Trauma Center: IANAD May 14, 2010 2:11 PM Subscribe
Pony: Log other computers off that are using your account?
A week or two ago, I was at a friend's place and decided to browse MetaFilter while he and another friend were playing Brawl, at a skill level I was hopeless to participate in. I logged in to post a few comments, and forgot to log out when I left.
Luckily, he's not the type to take advantage of this for evil, but he did brag about beating Trauma Center in my name accidentally. I am in no way skilled at that game, and I'm trying to protect my reputation as a noob.
Would it be at all possible to log other computers out of your account? Or does this site already have that feature?
BTW, this isn't a callout. I'm just a bit surprised that I could stay logged on for over a week on another machine without being prompted for my password.
A week or two ago, I was at a friend's place and decided to browse MetaFilter while he and another friend were playing Brawl, at a skill level I was hopeless to participate in. I logged in to post a few comments, and forgot to log out when I left.
Luckily, he's not the type to take advantage of this for evil, but he did brag about beating Trauma Center in my name accidentally. I am in no way skilled at that game, and I'm trying to protect my reputation as a noob.
Would it be at all possible to log other computers out of your account? Or does this site already have that feature?
BTW, this isn't a callout. I'm just a bit surprised that I could stay logged on for over a week on another machine without being prompted for my password.
As an option, maybe, but I like being able to stay signed in at work and at home.
posted by yeti at 2:14 PM on May 14, 2010 [4 favorites]
posted by yeti at 2:14 PM on May 14, 2010 [4 favorites]
Facebook and Twitter do this and it drives me crazy.
posted by Space Coyote at 2:16 PM on May 14, 2010 [4 favorites]
posted by Space Coyote at 2:16 PM on May 14, 2010 [4 favorites]
Thanks, gman. Feel free to lock this up, mods.
posted by mccarty.tim at 2:26 PM on May 14, 2010
posted by mccarty.tim at 2:26 PM on May 14, 2010
If I change my password and then change it back will it log me off in other places but allow me to keep using the same password?
posted by grouse at 2:36 PM on May 14, 2010
posted by grouse at 2:36 PM on May 14, 2010
grouse - I imagine only if someone tried to access Metafilter on those other computers.
posted by filthy light thief at 2:58 PM on May 14, 2010
posted by filthy light thief at 2:58 PM on May 14, 2010
Facebook and Twitter do this and it drives me crazy.
I leave myself logged in on multiple computers on Facebook and have not observed this behavior.
posted by DevilsAdvocate at 2:59 PM on May 14, 2010
I leave myself logged in on multiple computers on Facebook and have not observed this behavior.
posted by DevilsAdvocate at 2:59 PM on May 14, 2010
If I change my password and then change it back will it log me off in other places but allow me to keep using the same password?
I just tested this using two browsers and it seems to work. Logging your remote instance out in this way gets some weird behavior though. The front page looks as if you are logged in, but clicking on pretty much anything asks for a login/pass.
posted by cj_ at 3:05 PM on May 14, 2010
I just tested this using two browsers and it seems to work. Logging your remote instance out in this way gets some weird behavior though. The front page looks as if you are logged in, but clicking on pretty much anything asks for a login/pass.
posted by cj_ at 3:05 PM on May 14, 2010
Yeah, please no. It's would be a pain logging in from my Android phone.
posted by Skygazer at 3:58 PM on May 14, 2010
posted by Skygazer at 3:58 PM on May 14, 2010
I was thinking just like a button for when I do it accidentally, not an automatic behavior.
