Join the Car Talk Community!

Discussion Rules

Welcome to the Car Talk Community!

Want to ask a question or join the discussion? Great! Join now.

Sign In Register

The CTC and the new



  • TimTim
    edited November 2011
    @bscar2 Unfortunately I need my fingers to code, so breaking them for me wouldn't help.

    There were some issues with the interaction between and that were causing a bit of unpredictable behaviour with the Single Sign On. I've pushed a fix for those issues this evening and I encourage you to try logging in again.
  • So, um, uhhh, how long have you been testing the Single Sign-on?
  • TimTim
    edited November 2011
    @littlemouse I personally wrote it, and it has been the way I sign on to my own forum for over a year.

    The problem was unintentional and unforeseen. You seem to be representing yourself as someone who knows something about software, so I'll give you the rundown.

    SSO works by querying the master identity store (in this case on behalf of the accessing user (you) and analyzing the response. If the accessing user is logged in to the master store, the SSO will receive basic account information such as Username, UserID, Email address. It will use these to either look up the corresponding account on the forum or, in the case of a user who is new to the forums, create a new account with those details and link to it. Then log in this account.

    So we understand the basic idea: ask if the current user is logged in, and use the response to automatically log them in to the forum if they are. The problem is that if you think about this, it effectively doubles the load on both the forum and by causing a constant backchannel of "logged in? no? ok." "logged in now? oh, ok." "AND NOW?! ok :(" questions for every single user on every single page request.

    The solution to this obvious problem is to make the SSO only ask that question when needed. Such as 1) the first time you open the community or 2) when you press the sign-in button on the community discussions page. This works seamlessly and invisibly for 99% of cases, and cuts down on all the excess wasted requests to and from the master store. Amazing!

    The issue that arose here was with the new Hot Discussions widget on the front page. This widget uses javascript (aka, code run on the USER's browser, AS the user) to retrieve a list of popular discussions from the community, even when the user is technically still on This happens regardless of whether you're logged in or not.

    If you think about this, the outcome is that the first time you arrive at after opening your web browser on a given day, the site loads and the Hot Discussions are fetched. Because this is coming from your browser and not, it actually triggers the first condition of the SSO: the first time you open the community. Obviously you are not logged in yet, and so the SSO goes: "ah, not logged in. we'll just wait till they decide to log in and press the 'sign in' button". Result: when you do decide to visit the forum, you are not logged in because the SSO has already tried and failed.

    Our fix was to make the Community link from forcibly trigger the SSO question always (simulating an unpolluted 'first visit' condition when that link is clicked). A URL for that already existed, but I wrote some extra code anyway to account for the forcible nature of these new requests and prevent theoretical cases where this behaviour could cause an infinite loop for redirection. We figured that may annoy people.
  • SSO is perfect for a web site like this. Every web-app my team has developed for the past 3 years have all been SSO.
  • Tried the single sign-in link, it STILL automatically takes me to my "account information" page. When I click the community button in the links, it'll take me to the forums, but logs me out. I can right click a forum link(general discussions for example) and have FF open in IE, and I'm logged in through IE.
  • TimTim
    edited November 2011
    So to clarify what's happening right now:

    On these forums, the yellow expandy box at the top right does not properly work. The issue lies in the handling of logins. As you have probably experienced, logging in from the forums via that yellow box takes you to your page and not back here as you would expect. There is not much the forums can do about that.

    However! Logging in on and then clicking the Community link should work fine. I tested it extensively yesterday and today. If you're having trouble, I highly recommend clearing out your cookies and cache and trying again. It is possible that there are some shenanigans going on in your browser's cache. Give it a shot. are working on the issue with their login handler, so that should resolve soon.
  • bscar2, I don't want to break anybody's fingers -- I know you're frustrated, but I assure you everybody's been working really, really hard since the new site launched. Follow Tim's instructions to be logged in. (Thanks, Tim, for taking the time to explain things to us.)
  • tried it, still refuses to work. temp files deleted and everything.

    On the cartalk site, it shows me logged in, but as soon as I click the community linki, it logs me out. However, if I click another link off the forums, then it shows me logged back in. I do not attempt to login at either time.
  • forgot to check the cookies, so i deleted those, deleted the temp files again, then tried logging on. It's now asking me to link my accounts, but when I put in my password for the email, it says there's no account found with my email/password:

    Sign in

    Sorry, no account could be found related to the email/username and password you entered.

    This is the first time you've visited the discussion forums.
    You can either create a new account, or enter your credentials if you have an existing account.

    Give me a new account

    Link my existing account

    I'm probably not the only one having this problem, I'm just somehow able to get on here to be vocal about it. And this is just for my BACKUP account, not my main I've completely lost
  • I think the problem stems from the fact that both your accounts use the same e-mail address. I know we'd at some point disabled the ability for users to have multiple usernames on one e-mail address. Peacefrog/badbearing had had a similar issue. I'm not sure whether my removal of his second account worked or not.
This discussion has been closed.