Loading Profile...
Twitter,
Facebook, or email.
I’m
sad
Aggressive session timeouts cause loss of data.
Recently you implemented some increased security measures to avoid session hijacking. One of these measures appears to be agressively timing out sessions without warning. This does not work well with applications which make heavy use of Ajax, such as Tracker.
Official
Responses
-
We have switched to all HTTPS/SSL as of the June 3 release, and simplified our cookie handling as part of this change. We believe this will help address many of the issues described in this thread. See more details in our blog post: http://pivotallabs.com/users/dan/blog...
-
EMPLOYEE
1If you have this problem, please ensure your system clock and timezone are set correctly, and that your Time Zone is set correctly in your Pivotal Tracker profile.
-
The behavior you are seeing is not one of the intended effects of the security improvements. However, it is possible that there is something on the network between you and Pivotal Tracker that is disrupting the secure session between your browser and our server. Before the security fix, the disruption would have been handled seamlessly, but now loosing your session will cause you to have to log in again.
Would you be willing to perform a couple of experiments? First, when you first log in to Tracker, could you check and note your computer's IP Address? (If you'll tell me what operating system you're using, I can give you hints about how to find this.) Then check again after you've been forced to log in again and let us know if the number has changed at all.
Second, if you are working on a secure network and don't have to be concerned about third-parties trying to hijack your session, you can disable the portion of the security fixes that force your browser to connect to Pivotal Tracker securely. This is handled by the "Always Use HTTPS" check-box in your "My Profile" page. When you're in a secure environment, turn this off, and see if it helps your problem. Also, the *project* that you're working on might be configured to force secure (HTTPS) access. You can determine/control this by clicking on the "View" button in the main page and then selecting "Settings" under "Project". On the next page, look for the "Use HTTPS" check box under "Access" and consider turning this setting off if it is on.
Please report back if you find that your computer's IP address is changing while you use tracker or if turning off "Always Use HTTPS" helps your problem.
Thanks in advance,
-- The Tracker TeamComment -
-
my session keeps timing out
This reply was created from a merged topic originally titled
keep getting logged out. -
-
I'm having this problem. http://www.whatsmyip.org/ reports I have the same IP. I've unchecked the https box now, so I'm hoping that will help. Let me know if I can provide any more info.
-
-
I’m
confused
Am also seeing this. Seem to be getting timed out in less than an hour.
-
-
I get invalid certificate warnings, which may be related.
-
-
I’m
very slightly annoyed
Turning off the Always Use SSL feature, will report back if it changes, but I do in fact get booted out, definitely around an hour of time logged in.
It may be useful to improve the behavior of the session expiration since I have lost data due to this as well. -
-
I’m
sad
Still happening with Always Use HTTPS turned off.
-
-
EMPLOYEE
I’m
cautiously optimistic
We released improvements to the new security mechanisms over the weekend with the hosting move. While these were not specifically targeted at this problem, we are hopeful. If you continue to have this problem this week, please post back here so we know we need to continue to investigate. Thanks.-
Nope, I got rudely booted out of my session again today without warning after attempting to create a story. There was a yellow "An [sic] server error has occurred. Some of your changes have been rolled back." message in the page header, I got a browser popup saying "Your session has expired and you are being signed out", and my story was gone after I clicked the sole "OK" button. Data lost. User very unhappy.
-
-
-
-
-
I’m
sad
PT logs me off after 20 minutes. This is very frustrating when I have just checked some story, done some coding and want to update that story, but then have to re-login, which is slow, because it redirects to sing-in page, and then needs to reload the project again.
1) Could there be some configuration parameter for this timeout?
2) Could such a re-login occur via AJAX w/o need to reload the project? This won't introduce any security issues, because the stories are visible on screen all the time the "offline" sign is showed. PT should implement one-click to get online again.
PS. I am using Safari 5.0.3 on Mac OS X 10.6.6
This reply was created from a merged topic originally titled
Logout timeout too short. -
-
I’m
happy
Hi all,
In my pivotal tracker account when i am trying to open any stories it displaying the following error message.
www.pivotaltracker.com session timeout Please click 'OK' to reload Tracker.
This reply was created from a merged topic originally titled
Session timeout Please click 'OK' to reload Tracker.. -
-
EMPLOYEE
1If you have this problem, please ensure your system clock and timezone are set correctly, and that your Time Zone is set correctly in your Pivotal Tracker profile.
-
-
I’m
somewhat OK
Hi Chad,
I just verified that timezones are correct and my computer clock is synchronized with NTP.
Checking off the "always use HTTPS" box did fix the problem for me, but this should not be regarded as a solution, rather a workaround, because security should not be traded for usability. -
-
I get logged out of Pivotal *all the friggin' time*. When the app was free I just dealt with it. But now I'm a paying customer and I want help :)
I've tried Safari and Fluid and it just kicks me off every 10 minutes or so, sometimes while I am even actively using it.
I'm happy to help you debug -- this is really getting ridiculous I am having to log into pivotal like 10-20x a day.
This reply was created from a merged topic originally titled
Pivotal signs me out all the time..- view 4 more comments
-
-
-
-
-
10.6.6 actually; though this has been happening for a *long* time.
-
-
Well dang, after a few days of this it seems to be behaving quite well. You should definitely send out a blast email! This was really making me mad.
Very interesting how a TZ setting would "fix" this cookie-dropping issue. -
-
-
-
-
I’m
sad
Hi. I'm having same issue. My TZ is GMT+6 and is set on my profile. But my safari 5.0.2 losing cookies. My os version is 10.6.6.
I don't want to change my browser. Can you please fix this?-
Hi Nicolas, unfortunately there is no "fix" for this problem, at least on our end, given that Safari loses secure cookies intermittently. Our only option at this point is to move to site-wide SSL encryption, which we're strongly considering, but it has a number of technical challenges, and not everyone will be happy with such a change.
-
-
-
-
-
I’m
ok
I set my time zone a few weeks ago and I haven't been kicked off since.
Safari 5.0.4
OSX 10.6.6 -
-
I’m
a Pivotal junky waiting for a fix.
My TZ is set but still getting logged out. Using Fluid and switching browsers is not a great option. Would love to see site wide SSL to avoid this. -
-
Michael, I solved this by setting another timezone, 3 hrs earlier then my.
-
-
I’m
frustrated
I am still getting logged out all the time, despite having twiddled the timezone and making sure to always log in with the "Remember Me" checkbox checked.
I am getting logged out 20+ times a day. This has been going on for months.
I am paying you. This is not acceptable.
I need a resolution. Please contact me ASAP so that I can show you so that you can fix this problem or suggest a workaround.- view 3 more comments
-
-
-
-
Sorry I missed the question about my env... Mac OS 10.6.6, Safari 5.0.4.
-
-
Could you tell me about the approach? I was having a similar problem on our webapp with Safari; I wonder if it's the same thing. Customers were getting logged out because Safari would literally drop a session cookie for no reason.
-
-
-
-
I’m
frustrated
I am having this issue also. Tried chaning timezones to many different values, tried clearing cookies, tried disabling https and still cannot access my project.
-
-
I’m
happy
Problem solved, the timezone was correct on my system but the date was not.
-
-
We have switched to all HTTPS/SSL as of the June 3 release, and simplified our cookie handling as part of this change. We believe this will help address many of the issues described in this thread. See more details in our blog post: http://pivotallabs.com/users/dan/blog...
-
-
I get signed out very frequently, sometimes even when writing a story (which, then, is lost...)
This reply was created from a merged topic originally titled
Automatically logged out. -
