URL, and 2) code whatever pages you control to use https:// links (I did this in my HTML). So you might want to add exceptions for both, depending on how you browse/how people like me code our pages on DW/etc.

Date: 2016-09-24 06:11 am (UTC)From: [personal profile] darkoshi
darkoshi: (Default)
That's what I ended up having to do with the exceptions. But I spent some time on it, as I didn't only want to get it working, but to also understand why it works one way and not another.

Date: 2016-09-24 08:10 am (UTC)From: [personal profile] marahmarie
marahmarie: (M In M Forever) (Default)
Dreamwidth is rather weird. They brag about being HTTPS Everywhere complaint (which I guess they are, though I haven't used the add-on in years so can't say for sure) but then make you use exactly that add-on to get everything to default to https:// rather than just code the site to default to https:// from the get-go, without needing the add-on.

I found DW defaulting to http:// annoying and kind of scary enough, in this day and age, that a few years back I coded my own HTML to convert as many links that DW doesn't convert to https:// as possible (and I'd convert them all if I just had more knowledge of s2).

I'm just tired of seeing insecure anything on the web anymore, and find it especially hard to deal with on my own blog.
Edited (clarity) Date: 2016-09-24 08:12 am (UTC)
Flat | Top-Level Comments Only

Profile

darkoshi: (Default)
Darkoshi
Darkoshi's Enchantment

July 2025

S M T W T F S
  1234 5
6 789101112
13141516171819
20212223242526
2728293031  

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags

No cut tags
Page generated Friday, July 11th, 2025 09:34 am
Powered by Dreamwidth Studios