Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "logout"
At my study's final exams, I coded a system with login and everything included.
Showed it at the final delivery:
Fake client: awesome! So how do I logout?
Yeah, you couldn't logout.29
More like the most obvious thing I accidentally left OUT of an application without thinking about it.
"application seems advanced/cool/working! Oh by the way how do I log out?"
Not mine but an error message in a game when you're trying to logout:
"You're currently not logged in. Please log in to log out."
Logically valid though1
Clicking on Logout Button.
Getting a message...
"your session is expired you need to log in again to perform this action"
hmm... should I log in again to perform log out :)1
I absolutely love the email protocols.
x1 LOGIN user@domain password
x2 LIST "" "*"
x3 SELECT Inbox
Because a state machine is clearly too hard to implement in server software, clients must instead do the state machine thing and therefore it must be in the IMAP protocol.
I should be careful with this one since there's already more than enough spam on the interwebs, and it's a good thing that the "developers" of these email bombers don't know jack shit about the protocol. But suffice it to say that much like on a real letter, you have an envelope and a letter inside. You know these envelopes with a transparent window so you can print the address information on the letter? Or the "regular" envelopes where you write it on the envelope itself?
Yeah not with SMTP. Both your envelope and your letter have them, and they can be different. That's why you can have an email in your inbox that seemingly came from yourself. The mail server only checks for the envelope headers, and as long as everything checks out domain-wise and such, it will be accepted. Then the mail client checks the headers in the letter itself, the data field as far as the mail server is concerned (and it doesn't look at it). Can be something else, can be nothing at all. Emails can even be sent in the future or the past.
You have this property "mynetworks" in /etc/postfix/main.cf where you'd imagine you put your own networks in, right? I dunno, to let Postfix discover what your networks are.. like it says on the tin? Haha, nope. This is a property that defines which networks are allowed no authentication at all to the mail server, and that is exactly what makes an open relay an open relay. If any one of the addresses in your networks (such as a gateway, every network has one) is also where your SMTP traffic flows into the mail server from, congrats the whole internet can now send through your mail server without authentication. And all because it was part of "your networks".
Yeah when it comes to naming things, the protocol designers sure have room for improvement... And fuck email.
Oh, bonus one - STARTTLS:
So SMTP has this thing called STARTTLS where you can.. unlike mynetworks, actually starts a TLS connection like it says on the tin. The problem is that almost every mail server uses self-signed certificates so they're basically meaningless. You don't have a chain of trust. Also not everyone supports it *cough* government *cough*, so if you want to send email to those servers, your TLS policy must be opportunistic, not enforced. And as an icing on the cake, if anything is wrong with the TLS connection (such as an MITM attack), the protocol will actively downgrade to plain. I dunno.. isn't that exactly what the MITM attacker wants? Yeah, great design right there. Are the designers of the email protocols fucking retarded?9
Story time! This happened several years ago, back when I didn't have a computer and I was just using the computers at the university. They had 8 iMacs all in a row, and I would sign into one and do my work.
Now these computers have Deep Freeze on them, which is a fancy hard disk driver that treats the entire drive as copy-on-write, so when anything writes to the drive it makes a copy of the block and writes to that instead. That way all your changes are gone when you reboot. It's a real nifty idea, but it's annoying that you have to reset all your settings the way you like them.
So as part of my setup routine I signed into iCloud. This automatically synced my browser history and my email, and various other things I didn't really care about.
One of those things I didn't care about was Find My Mac. I found this out next time I signed into iCloud and saw the university computer on the list. I had never seen these computers on the list before since normally the computer reboots and forgets everything when you log out. What I think happened is the sysadmin forgot to check the "reboot on logout" option in Deep Freeze. So I was like "I wonder what would happen if I passcode locked the computer?" I clicked the passcode lock option and entered 5555, and it seemed to work.
