Auto Logout Needs UI Upgrade

For reasons unknown, when I used <cmd> R to refresh the Talk page (in particular, the starred topics section), one of the many possibilities at https://www.librarything.com/talk, I got a weird page that offered me only a choice of hot topics and something else I can't remember. I refresh that page every morning; it had never done this before. I guessed LibraryThing was suffering some major (but partial) outage.

But no - something had logged me out. I hadn't cleared my cookies or any such thing, and a good design wouldn't have logged me out. But this is the WWW, so random logouts happen, and when I reported that problem most recently, I was told the issue would have been client side.

My point *here* is that there was almost no indication I was logged out. I check my starred conversations fairly early in my process of waking up, i.e. pre-coffee. It took rather a while to guess what had happened.

And then when I did guess, LibraryThing wasn't satisfied with my password. Nope, even on the same browser I was logged in on yesterday, I had to peer myopically at book covers, not all of them in English, and identify the cookbooks. Fortunately I selected the right ones, even the one in Spanish.

I doubt this is browser dependent, but for the record, I'm using Safari 15.1 on MacOS 12.0.1

If you have to log in, you always get the cookbook cover test. That isn't Librarything not liking your password. It is actually the site LIKING your password.

Could it be a misfire of the keyboard shortcut you intended to hit? As you did mention it being soon after waking :-)

Dr Google is suggesting that command+option+E clears the cache in Safari; with R being next to E on the keyboard could this be the culprit? It would log you out.

There also seems to be command+shift+R for something called "Strip styling and view in reader" which sounds not dissimilar to what you describe as a weird page with limited options. Apologies I am not a Mac user so can't offer direct knowledge what this might do, but if you're prepared to go through the Cookbook Challenge again, you could try it out! :-)

>3 Nevov: Not likely, because there's pretty much nothing I do that requires pressing both command and alt, or even command and shift.

FWIW, I think the root cause of the UI issue is that the same URL (https://www.librarything.com/talk) displays a largish number of different things, based on state that isn't present in the URL.

If there were a set of URLs - like https://www.librarything.com/talk/starred, https://www.librarything.com/talk/started, https://www.librarything.com/talk/groups, etc. the server would be able to notice "non-logged-in user is trying to display content only available to logged-in users", and respond with something like "please login to display this content", along with appropriate login fields.

Many web sites do this, and it makes the unwanted infrequent auto-logouts a lot more obvious. The better ones even remember what page the user was trying to display throughout the re-login process, and display it, rather than the default post-login page.

See also my prior report of auto-logout on this site, which didn't involve refreshing the web page. https://www.librarything.com/topic/334865

Note also: I am not a web developer. I am a (retired) software engineer, but my web skills barely amount to creating basic web pages. And a little knowledge is often a dangerous thing. So please be gentle correcting any errors in my comment #5

There is no auto-log-out on Librarything, the only way you will get logged out is if your cookie expires or is deleted. If either of these things happen there will be no cookie to tell LT what you were looking at before you were logged out.

A possible improvement could be a more obvious notification (a banner, maybe?) when viewing the site logged out. I don't think that would disturb too many people.

>8 norabelle414: I think of cookie expiration as a form of auto-logout.

It's more noticeable on sites which intentionally use a short expiration time, generally citing "security". But as long as non-expiring cookies are impossible, and/or browsers silently discard non-expired cookies to save memory and/or disk space, cookie expiration happens, and the user experiences it as auto-logout.

We don’t auto-sign out anybody on LT. That’s not to say that we’ve never done it, but I can count maybe two times that we’ve forced a logout of our users. And those were caused by serious security issues.

If you were signed out then you either accidentally signed out of LT or your cookies were cleared from your browser for some reason or another.

As for the book covers at sign-in: that is our “captcha” and I think it is MUCH preferred over the alternative Google option of finding all of the traffic lights in 10 tiny pictures of roads.

You should not be seeing covers that are not in the language of the site you are on. So maybe that’s an indication that you changed language sites for LT? That would explain the needing to sign in again too. Just a theory.

Oh. And it is possible that your cookies expired. But you’d have needed to be signed in for years for that to happen. I’ll check the actual expiry time on those when I return to my computer.

Deferring this for now—I don't believe this is a true bug—but if you see this instance crop up again, >1 ArlieS:, please let us know what you noticed and how it happened for you.

We are now setting the expiration of our login cookies to one year. So if you stayed logged in for over a year you will need to sign in again, and not again for another year.

>13 conceptDawg: I suppose it's possible that I had been logged in for a year in that browser. I didn't note which computer/browser combo I was using on Aug 31, 2021. (I'm currently logged into LibraryThing from 2 different Macs, each using Safari.)

It's also more than possible that Apple has "fixed" something in their browser in such a way as to cause non-expired cookies to be deleted without the user's knowledge.

At least it's a rare aggravation on this site. But it would still be nice if the site made being unexpectedly logged out rather more obvious.