Or maybe I could just get an iPhone and use my own damn device to log on.
posted by mccarty.tim at 4:00 PM on May 14, 2010
Or maybe I could just get an iPhone and use my own damn device to log on.
posted by mccarty.tim at 4:00 PM on May 14, 2010
Funny you should bring this up. I'm not a single user. I just leave myself logged in at public libraries and internet cafes and people comment in my name.
posted by eyeballkid at 4:23 PM on May 14, 2010
posted by eyeballkid at 4:23 PM on May 14, 2010
you can log out?
posted by The Whelk at 4:25 PM on May 14, 2010 [2 favorites]
posted by The Whelk at 4:25 PM on May 14, 2010 [2 favorites]
I'm not a single user. I just leave myself logged in at public libraries and internet cafes and people comment in my name.
posted by eyeballkid
So the world in general hates us all, not just one guy? :(
posted by maqsarian at 4:37 PM on May 14, 2010 [1 favorite]
posted by eyeballkid
So the world in general hates us all, not just one guy? :(
posted by maqsarian at 4:37 PM on May 14, 2010 [1 favorite]
I'm not a single user. I just leave myself logged in at public libraries and internet cafes and people comment in my name.
posted by eyeballkid
I actually think that would be kind of a neat social experiment. Until there were a bunch of posts about goatse.cx on the main page. Then not so much.
posted by kbanas at 6:20 PM on May 14, 2010
posted by eyeballkid
I actually think that would be kind of a neat social experiment. Until there were a bunch of posts about goatse.cx on the main page. Then not so much.
posted by kbanas at 6:20 PM on May 14, 2010
DevilsAdvocate: "Facebook and Twitter do this and it drives me crazy.
I leave myself logged in on multiple computers on Facebook and have not observed this behavior."
I had some goofball post some status updates when I forgot to log out of Facebook on a public computer (stupid of me, yes), so I'm pretty sure Facebook does not do this. Twitter does, though, and it indeed drives me crazy.
posted by Gordafarin at 6:48 PM on May 14, 2010
I leave myself logged in on multiple computers on Facebook and have not observed this behavior."
I had some goofball post some status updates when I forgot to log out of Facebook on a public computer (stupid of me, yes), so I'm pretty sure Facebook does not do this. Twitter does, though, and it indeed drives me crazy.
posted by Gordafarin at 6:48 PM on May 14, 2010
This is a good feature request. Any modern app like facebook, gmail, blogs etc. with password access that can be left on after closing the browser needs this feature.
posted by caddis at 6:54 PM on May 14, 2010
posted by caddis at 6:54 PM on May 14, 2010
this is a useless feature request. the issue is solved by changing your password. the other thread explains that the way logins are handled makes this specific feature a no go.
posted by nadawi at 6:59 PM on May 14, 2010
posted by nadawi at 6:59 PM on May 14, 2010
This is a so so feature request. It's better than asking for sigs, but not as good as asking for teleporting powers.
posted by Brandon Blatcher at 7:17 PM on May 14, 2010
posted by Brandon Blatcher at 7:17 PM on May 14, 2010
There is no pony.
posted by Hardcore Poser at 7:52 PM on May 14, 2010
posted by Hardcore Poser at 7:52 PM on May 14, 2010
Ceci nest pas une feature request.
posted by DevilsAdvocate at 8:16 PM on May 14, 2010 [1 favorite]
posted by DevilsAdvocate at 8:16 PM on May 14, 2010 [1 favorite]
I'm gonna write you a letter. I'm gonna write you a book.
posted by Gordafarin at 10:09 PM on May 14, 2010
posted by Gordafarin at 10:09 PM on May 14, 2010
Am I thinking of another website or was there a time when we couldn't change our passwords?
posted by IndigoRain at 1:28 AM on May 15, 2010 [1 favorite]
posted by IndigoRain at 1:28 AM on May 15, 2010 [1 favorite]
Well, it's not as if it's an unprecedented concept. Most websites work like this: Authentication between requests is tracked by cookie, which is usually a non-reverseable hash of your password (salted by some secret key only known to the server). I assume this is how MeFi does it, since changing your password invalidates your remote sessions.
On top of that, many have a "session id" which is something stored in the DB when you log in and must be present in your cookie store as well. It is generally tied to IP address, and if one or the other is either not present or doesn't match, the server refuses to continue. This protects against "session stealing" (a huge hole to exploit if any XSS vulnerability is discovered where someone might entice you to share your cookies via malicious javascript). This kind of precaution is crucial to sites where security is important (business/finance related).