The next day I come in and the particular computer I locked was gone. I thought "oh God what have I done". So I inquired with the sysadmin (who I really hope is not reading this) and he said "oh, someone got into the Find my Mac thing and locked it down. We were trying different codes, since if we couldn't unlock it we'd have to send it to Apple and provide proof of purchase and that could take weeks. We had tried all the obvious ones like 1234 and that wasn't working so I was about to give up, but then I tried 5555 and it rebooted! So yeah, it'll be back soon, and I decided to try installing OS X 10.11 on it because we'll all need to upgrade sooner or later eventually and it's best to have tested a bit first."
So in the end I somehow made it out with my skin still on, and also with El Capitan on one of the computers, which was the only one I used after that. Not so bad! Oh and if you've manged to read all the way through you deserve a cookie 🍪😄1
Well... I had in over 15 years of programming a lot of PHP / HTML projects where I asked myself: What psychopath could have written this?
(PHP haters: Just go trolling somewhere else...)
In my current project I've "inherited" a project which was running around ~ 15 years. Code Base looked solid to me... (Article system for ERP, huge company / branches system, lot of other modules for internal use... All in all: Not small.)
The original goal was to port to PHP 7 and to give it a fresh layout. Seemed doable...
The first days passed by - porting to an asset system, cleaning up the base system (login / logout / session & cookies... you know the drill).
And that was where it all went haywire.
I really have no clue how someone could have been so ignorant to not even think twice before setting cookies or doing other "header related" stuff without at least checking the result codes...
Basically the authentication / permission system was fully fucked up. It relied on redirecting the user via header modification to the login page with an error set in a GET variable...
Uh boy. That ain't funny.
Ported to session flash messages, checked if headers were sent, hard exit otherwise - redirect.
But then I got to the first layers of the whole "OOP class" related shit...
It's basically "whack a mole".
Whoever wrote this, was as dumb and as ignorant to build up a daisy chain of commands for fixing corner cases of corner cases of the regular command... If you don't understand what I mean, take the following example:
Permissions are based on group (accumulation of single permissions) and single permissions - to get all permissions from a user, you need to fetch both and build a unique array.
Well... The "names" for permissions are not unique. I'd never expected to be someone to be so stupid. Yes. You could have two permissions name "article_search" - while relying on uniqueness.
All in all all permissions are fetched once for lifetime of script and stored to a cache...
To fix this corner case… There is another function that fetches the results from the cache and returns simply "one" of the rights (getting permission array).
In case you need to get the ID of the other (yes... two identifiers used in the project for permissions - name and ID (auto increment key))...
Let's write another function on top of the function on top of the function.
My brain is seriously in deep fried mode.
Untangling this mess is basically like getting pumped up with pain killers and trying to solve logic riddles - it just doesn't work....
So... From redesigning and porting from PHP 7 I'm basically rewriting the whole base system to MVC, porting and touching every script, untangling this dumb shit of "functions" / "OOP" [or whatever you call this garbage] and then hoping everything works...
A huge thanks to AURA. http://auraphp.com/
It's incredibily useful in this case, as it has no dependencies and makes it very easy to get a solid ground without writing a whole framework by myself.
I previously worked as a Linux/unix sysadmin. There was one app team owning like 4 servers accessible in a very speciffic way.
* logon to main jumpbox
* ssh to elevated-privileges jumpbox
* logon to regional jumpbox using custom-made ssh alternative [call it fkup]
* try to fkup to the app server to confirm that fkup daemon is dead
* logon to server's mgmt node [aix frame]
* ssh to server directly to find confirm sshd is dead too
* access server's console
* place root pswd request in passwords vault, chase 2 mangers via phone for approvals [to login to the vault, find my request and aprove it]
* use root pw to login to server's console, bounce sshd and fkupd
* logout from the console
* fkup into the server to get shell.
That's not the worst part... Aix'es are stable enough to run for years w/o needing any maintenance, do all this complexity could be bearable.
However, the app team used to log a change request asking to copy a new pdf file into that server every week and drop it to app directory, chown it to app user. Why can't they do that themselves you ask? Bcuz they 'only need this pdf to get there, that's all, and we're not wasting our time to raise access requests and chase for approvals just for a pdf...'
oh, and all these steps must be repeated each time a sysadmin tties to implement the change request as all the movements and decisions must be logged and justified.
