August 6th, 2002

  • ljnp4u

Can't login using the new, session based login system (from my goathack)

Like I said earlier, at the moment I can't login using my goathack and the new login with IP binding.
I've just started looking into it, but if anyone might be further on than me, cookies are indeed getting set, so that's not the problem.
These are the contents after trying to log in as user test, I appear to be logged in but after the first move, I'm logged out again. The cookie is still there though, and these are the contents:
I'll be available for another 6 hours or so if someone wants me to test something on their goathack versions/servers...

Don't be surprised if I keep on updating this post so you can throw in any thoughts that you have while I try to fix this.
I see that next to the username there is a $sess->{'sessid'}:$sess->{'auth'} is being sent to the cookie, but both return empty, so the error has to be in whatever generates the $sess table, being LJ::generate_session($u, $sess_opts); in

forgot to do update-db ;-)
  • Current Music
    (Eminem) - The Real Slim Shady (WNRN)
  • ljnp4u

logout ?

Okay, so I can login now, just exactly how is one supposed to logout ?
Right now, logout.bml seems to be a hard coded redirect to login.bml.

So when I'm logged in with expiration set to never, going to logout.bml currently shows me my current login status, which would mean that if I were to want to log out, I'm supposed to click logout again there, that works.

that redirect to login is supposed to add action=logout somewhere to make it work like it's supposed to be. I'm just not sure if that redirect is capable of doing a post request, adding ?action%3Alogout=Logout didn't work for a start.
  • Current Music
    Madonna - American Pie (WNRN)
  • dottey

Mass modification of journal entry security settings - revisited

So this discussion may have gone on awhile ago, but I'll bring it back up for some new thoughts/ideas.

I know there would be a certain amount of database hit involved if we allowed users to mass modify their entire journal, say to private or friends only. There would be many entries getting modified at once, and that would be a large hit on the database. I assume this is correct, and that is the current reason why this feature hasn't been implemented and isn't allowed.

What sort of hit would be involved if we provided a page that listen 10/25/50/100 entries at a time and allowed the user to modify those XX number of journal entries security settings at once?

I picture a table/form listing each of the XX entries with its posted date/time, the subject or first 100 characters (however editjournal handles this), and a drop down list. The drop down list will be pre-selected as the entry's current security setting and will list all the available security settings (or maybe just current and public/private/friends).

The user can use the drop down lists on each entry to modify their security settings individually. Or, an option could be on the page to switch all XX entries to a specific security setting.

Once the form is posted, the processor will check each of the XX entries submitted. A check will be made on each entry to see if the old/current security setting is the same as the new setting. If they are the same, no action will be made to the database. If the settings are different, then the security setting will be modified.

The initial page will default to listing the last XX journal entries and will have skiplinks at the bottom and/or top of the page to go back in the journal's history.

I see this as a sorta compromise between not allowing mass changes at all and allowing the entire journal to be changed in one swoop. The limiting of the entries to 100 or less would decrease the load on the database.

I guess the disadvantage of even limiting to 100 is that's still 100 hits to the master database (I think I'm correct in saying that all updates/writes/modifications have to go to the master and not the slaves). Even 100 such modifications could be too big of a hit on the database. I'm not sure though.

So, any useful thoughts out there? I'd be interested in writing this BML page myself. It'll take me awhile, but would be a nice project to work on. Anyone got a name for it? editsecurity.bml does not seem the best name to me. I'd expect something different from a page with that name. And both editjournalsec.bml and editjournalsecurity.bml seem too long.

OK. Let the discussion begin!
  • Current Mood
    curious curious
  • ljnp4u

Partial solution.

You can test this on my goathack at
You can login as user test, password pass
Set or do not set the login to be permanent.
Then click the logout button in the upper right corner, e.g. Home | News | Help | Logout
It's a lame javascript trick so it will only work for people that have javascript. Those that don't have javascript will still go to the normal login page and can logout from there as it is now.
I've only done it for dystopia for now, it will have to be done for all styles, let me know if you like it and if it's acceptable to do this for now, then I'll make diffs for the other styles as well.
The diff can be found here:
  • Current Music
    All Saints - Bootie Call (WNRN)