MeFi users would rather have the convenience of multiple shared logins than the inconvenience of prophylactic security, and so far has a good track record of not having this fail (i.e. no one has discovered any XSS vulnerabilities or hasn't tried very hard). Being unable to logout remotely is a consequence of this design decision, but by no means the only potential problem.
posted by cj_ at 1:31 AM on May 15, 2010
On top of that, many have a "session id" which is something stored in the DB when you log in and must be present in your cookie store as well. It is generally tied to IP address, and if one or the other is either not present or doesn't match, the server refuses to continue. This protects against "session stealing" (a huge hole to exploit if any XSS vulnerability is discovered where someone might entice you to share your cookies via malicious javascript). This kind of precaution is crucial to sites where security is important (business/finance related).
MeFi users would rather have the convenience of multiple shared logins than the inconvenience of prophylactic security, and so far has a good track record of not having this fail (i.e. no one has discovered any XSS vulnerabilities or hasn't tried very hard). Being unable to logout remotely is a consequence of this design decision, but by no means the only potential problem.
posted by cj_ at 1:31 AM on May 15, 2010
There is no pony.
I happen to have evidence that there must be one in here somewhere.
*continues shoveling*
posted by louche mustachio at 2:14 AM on May 15, 2010
I happen to have evidence that there must be one in here somewhere.
*continues shoveling*
posted by louche mustachio at 2:14 AM on May 15, 2010
I happen to have evidence that there must be one in here somewhere.
I'm on a high-fiber diet. Apologies.
posted by maxwelton at 3:31 AM on May 15, 2010
I'm on a high-fiber diet. Apologies.
posted by maxwelton at 3:31 AM on May 15, 2010
Pony: pony
posted by Brandon Blatcher at 4:38 AM on May 15, 2010
posted by Brandon Blatcher at 4:38 AM on May 15, 2010
Can we have a pony that logs off other users, especially when they're being prats?
posted by Eideteker at 6:08 AM on May 15, 2010 [1 favorite]
posted by Eideteker at 6:08 AM on May 15, 2010 [1 favorite]
I know you guys are hiding one of those money-crapping unicorns in here.
GIVE ME IT
posted by flabdablet at 8:35 AM on May 15, 2010
GIVE ME IT
posted by flabdablet at 8:35 AM on May 15, 2010
IT ONLY SHITS LIKE KHAZAKI LIRA OR SOME SHIT
TAKES DAYS TO MAKE A FRIKKEN FIVER. WORSE MONEY UNICORN EVER!
posted by The Whelk at 8:44 AM on May 15, 2010
TAKES DAYS TO MAKE A FRIKKEN FIVER. WORSE MONEY UNICORN EVER!
posted by The Whelk at 8:44 AM on May 15, 2010
Eideteker: "Can we have a pony that logs off other users, especially when they're being prats"
And a silence descended on the MetaFilter LLC server room as the last cooling fan spun down...
posted by Hardcore Poser at 9:25 AM on May 15, 2010 [5 favorites]
And a silence descended on the MetaFilter LLC server room as the last cooling fan spun down...
posted by Hardcore Poser at 9:25 AM on May 15, 2010 [5 favorites]
I'm gonna write you a letter. I'm gonna write you a book.
The Letter
posted by desuetude at 12:06 PM on May 16, 2010 [1 favorite]
The Letter
posted by desuetude at 12:06 PM on May 16, 2010 [1 favorite]
you can log out?
Yes and when you do, you're transported to site design circa 1999 ... blue, gold!
posted by geoff. at 2:04 PM on May 16, 2010
Yes and when you do, you're transported to site design circa 1999 ... blue, gold!
posted by geoff. at 2:04 PM on May 16, 2010
You are not logged in, either login or create an account to post comments
posted by mccarty.tim at 2:11 PM on May 14, 2010