Each server access takes roughly half an hour. 4 servers -> 2hrs.
So yeah.. Surely getting your accesses sorted out once is so much more time consuming and less efficient than logging a change request for sysadmins every week and wasting 2 frickin hours of my time to just copy a simple pdf for you.. Not to mention that threr's only a small team of sysadmins maintaining tens of thousands of servers and every minute we have we spend working. Lunch time takes 10-15 minutes or so.. Almost no time for coffee or restroom. And these guys are saying sparing a few hours to get their own accesses is 'a waste of their time'...
That was the time I discovered skrillex.6
Working on another online pokemon game sort of thing and I'm super proud of myself because I just got the user registration, login, auth session, and logout done. Last time I tried making one of these damn things I didn't bother using a database and I tried making a complex user auth system using JSON files and God, I regret that now.
Now only a million steps to go (Including making the game)11
Got contacted by "cosmicjs" ( https://cosmicjs.com ) to build apps using the platform and blog about said apps.
Googling them, they got articles spread all over medium, by either the co-founder or the developers, praising it to be the better wordpress and how some seemingly paid twitter posts praise it too.
Apparently "Deutsche Bank" and Volkswagen, Apple, Microsoft, IBM, JPMorganChase use it, which I highly doubt, maybe somebody here can figure out if thats actually false claims, since googling any of those together obv. doesn't return anything, nor makes it sense why they would spend such a large amount on... nothing?..
That one might be just me, but then theres those comments from themselves on producthunt, praising it, though it seems they failed to logout or something? the one co-founder seems to be praising how easy it is to install, by talking about it like an external user?.. (screenshot in comments)14
This is response I got from my ex tech lead in a company that I left six months ago..
Btw account is registered on my private email and has admin access to Slack full of confidential files.
Don't even know why I worked there..13
!rant I just put my phone in my pocket with the devrant app open.
I take my phone out again about 10 minutes later and i'm in the process of making a new devrant account....
So somehow while the phone was in my pocket, it must have clicked the logout button and sign up button and had entered random letters for the email name and password section.
Boy, i'd like to know what my pocket (or Ass) wants to rant about....2
We are required to use corporate SSO for any authenticated internal websites, and one of the features they require you to implement is a "logout" button.
They provide a whole slew of specifications, including size and placement/visibility, etc. They provide an SSO logout URL you must redirect to after you take care of your own application logout tasks.
Makes sense... except the logout URL they provide to serve the actual SSO logout function broke over 3 months ago, and remains non-functional to this day.
Apparently I'm the first person (and perhaps one of the only people) who reported it, and was told "just not to worry about it".
So, we have a standing feature request to provide a button... that doesn't actually work.
Corporate Security - Making your corporation _appear_ more secure every day...2
If you keep seeing your watch, while ignoring your laptop time display, then it's time for you to logout of office.
So I just recently joined stackoverflow. Spent some time time and decided I should log out considering I logged in at work. Could not find the fucking logout/sign out button. Even after googling. Had to go to the source code and find the logout link which is hidden in the page.
Looks like it's the new vim.4
Built an entire web application and while it's ready for beta testing, I realized I forgot to add a logout function...
Start to read the book from Jaron Lanier "Who owns the Future". And suddenly realize that the company which offering us "free services" is trying to build a superior model of machine learning and read all of our behaviour.
Thus, i start to logout my facebook, twitter, instagram and all of my social media. But, i'm not the lucky one who could fight this "selling data practices", because I still use devices with "Android OS". My privacy stolen & sold is inevitable. What a Digital Life!23
I love devRant.
So there I am on the devRant website, busy clicking through options I haven't checked before; I click on "Settings", then the options "Logout" and "Delete Account" appear.
It just so happens that when the options came up, the mouse is hovering over the "Delete Account" button, at the thought of such my mind was like - Ahh! Nooo!3
So, I was making a sort of "pre-autumn-cleaning" on some of my accounts (changing passwords, secret answers, canceling accounts/subscriptions, etc), when I arrive to devRant and go to the settings option just to found these options...
