An update on what has been going on...

News and Announcements

Moderators: SDS Owner, SDS Members

An update on what has been going on...

Postby Cralis on Wed 15 May 2019 00:12

I've been a little neglectful of making updates...we've been busy trying to make our site better after our host migrated us to new servers.

First, we now have full SSL on our website. I still need to convert some image references to https, but all of the PHP is secured. If you see a "not fully secured" it's because I need to change how the images on that page are referenced. And of course, our ecommerce through ME has always been secure.

Second, the forum has been updated to use secured cookies. This has seemed to solve most of the issues with logins. However, there are a few people (so far outside of the United States) who are having SSL cipher issues. If you are encountering such a problem, please contact me here or on email so I can try and figure out why.

This one confuses me because our provider is actually in Germany. If you have any suggestions, please let us know. I'm not a web developer by trade so I'm open to more expert advice.

Third, we are nearing the end of phase 2 of the Solar Starfire upgrade. We are working on the parts for the final phase, which will then be followed by a review phase... and then release!

Last, we have a huge number of datagroups that need to get added to our Shapeways store! Otterman has completely overwhelmed us with new datagroups! He's too awesome. Look forward to seeing those soon.

By that time we'll have some more news. This is shaping up to be a fun year!
Image
User avatar
Cralis
SDS Member
SDS Member
 
Posts: 11226
Joined: Tue 30 Jun 2009 19:27
Location: Oregon, USA

Re: An update on what has been going on...

Postby Cralis on Wed 15 May 2019 00:57

Oh I almost forgot! One additional website issue due to the migration. Our electronic download system is working just fine... but the new servers have a time limit on the downloads, which (depending upon your download speed) may mean that the download may not complete. If that happens, you can always contact me and I will make sure you get it.

HOWEVER, I recently discovered that Firefox can resume the download and start where it stopped, opening a second download session to continuing the download. By doing this I was able to complete all downloads by clicking "restart download" if it times out.

I will do some experiments with other browsers and see if they can do the same thing.
Image
User avatar
Cralis
SDS Member
SDS Member
 
Posts: 11226
Joined: Tue 30 Jun 2009 19:27
Location: Oregon, USA

Re: An update on what has been going on...

Postby aramis on Sun 19 May 2019 14:04

Cralis wrote:I've been a little neglectful of making updates...we've been busy trying to make our site better after our host migrated us to new servers.

First, we now have full SSL on our website. I still need to convert some image references to https, but all of the PHP is secured. If you see a "not fully secured" it's because I need to change how the images on that page are referenced. And of course, our ecommerce through ME has always been secure.

I had to manually delete the S from HTTPS to get the site to load today...

Edit: Repeatedly. After submitting, to get back to the thread, I had to do it again.
aramis
Rear Admiral
Rear Admiral
 
Posts: 328
Joined: Mon 01 Mar 2010 00:42
Location: Eagle River, Alaska

Re: An update on what has been going on...

Postby Cralis on Sun 19 May 2019 21:40

aramis wrote:I had to manually delete the S from HTTPS to get the site to load today...

Edit: Repeatedly. After submitting, to get back to the thread, I had to do it again.


What error does it give you? It's supposed to load in HTTPS, we have a dedicated SSL certificate for the site now. It's been setup to convert http requests to https to enforce the encryption.
Image
User avatar
Cralis
SDS Member
SDS Member
 
Posts: 11226
Joined: Tue 30 Jun 2009 19:27
Location: Oregon, USA

Re: An update on what has been going on...

Postby aramis on Tue 21 May 2019 01:51

Cralis wrote:
aramis wrote:I had to manually delete the S from HTTPS to get the site to load today...

Edit: Repeatedly. After submitting, to get back to the thread, I had to do it again.


What error does it give you? It's supposed to load in HTTPS, we have a dedicated SSL certificate for the site now. It's been setup to convert http requests to https to enforce the encryption.


I don't recall the error from earlier. I will say that tonight, it locked up after login; gave a timeout. Reload withoutn the SSL in the URL, and it redirected fine.
aramis
Rear Admiral
Rear Admiral
 
Posts: 328
Joined: Mon 01 Mar 2010 00:42
Location: Eagle River, Alaska

Re: An update on what has been going on...

