Seriously getting logged out of the forum is getting pretty annoying now...

Indeed, the Tech issues post is a complete waste of time. ONE FULL YEAR of posts on this very problem and it's no better... in fact it's gotten much WORSE than it was last year.

Actually, posting it EVERYWHERE would be violating Rule #5 of the currently posted Message Forum Rules and Guidelines.

Is it annoying? Of course it is.

Is it worth violating the forum rules and chancing having my forum privileges revoked? Not in the slightest.

Yeah you got me. I meant that literally. Yup. Sure.

I knew I shouldn't have mentioned that...

stupid log off bug.

Originally Posted by reiella Until I see something that states to the contrary, going to assume VK is right .

Originally Posted by reiella Until I see something that states to the contrary, going to assume VK is right .

Followed by some user session information. When I Googled that error, I found some advice on tracking down what caused the deadlock. I ran the SHOW ENGINE INNODB STATUS command and found that our database was trying to run two queries against the sessions table at the same time: an UPDATE command that updates the session id and a DELETE command that removes old sessions based on activity time. Exacerbating the situation is the fact that the last_activity column in the sessions table isn't indexed, so it was doing a full table scan.

So why am I posting this in this thread? Because in the InnoDB status report, this line caught my eye:

Transaction (1) is the one that updates the session_id information of some user. I got to thinking, of course, what problems could that cause? Well, the first thing that came to mind is that if the user's cookie has one session id stored and the database, which wasn't updated with the new session id because the transaction was rolled back, has a different one, the application will think that the session doesn't exist, effectively logging out the user.

Even further (and this is speculation because I don't have a copy of vBulletin to actually check this), it's possible that there's a security check built into the system to protect against hijacked sessions. If someone tries to access a site using an old session id, it's entirely possible that the software will wipe server-side session information, causing the user's settings (such as messages read, etc.) to be reset.

I'm going to PM Zwillinger and Avatea with a link to this post to pass onto the CoH site webmasters. Here's my suggestion: Digest this article thoroughly, especially on how to detect (SHOW ENGINE INNODB STATUS) and troubleshoot deadlocks. Check to see if you're encountering deadlocks especially against the sessions tables, causing session-related statements or transactions to be rolled back. If so, that will result in inconsistent session states between the server and the client. Given the sporadic nature of this issue, I'd bet dollars to doughnuts that's what is causing this bug. It's probably not even a bug within vBulletin itself, but I know that there are hooks into the database for managing things like the test server character transfer and validating accounts against the game subscriber database. Be especially aware of INSERTs, UPDATEs, and/or DELETEs that are occurring regularly against the sessions table, perhaps as part of a maintenance script.

I'll see if I can get a copy of vBulletin and troubleshoot it further, but since I'm working on Titan 2.0, they don't exactly give out free trial of the software, and I have no idea what all goes on with your back-end database, I can't make any promises. Still, hopefully it's a good start on finding the problem.

If you hear anything, or have heard nothing after a while, can you drop the information back DOWN the chain?

I'm sure it's all well and good for the bean-counters to know that people are ticked off at this situation. But it'd be nice if we were told either that it's being looked at/fixed or "tough noogies".

Well, the "tough noogies" answer would probably not qualify as "nice", but at least we'd know where we stand.

Clicking on the linked image above will take you off the City of Heroes site. However, the guides will be linked back here.

Why? Because that original thread was having so much effect? At least we've had SOME redname comment here even if it's simply a "passing the info along to the appropriate party" answer.

That original thread accomplished absolutely nothing in a YEAR; by that measure it was a pointless waste of time. It's still completely inexcusable for something this blatantly broken to be totally ignored for all this time. It never happened that I recall on the old forums and didn't happen on these until last year... obviously they broke something and can't be bothered to fix it.

Oh hey, your special thread over here fixed the forums? Awesome.

That's code for 'ranting', isn't it?

Anything is worth investigating at this point, however, this is unlikely to be the entire story. I've been doing some rather focused testing in the last week specifically, and tampering with the vbb session ids doesn't automatically log you out. It forces vbb to create a new session id with the original state data, and send you a new bbsessionid.

Somehow, the problem isn't just the session identifiers being lost, but *all* state information about the session being lost. What's more, as I mentioned in the other thread, if you save that information and reinject it into the browser, vbb is fully capable of accepting it and putting you back more or less where you were (with manual hacking, I can get everything back except for a lost post in mid-post).

I'm sort of half-seriously considering writing a special proxy server in python that I can use to add special response filters to the coh boards session. If I can eliminate all Set-Cookie: value=deleted headers on half the cookie values and leave everything else intact, that might actually fix the system. Although I'm using the word "fix" here in a highly non-standard way.

If ranting is the only way that one can register displeasure, then that shows a lack of self-restraint and composure. Maintaining a degree of calm when matters go awry is a pragmatic philosophical approach to life.

Unfortunately, for me it seems as if that particular point is exactly where the boards decide I'm not logged in, so I'm SoL for the post content.