The CTC and the new cartalk.com

Tim

@bscar2 Unfortunately I need my fingers to code, so breaking them for me wouldn't help.

There were some issues with the interaction between cartalk.com and community.cartalk.com that were causing a bit of unpredictable behaviour with the Single Sign On. I've pushed a fix for those issues this evening and I encourage you to try logging in again.

littlemouse

So, um, uhhh, how long have you been testing the Single Sign-on?

Tim

@littlemouse I personally wrote it, and it has been the way I sign on to my own forum for over a year. http://vanillaforums.org/addon/proxyconnect-plugin

The problem was unintentional and unforeseen. You seem to be representing yourself as someone who knows something about software, so I'll give you the rundown.

SSO works by querying the master identity store (in this case cartalk.com) on behalf of the accessing user (you) and analyzing the response. If the accessing user is logged in to the master store, the SSO will receive basic account information such as Username, UserID, Email address. It will use these to either look up the corresponding account on the forum or, in the case of a user who is new to the forums, create a new account with those details and link to it. Then log in this account.

So we understand the basic idea: ask cartalk.com if the current user is logged in, and use the response to automatically log them in to the forum if they are. The problem is that if you think about this, it effectively doubles the load on both the forum and cartalk.com by causing a constant backchannel of "logged in? no? ok." "logged in now? oh, ok." "AND NOW?! ok :(" questions for every single user on every single page request.

The solution to this obvious problem is to make the SSO only ask that question when needed. Such as 1) the first time you open the community or 2) when you press the sign-in button on the community discussions page. This works seamlessly and invisibly for 99% of cases, and cuts down on all the excess wasted requests to and from the master store. Amazing!

The issue that arose here was with the new Hot Discussions widget on the front page. This widget uses javascript (aka, code run on the USER's browser, AS the user) to retrieve a list of popular discussions from the community, even when the user is technically still on cartalk.com. This happens regardless of whether you're logged in or not.

If you think about this, the outcome is that the first time you arrive at cartalk.com after opening your web browser on a given day, the site loads and the Hot Discussions are fetched. Because this is coming from your browser and not cartalk.com, it actually triggers the first condition of the SSO: the first time you open the community. Obviously you are not logged in yet, and so the SSO goes: "ah, not logged in. we'll just wait till they decide to log in and press the 'sign in' button". Result: when you do decide to visit the forum, you are not logged in because the SSO has already tried and failed.

Our fix was to make the Community link from cartalk.com forcibly trigger the SSO question always (simulating an unpolluted 'first visit' condition when that link is clicked). A URL for that already existed, but I wrote some extra code anyway to account for the forcible nature of these new requests and prevent theoretical cases where this behaviour could cause an infinite loop for redirection. We figured that may annoy people.

MikeInNH

SSO is perfect for a web site like this. Every web-app my team has developed for the past 3 years have all been SSO.

bscar2

Tried the single sign-in link, it STILL automatically takes me to my "account information" page. When I click the community button in the links, it'll take me to the forums, but logs me out. I can right click a forum link(general discussions for example) and have FF open in IE, and I'm logged in through IE.

Tim

So to clarify what's happening right now:

On these forums, the yellow expandy box at the top right does not properly work. The issue lies in the cartalk.com handling of logins. As you have probably experienced, logging in from the forums via that yellow box takes you to your cartalk.com page and not back here as you would expect. There is not much the forums can do about that.

However! Logging in on cartalk.com and then clicking the Community link should work fine. I tested it extensively yesterday and today. If you're having trouble, I highly recommend clearing out your cookies and cache and trying again. It is possible that there are some shenanigans going on in your browser's cache. Give it a shot.

cartalk.com are working on the issue with their login handler, so that should resolve soon.

cdaquila

bscar2, I don't want to break anybody's fingers -- I know you're frustrated, but I assure you everybody's been working really, really hard since the new site launched. Follow Tim's instructions to be logged in. (Thanks, Tim, for taking the time to explain things to us.)

bscar2

tried it, still refuses to work. temp files deleted and everything.

On the cartalk site, it shows me logged in, but as soon as I click the community linki, it logs me out. However, if I click another link off the forums, then it shows me logged back in. I do not attempt to login at either time.

bscar2

forgot to check the cookies, so i deleted those, deleted the temp files again, then tried logging on. It's now asking me to link my accounts, but when I put in my password for the email, it says there's no account found with my email/password:

Sign in

Sorry, no account could be found related to the email/username and password you entered.

This is the first time you've visited the discussion forums.
You can either create a new account, or enter your credentials if you have an existing account.

Give me a new account
Username
Email

Link my existing account
Email
Password

I'm probably not the only one having this problem, I'm just somehow able to get on here to be vocal about it. And this is just for my BACKUP account, not my main I've completely lost

cdaquila

I think the problem stems from the fact that both your accounts use the same e-mail address. I know we'd at some point disabled the ability for users to have multiple usernames on one e-mail address. Peacefrog/badbearing had had a similar issue. I'm not sure whether my removal of his second account worked or not.