Postby aramis on Tue 21 May 2019 01:52

Error 500. Just did it again.
aramis
Rear Admiral
Rear Admiral
 
Posts: 328
Joined: Mon 01 Mar 2010 00:42
Location: Eagle River, Alaska

Re: An update on what has been going on...

Postby Cralis on Tue 21 May 2019 10:30

aramis wrote:Error 500. Just did it again.


What browser do you use? Who is your provider? And are you outside of the USA? (so far everyone had SSL encryption issues has been outside of the USA)

And last, do you restrict cookies in your browser? We are using “secure cookies” now and if you have that restricted it could be a problem.
Image
User avatar
Cralis
SDS Member
SDS Member
 
Posts: 11226
Joined: Tue 30 Jun 2009 19:27
Location: Oregon, USA

Re: An update on what has been going on...

Postby aramis on Wed 29 May 2019 14:24

Cralis wrote:
aramis wrote:Error 500. Just did it again.


What browser do you use? Who is your provider? And are you outside of the USA? (so far everyone had SSL encryption issues has been outside of the USA)

And last, do you restrict cookies in your browser? We are using “secure cookies” now and if you have that restricted it could be a problem.

I'm using chrome on Win10, I'm in the same state you are, my ISP is Pioneer Tel.
I clear cookies on exit.

On clicking the "return to previous page", I got the following:
This site can’t provide a secure connection www.starfiredesign.com sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR


I retried, got identical error after about 15 seconds.

Deleted the s off https, and got in.

Whatever you did, it's buggered up the works.
aramis
Rear Admiral
Rear Admiral
 
Posts: 328
Joined: Mon 01 Mar 2010 00:42
Location: Eagle River, Alaska

Re: An update on what has been going on...

Postby Cralis on Wed 29 May 2019 23:21

aramis wrote:I'm using chrome on Win10, I'm in the same state you are, my ISP is Pioneer Tel.
I clear cookies on exit.

On clicking the "return to previous page", I got the following:
This site can’t provide a secure connection http://www.starfiredesign.com sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR


That's the one that doesn't make any sense. I only get an error in one location now when using Firefox, when I log into the admin section. And that doesn't make any sense at all because the session was already confirmed as valid... but then it's not?

I retried, got identical error after about 15 seconds.

Deleted the s off https, and got in.


Does it automatically go to https when you do get in? Because it should enforce https

Whatever you did, it's buggered up the works.


The migration buggered up the works because they changed PHP from "module" to "CGI" (and I don't really understand what that means yet).

But I think that this is partially because of the favicon. When the favicon shows up, the "secure" icons turn into "partial secure" and it doesn't let me log back in, in any browser (except IE11 and IE compatibility mode, both which seem to happily log me back in no matter what).

What I'm seeing though is that in Firefox, when I click board index, it seems to forget the session and start a new one. That is what I don't understand. I'm wondering if the PHP in CGI has an enforced session limit or something. I'm thinking about changing the cookie (which will force everyone to refresh) and seeing if that helps.

I made some other configuration changes today and Chrome seems to be respecting it for longer, but not 30 days like it was doing before.

I'm still trying to figure it out.
Image
User avatar
Cralis
SDS Member
SDS Member
 
Posts: 11226
Joined: Tue 30 Jun 2009 19:27
Location: Oregon, USA

Re: An update on what has been going on...

Postby Cralis on Thu 30 May 2019 11:28

I think that the login issue has been fixed!

I ran into a bug report for phpbb relatibg to secure cookies, looked at the code and verified we had the bug... and fixed it! I have remained logged in for 12+ hours now on Chrome and Firefox.

You may have to clear the cookies if you have multiple windows with separate sid values; but then it should work normally.

Can anyone else confirm?

P.S. I don’t think this will impact the SSL protocol errors a few of you are getting... I am still working on that.
Image
User avatar
Cralis
SDS Member
SDS Member
 
Posts: 11226
Joined: Tue 30 Jun 2009 19:27
Location: Oregon, USA

Next

Return to Announcements

Who is online

Users browsing this forum: No registered users and 7 guests

cron