Aggravating Behavior After Auto-Logout

Today I switched to a browser window I'd left on the "add books" page (https://www.librarything.com/addbooks), entered data about a book, and clicked the search button.

I got a blank screen as a response, and presumed the site was down, or at least the part of it that deals with adding books.

Nope. LibraryThing logs people out if they leave themselves logged in too long, and this does not result in any noticeable change to their browser window. (The second part of this is good; I don't want an idle web page calling home constantly to see whether anything has changed at the server, as I often leave windows idle for days or even weeks.) Or it drops logged in state for some other reason.

The bug is that when this hapens, and the user continues to use their window, there's no coherent or comprehensible error reporting.

I only realized I was logged out when I went to the LibraryThing home page in another window, as part of checking the presumed site outage.

A related problem, from where I sit, was that after my browser provided my account name and password, the site required me to peer at various images of book covers in order to determine which ones were cookbooks, so as to "prove I wasn't a robot".

I don't see the use of that. If the person that logs in with this account name and password hasn't been a bot - or has been a cleverly programmed bot that can pass captcha tests, for that matter - for the 7 years and 2 days they've been logging in here, it's unlikely that they've suddenly become a bot. And there are other ways to deal with bots attempting to guess the password associated with some account - such as rate limiting login attempts

You're not logged out after any amount of time. I haven't been logged out for months. Something else is going on, it's not automatic. As for not a robot, it was introduced after a series of problems with DDoS attacks. Unless you frequently change devices from which you log on, you hardly ever need to do it. From the same device, I believe aside from explicitly logging out, the only other legitimate reason is if you clear cookies.

>2 SandraArdnas: Weird. I have not cleared cookies or logged out.

I do log in from multiple devices - a total of 3, or possibly four. Of these devices, I leave logged-in windows open on two of them pretty routinely. And it was one of those that somehow logged me out. (I was still logged in on the desktop, just not the laptop.)

I also haven't upgraded the browser on the laptop. (Updating the bowser on my Ubuntu linux box causes many sites to insist I've "logged in from a new computer" and go through extra security rigamarole. But this experience was on a mac laptop running Safari.)

The login info is stored in a cookie and all cookies expire. It's just a matter of when LT sets the expiration to. It seems to be more than a year from when it was created.

>1 ArlieS: "for the 7 years and 2 days they've been logging in here, it's unlikely that they've suddenly become a bot."

Unless your password was stolen. Which was one of the vectors of attacks last time - very old accounts whose credentials were compromised.

ArlieS (#1):

LibraryThing logs people out if they leave themselves logged in too long, and this does not result in any noticeable change to their browser window.

This is simply and completely untrue. I cannot remember the last time I logged out and LT has never logged me out.

>6 lorax: Yep - something else must have logegd me out, and I'd really love to know what.

I guessed, incorrectly, that LT had the same misfeature I've encounetred elsewhere - nuisance logouts after being logged in "too long".

Perhaps related: I noticed that I was asked to allow cookies again that day. Which I found odd too, but I did not get logged out.

>7 ArlieS: I wonder if we should have a thread where we praise LT for all the things they are doing right :-)

Closing!