So... Really ಠ_ಠ? "Logout" and "Delete Account" are the only settings available via web browser?
I know that I can't expect the full range of settings that are present on the mobile app, but what the hell, I was expecting a little more than that...8
Changed my Apple ID (email address), couldn't logout from Macbook (access data invalid), had to change it back just to logout and change it back to login with the new one :/4
Fucking fuck shit monkeycocksucking gargling wtf!
I was getting some stuff done in my accounting software and it bugged me that the fields were dark and the fonts as well, thus seeing fucking shit. This was clearly a bad choice of a gtk3 dark theme, thus i switched to the fucking default adwaita, suddenly gnome session crashes.
Ok, i just log out and log back in.
Logout.... Nothing happens.... Ctrl-alt-backspace , nothing happens (and i knew i enabled that in the settings)
Ok let's do it a bit more forceful and restart the display manager... Gdm starts... I insert my credentials... It fucking crashes.
I desperately try to debug it, xsession error msg'es? Nope. Something in /var/log/messages? Nope. Something, anything at all, nope sherlock nopedinope!
About to go batshit crazy, purging and reinstalling all of gnome, thibking that, what ever setting lust have broke it, it will be fixed now.
No fucking fuck desktop!!!
I lost my nerve and replaced gdm with lightdm, and i finally, after three hours wasted on my machine, i get my gnome desktop back... But in a state of mess! Extensions don't work and make it crash again, user themes? Nope, go fuck yourself with plain default.
I'm really losing my shit, business is almost non-existant, and now ly FUCKING desktop refuses to work like i want to. Everything is fucking broken to shits !!
I'm gon a go to my gf, and relax a little, at least i still have a working laptop.
Question is, for how long???
Fucking hours counting systems.
One of the hardest part of consulting job is to put hours into fucking table.
One of those solutions is so smart that when I make mistake I need to call manager to unlock the input.
My friend from work compared it to playing saper.
Some of those systems work only in IE.
Some of those run java inside browser.
Some I need to be in company domain others I need to logout from company domain.
I see the amazing articles about those amazing software solutions, still opening IE and running java to put digit into text input or pick number from select.
On a Sunday 8pm evening. C-Level (CEO, CFO, C-etc) guy account is getting auto logout.
Boss: please be available on a 9pm call.
Me: can this wait till tomorrow?
Me in my head: why cant just login again
Meanwhile on normal days: other users experiencing issues.
Boss: C-guy never experienced and I cant replicate it.
Worst was with ionic and ios. Havent really worked with either and got mac that wasnt updated in ages and also they didnt give charger. Dealing with sudos and not using sudos then trying to work with xcode and free licenses took me a good time until i got first successful build for iPad. Biggest time consuming mistake was that i had to logout of itunes before i could make another account. It only gave me error and said try again later. Made me furious but after i got setup working everything worked quite nicely. Loved the safari developer view.5
Just logged into clients hosting account with host gator. I'm greeted with masses of adverts and up sells.
Few mins later I login to clients go daddy account. Yet more adverts and overly invasive up sells.
I hate bulk cheap hosts like this :/
Cannot wait to logout.4
GREAT PROGRESS TODAY!
I already made the login part of the devRant rewrite and I can reliably log in and out of the app.
From here, it’s just API requests, JSON parsing and just fitting the data to templates.
...and the avatar system.
When your up against a session issue and can't fucking work out why the session is lost, not one instance of the logout functionality is called and yet... the fucking thing decides to log you out anyway.
Now this was working all fine and dandy last week, and NOTHING has changed, as in not 1 fucking line of code for this process has been touched in 4 years.
It's like all of a sudden, Satan crawled out of this piece of shit site and decided I was to be toyed with.
