What's wrong with cookies today? - diyAudio
Go Back   Home > Forums > Site > Forum Problems

Forum Problems If there is a forum related problem please leave a message here so an Admin will see it.

Please consider donating to help us continue to serve you.

Ads on/off / Custom Title / More PMs / More album space / Advanced printing & mass image saving
Reply
 
Thread Tools Search this Thread
Old 13th September 2009, 05:33 AM   #1
diyAudio Member
 
Wavebourn's Avatar
 
Join Date: Sep 2006
Location: Pleasant Hill, CA
Send a message via Skype™ to Wavebourn
Angry What's wrong with cookies today?

Bad Request

Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.

Cookie: bbuserid=79148; bbpassword=b200 [...]

I am getting such errors again and again; when I think I deleted all cookies related to diyaudio.com one more error message pops up...

What happened?
  Reply With Quote
Old 15th September 2009, 08:05 PM   #2
diyAudio Member
 
Geek's Avatar
 
Join Date: Sep 2004
I was just cleaning my cookies and found personally identifiable information in cookies that did NOT belong to diyAudio, but their Google Analytics (the "__utmz:" cookie).

My email and my username were in that cookie!

I deleted it, came back here and the __utmz: cookie regenerated sans the personally identifiable information.

It seems to scalp info upon login and the __utmz is NOT needed for the functioning of your login.

Of all the "__utmz:" I cleaned (about 50), diyAudio was the only one passing on personally identifiable information.

This needs to be fixed.


Cheers!
  Reply With Quote
Old 15th September 2009, 10:54 PM   #3
Speakerholic
diyAudio Moderator
 
Cal Weldon's Avatar
 
Join Date: Jan 2004
Location: Near Vancouver
I've moved this over to troubleshooting and will alert the webmaster.
__________________
Next stop: Margaritaville
Some of Cal's stuff | Cal Weldon Consulting
  Reply With Quote
Old 15th September 2009, 11:51 PM   #4
Jason is offline Jason  Australia
:)
diyAudio Administrator
 
Jason's Avatar
 
Join Date: Oct 2000
Location: Melbourne
Blog Entries: 1
Quote:
Bad Request

Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.

Cookie: bbuserid=79148; bbpassword=b200 [...]

I am getting such errors again and again; when I think I deleted all cookies related to diyaudio.com one more error message pops up...

What happened?
Neither I nor Dan know what might be causing this, and we haven't seen the error ourselves (other than generally the server having a small hissy fit, unrelated to cookies). What browser are you using, and what happens if you clean out your cookies?


Quote:
Originally Posted by Geek View Post
I was just cleaning my cookies and found personally identifiable information in cookies that did NOT belong to diyAudio, but their Google Analytics (the "__utmz:" cookie).

My email and my username were in that cookie!

I deleted it, came back here and the __utmz: cookie regenerated sans the personally identifiable information.

It seems to scalp info upon login and the __utmz is NOT needed for the functioning of your login.

Of all the "__utmz:" I cleaned (about 50), diyAudio was the only one passing on personally identifiable information.

This needs to be fixed.


Cheers!
Hi Geek,

Last week we tested the OpenX market out to serve some ads in the footer. I was not very happy with the quality of the ads, they were very junky and I don't think they did our members any service. I also have some questions potentially about the sanity of the ads (whether there was any malicious JS in them, etc, based on what I read yesterday in the OpenX market forums). After a few days I turned it off.

I'd be interested if this occurred during that period or not. Let me know if it happens again.

I just looked at my cookies, and there is no login information in there. Can you PM me what you had in your cookie.
  Reply With Quote
Old 16th September 2009, 02:37 AM   #5
diyAudio Member
 
Geek's Avatar
 
Join Date: Sep 2004
Hi Jason,

I nuked the cookie with the info already

I was going to screencap it when I came back here and I discovered that the identifiable info didn't show up again.

I went like this though:
Code:
__utmz:[numbers]utmcsr=([my email address])|utmccn=([my username])|utmcmd=([jibberish string])
But if it happens again, you bet I'll get you the info!

Cheers!
  Reply With Quote
Old 16th September 2009, 06:06 AM   #6
Jason is offline Jason  Australia
:)
diyAudio Administrator
 
Jason's Avatar
 
Join Date: Oct 2000
Location: Melbourne
Blog Entries: 1
I don't pretend to know how vBulletin or Google store their cookies, other than that any personally identifiable information should be stored in hashes, and not clear text, to prevent XSS.
  Reply With Quote
Old 16th September 2009, 06:37 AM   #7
diyAudio Member
 
ostripper's Avatar
 
Join Date: May 2008
Location: Smoky Mountains , Tennessee
Quote:
I don't pretend to know how vBulletin or Google store their cookies, other than that any personally identifiable information should be stored in hashes, and not clear text, to prevent XSS.
I do ...
Your site is very safe , your cookies are anonymous , except to diya itself...(the hash change after login)
I "exposed" what diya does - cookie/communication wise here :
diyaudio.com - An unsafe site?? (my last 2 posts)
chrome and IE "agree"... same cookies , same requests
BTW , very good work .. I really like the site now that I have figured it out
WOW , we even have our own "home pages", cool beans...

OS
  Reply With Quote
Old 27th September 2009, 08:39 PM   #8
diyAudio Member
 
Wavebourn's Avatar
 
Join Date: Sep 2006
Location: Pleasant Hill, CA
Send a message via Skype™ to Wavebourn
Quote:
Originally Posted by Jason View Post
Neither I nor Dan know what might be causing this, and we haven't seen the error ourselves (other than generally the server having a small hissy fit, unrelated to cookies). What browser are you using, and what happens if you clean out your cookies?
Never mind, it happened during transition. Your new server did not want cookies stored by an old one.
__________________
The Devil is not so terrible as his math model is!
  Reply With Quote
Old 28th September 2009, 01:37 AM   #9
diyAudio Member
 
Join Date: Jun 2008
Quote:
Originally Posted by Geek View Post
Hi Jason,

I nuked the cookie with the info already

I was going to screencap it when I came back here and I discovered that the identifiable info didn't show up again.

I went like this though:
Code:
__utmz:[numbers]utmcsr=([my email address])|utmccn=([my username])|utmcmd=([jibberish string])
But if it happens again, you bet I'll get you the info!

Cheers!
Reading your post I checked mine. Same thing. Deleted, same result.
  Reply With Quote
Old 28th September 2009, 03:16 AM   #10
imix500 is offline imix500  United States
diyAudio Member
 
imix500's Avatar
 
Join Date: Mar 2004
Location: Nashville, TN
I had this error intermittently as well until I cleared all my cookies. Running Firefox 3.5.3 on a mac book pro.
  Reply With Quote

Reply


Hide this!Advertise here!
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
And what did we buy today? Westerp Everything Else 328 20th September 2014 04:48 PM
Wrong Voltage / current on BoZ... or Wrong Measuring ? gionag Pass Labs 8 14th May 2008 12:24 PM
Today was the Day EdT Class D 0 14th April 2007 01:23 AM


New To Site? Need Help?

All times are GMT. The time now is 12:08 PM.


vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2014 DragonByte Technologies Ltd.
Copyright 1999-2014 diyAudio

Content Relevant URLs by vBSEO 3.3.2