dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
24
Rick5
Premium Member
join:2001-02-06

Rick5

Premium Member

Re: Problem with Comcast . com

Click for full size
lol..now this is interesting. Sign in ...BUT..I am signed in.

camper
just visiting this planet
Premium Member
join:2010-03-21
Bethel, CT

camper

Premium Member

said by Rick5:

lol..now this is interesting. Sign in ...BUT..I am signed in.

 

I've said it before, the comcast sites try to be smarter than they are capable of being.

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by camper:

said by Rick5:

lol..now this is interesting. Sign in ...BUT..I am signed in.

 

I've said it before, the comcast sites try to be smarter than they are capable of being.

I won't go into the smartness factor, but Comcast has always required you to reaffirm your password when you go into any account management page (at least for my account(s) and with the browsers I use), even if you are already logged into the site. Yahoo! does the same thing.

It is apparently a security fetish of some webmasters who make the assumption that perhaps someone other than you has gained access to your PC after you logged in (at least they don't require a webcam for facial recognition...yet).

camper
just visiting this planet
Premium Member
join:2010-03-21
Bethel, CT

camper

Premium Member

said by NetFixer:

Comcast has always required you to reaffirm your password when you go into any account management page (at least for my account(s) and with the browsers I use), even if you are already logged into the site. Yahoo! does the same thing.

 

Yup, that's true for many sites. Even if you elect to stay logged in, you have to re-enter your password to enter a more security-sensitive area of the site. (and I regard that behavior as a feature).

However, with the problem under discussion, you cannot even hit the home page without re-entering the login credentials. I proffer that the home page is not a more security-sensitive area.

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by camper:

Yup, that's true for many sites. Even if you elect to stay logged in, you have to re-enter your password to enter a more security-sensitive area of the site. (and I regard that behavior as a feature).

However, with the problem under discussion, you cannot even hit the home page without re-entering the login credentials. I proffer that the home page is not a more security-sensitive area.

I am not seeing that symptom. In fact, I just did a test wherein:

1. I logged out of my cookie initiated login session at comcast.net and then ended the browser session.

2. I cranked up the browser again, went to www.comcast.net and logged in again.

3. I next went to www.comcast.com in another browser tab, and I found that (as expected) I was still logged in.

4. I shut down both browser tabs and ended that browser session.

5. I launched the browser again and went to both www.comcast.net and www.comcast.com and found that I was still logged in at both sites.

6. I repeated the steps 1-5 twice more and I did not have any problem with either www.comcast.net or www.comcast.com not honoring the login cookie, or with requiring a separate login for www.comcast.com after I had already logged into www.comcast.net. The only exception was the account management password reaffirmation process that I previously discussed. And FWIW, the browser I use is SeaMonkey 2.13.2 (yes I know it is "out of date", but it works...if it ain't broke, don't fix it).

tshirt
Premium Member
join:2004-07-11
Snohomish, WA

tshirt

Premium Member

said by NetFixer:

And FWIW, the browser I use is SeaMonkey 2.13.2 (yes I know it is "out of date", but it works...if it ain't broke, don't fix it).

And that maybe your savior,
This problem is something that started after a series of updates, maybe 6 months ago, and has been intermittent but getting worse (in my experience).
And I've seen it on other "secure" login sites, only the exact fix seems to vary.
The remnants if some "no longer permitted" security scheme, plus workarounds X,Y,and Z.
won't likely be eliminated until a total refresh is coded from scratch.

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by tshirt:

said by NetFixer:

And FWIW, the browser I use is SeaMonkey 2.13.2 (yes I know it is "out of date", but it works...if it ain't broke, don't fix it).

And that maybe your savior...

Sometimes yes, sometimes no. After Justin moved this site to the "cloud", my "remember me" cookie stopped working here with both Seamonkey 2.13.2 and IE8 (yes, also "out of date", but us outdated old farts have to hang tough and stick together).

Both browsers had dslreports.com setup as an "allow cookies" site, but I was not getting any permanent cookies from this site. It took a bit of troubleshooting with Justin to figure out the cause. The cause was that the site's login code sets the cookie from https://secure.dslreports.com (in the background with no visible browser window) instead of from http://www.dslreports.com, and the different hostname combined with being https instead of http was not allowing the permanent login cookie to be accepted (until I also authorized the hidden https site as an "allow cookies" site).

Comcast uses CDN and a lot of off-site services on their web sites, and it is possible that is a contributing factor to the Comcast "remember me" cookie problem for some people (and/or browsers).