As you can imagine, I'm a little pissed at this one, there's something hiding in the shadows fucking me in the ass.2
Seing the new UI, I have an idea: how about a private chat (which gets deletet afher logout), and a friendship System? Because I wanna know, if I have friends at all ;¬)1
I cloned the most recent copy of my coworker's app so I can help fix bugs when we go live tomorrow. These are the methods in the users controller:
So I've one project based on fingerprint scanner where the scanner came with sdk for c# and other language libraries.
So basically the user punches for login and logout I'm storing timestamp based on that to MongoDB. Now the only concern is when the user punches, it doesn't give any response like sound or light for telling it's accepted or not.
For that I've to do something so my guess was
But, it's for library and they don't want sound. And my scanner don't have any extra light for that.
Anyone got any suggestion or cool idea?
(I'm using Nitgen Fingkey Hamster I DX HFDU06)4
The frontend developers in my company are the reason why I have anxiety. Here are few things that grinds my knees:
1) for a long time in projects, they deleted the auth token from their storage without integrating the logout api. They thought why use an API for that. :)
3) One of them asked me to convert a PATCH request to DELETE cos fuck REST and HTTP methods.
For fuck’s sake. I need to get out of this place.4
Today, I want to show you a CLI program that I am working on.
It is called Chaker, and it is a Hacker News 'client' written in Go (or Golang) for the terminal.
(The 'client' is in quote because now it is more of a web scraper with a UI rather than an actual client that can do stuff like login/logout etc.)
It is pretty usable for now, but I am planning on other stuff too.
Check it out!
fuck the overengineered bulshit that ZF2 is... fuck crappy mvc in web, fuck shitty design, tuck events, fuck 'security feature' that obfuscates the fucking redirect login/logout urls fuck not having your full link, but just the path everywhere, fuck whitelabeling, fuck somebody's sister, fuck me and fuck you....1
Fuckin twats at Nike.
How the fuck did you manage to accept a non existent email as a valid email for the fuckin accounts you suckers
Last 2 runs were unable to sync so i had to logout before seeing that the account mail i used when i created the account has a misspelling which I didn’t notice until now but yet, the account was created.
Suckers i lost all my runs the last years which were about 300+ K km.1
TF, for me it's impossible to logout one google account in the browser if I signed in with multiple google accounts.
I'm too dumb I guess!2
Can we move "Delete Account" option from "Settings" and move into some danger zone(probably like github) inside "Settings". This is my second account btw. "Accidently" deleted my first account when I was trying to logout.2
Doing the Full Stack Nanodegree from Udacity
Using Google's oAuth Sign in in my Flask App, I realized that no matter what browser I use, I was unable to logout, Google always threw an error my way. I figured something must be wrong with my code..
Searched on Google, couldn't find anything relevant, gave up on first 4 results(not pages, yeah I'm that lazy!)
Spent 3 hours Debugging at different points, removing all the abstraction I've put in using various libraries (Bad move)
Finally it dawned on to me to check Udacity forum as well. It's a frickin cache/cookie thing. Tried the app in an incognito window, worked like a charm. Reverted code back with all the libraries, worked like a charm again!
FUCK YOU GOOGLE! In your attempts to track users, you're even making our work difficult!
(in hindsight, I should probably be better at asking/looking for help)1
I'll have you know it only took me 3 months to learn the basics of lambda/aws, get server side authentication working, and get a basic login/logout page on an app
Never expected such a learning curve!1
As a Client, I want to have on my left-side menu link to the FAQ page.
On the page should be:
How I verify my balance?
Bla bla bla
How can I see my personal details?
Bla bla bla
How I logout?
Bla bla bla
Do anyone know if this is contagious ?4
You fucking fucktard! First, learn how to fucking read an email and secondly, I was referring to the fucking login issue you mentioned before, not the fucking logout issue!!! Serioursly!>!?!?!?! How the fuck do you function!
Fucking belgium fucktard!7
Strapi is truly a philosopher's framework.
— Developername, you implemented login but didn't implement a logout!
— Ah, the circle of life.
— But the architecture is incredibly fragile!
— Aren't we all?...
Guy try http://vacate.ml It will sign you out from the web applications that you are currently signedin. Give star if you like it20