Following links to LDS.org signs you out

Discussions about the Newsletter Tool at LDS.org.
User avatar
aebrown
Community Administrator
Posts: 14690
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Following links to LDS.org signs you out

Postby aebrown » Sat Oct 27, 2012 6:27 am

While reviewing one of our stake's Newsletter articles, I was frustrated to find that I was being unexpectedly signed out from LDS.org. I eventually determined that the situation that causes this is very simple:

If a Newsletter article contains a link to any content on http://LDS.org, following that link to the content will sign you out from LDS.org.

It's quite common for a Newsletter article to link to a general conference talk, an Ensign article, or many other kinds of content on LDS.org. This problem makes it very inconvenient for anyone who is reading an article on Newsletter with links to LDS.org. Each time you follow a link, you are signed out, which means that the Notebook and Journal features for that linked content are not available to you unless you sign in again, and if you try to use the browser's Back button to return to the Newsletter article, you have to sign in again just to continue reading the article.

I have tried this with multiple browsers, multiple computers, and multiple user accounts. The problem happens every time. Links to content on sites other than LDS.org have no such problem; you are still signed in to LDS.org if you click Back to return to the Newsletter article.

UPDATE: It turns out that it has nothing to do with Newsletter. Actually, the problem is that the links to LDS.org content in this article all used HTTP, rather than HTTPS. When you are signed in to LDS.org but use any HTTP link on LDS.org, you do get signed out. The same thing would happen if you used a bookmark to access http://lds.org
Questions that can benefit the larger community should be asked in a public forum, not a private message.

zaneclark
Senior Member
Posts: 907
Joined: Thu Jan 24, 2008 4:34 pm
Location: Las Vegas, NV
Contact:

Postby zaneclark » Sat Oct 27, 2012 9:03 am

Good catch! I am testing the newsletter before I attempt to "sell" it to the ward and will avoid using links to LDS.org until this is corrected....

User avatar
aebrown
Community Administrator
Posts: 14690
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Sat Oct 27, 2012 9:06 am

zaneclark wrote:Good catch! I am testing the newsletter before I attempt to "sell" it to the ward and will avoid using links to LDS.org until this is corrected....


As long as you make sure that you use HTTPS in the links, it works fine.
Questions that can benefit the larger community should be asked in a public forum, not a private message.

russellhltn
Community Administrator
Posts: 20750
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Sat Oct 27, 2012 11:30 am

aebrown wrote:UPDATE: It turns out that it has nothing to do with Newsletter. Actually, the problem is that the links to LDS.org content in this article all used HTTP, rather than HTTPS. When you are signed in to LDS.org but use any HTTP link on LDS.org, you do get signed out. The same thing would happen if you used a bookmark to access http://lds.org


Are you really signed out or do you just have to switch back to https?
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

User avatar
aebrown
Community Administrator
Posts: 14690
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Sat Oct 27, 2012 4:18 pm

RussellHltn wrote:Are you really signed out or do you just have to switch back to https?


You're really and truly signed out, even if you switch back to https.
Questions that can benefit the larger community should be asked in a public forum, not a private message.

User avatar
aebrown
Community Administrator
Posts: 14690
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Re: Following links to LDS.org signs you out

Postby aebrown » Sun Dec 30, 2012 2:03 pm

Just to close the loop on this, I happened across this post from about 16 months ago, which directly addresses this question:
matthewehle wrote:I'm glad you found that your issue came from the crossover from HTTPS to HTTP. I was partially responsible for implementing that security change.... The session loss when going to HTTP is an intentional change that we made earlier this summer, and there are no plans to change it.


Return to “Newsletter”

Who is online

Users browsing this forum: No registered users and 1 guest