not associating dumps with login

Sometimes this happen for some people, don't know why. You don't refuse cookies or something?

Make sure it says
Your identity
dyonisian <Log out>

before posting a dump.

I have noticed problems here also, I just enter my nick into the email field (hence all my dumps get '<' '>' around my nick. I've noticed it from IE & Firefox in XP as well as Firefox on Linux.

I don't refuse cookies (or login wouldn't work at all presumably) but I use whitelisting for JavaScript, and oook isn't on my whitelist, because it doesn't need to be.

Although oook is phpBB based, there are a couple of minor things on the site that definitely require JavaScript to work (check boxes in Private Messages for one) so maybe that's the problem?

Why on Earth would anyone want to disable JavaScript? Do you also disable tags for bold and italic text?
There is no phpBB nearby here; the site is homegrown, and the forums bit is powered by vBulletin.
Well the easiest test is to enable JavaScript and test it. Why don't you do that?

Allowing client-side scripts globally is inherently insecure, albeit that running linux makes a lot of the problems moot. Its not that I don't trust oook, its just that I only bother to allow scripts where I would lose functionality otherwise.

I've obviously gotten my forums mixed up, apologies.

Usually I'm happy to use a workaround rather than enable scripting, where I don't really lose any functionality. I guess now though, I'll have to test. Back in a mo for an edit...

EDIT - actually, I think I may have tried this before, when I first submitted a dump, elsewise the Deja Vu is bad today. Selecting "or login to forum" takes me to the forums, were I log in via the top pane as usual. Then nothing happens - going back to the ladder or whatever just starts the whole process over.

Is the "Your identity..." bit supposed to appear instead of the "your email or login..." bit? I'll see if I can figure this out later. Anyway, JavaScript doesn't appear to be the culprit.

EDIT2 - Well, fiddling around with every browser setting imaginable gives me no joy, and some work with tamperdata & http live headers flags up nothing I can use. I do see some GET requests that send random numbers to cron.php that I don't understand the purpose of; they don't appear to affect the state of my cookies, so presumably this is a serverside login thing.

A right proper headscratcher, this one.

This is required in IE to prevent autoinfection by malware. Antivirus software is not a substitute.

For other webbrowsers, this is a matter of personal or corporate caution level. Proper site and web application design assumes that everything must be usable even if JavaScript is disabled, unless you explicitly document otherwise.

Reputable sites are not an exception. My current AV software is noticing a malware injector on Yahoo! Finance (which *is* a reputable site); the prior one did not.

All too true - and its very surprising how many users are either unaware of this issue or simply don't care. This isn't too say that only IE can be affected; its just that the greatest majority of browser-based exploits and malware target IE and Windows - partly due to an expected larger target yield, and partly because many malware authors think that all windows users (and IE users in particular) are lamers who deserve to get a trashed system.

Just accept all auto-updates that Windows pull down, and you will be safe. You need to find the balance between functionality and security.

As for the login issue - you're on your own. Your setup is probably non-standard enough that I can't provide any assistance here. Make sure your browser is sending bbuserid and bbsessionhash cookies to the server when requesting ladder-submit.php page. Both these cookies should be set when you log into forum.

I can't agree with you there; "security is a process, not a product" - patches only protect you from problems that have already been discovered, very often because they were used to infect machines in the wild. Disabling a service stops any and all abuses of said service, (known or unknown) dead in their tracks.

Here I agree completely; spending as much time locking down your browser than using it certainly isn't for everyone, but some of us find that stuff fun. Besides which, I find that JavaScript on the whole adds very little to my browsing experience - and if I do decide a site should have script privs, its exactly one right-click and one left-click away from getting them, temporarily or permanently as I choose.

Yeah, those cookies were sent/set in all cases. I'm not too concerned about the problem, I just have a pet hate of things I can't figure out. If anyone finds a setting or something that can fix (or break) this, do share...

Can you drop me a Private Message with the value of these cookies?

Actually no :/
Looking again, it turns out I don't have a cookie for bbuserid at all. (I must have imagined this one, after seeing my username in the requests.

I have only bbsessionhash, in addition to bblastactivity & bblastvisit.

Is this the problem? Sounds kinda likely.
You still want the value of the bbsessionhash cookie?

No, I have checked the source and I don't check bbsessionhash anymore, as there were some problems with it.

Interesting you don't have bbuserid set.

Assuming that the cookies all come from the same URL, I'm trully baffled.

Where I use whitelisting for scripts, I use blacklisting against adservers tied to corporate websites that I use; basically blocking certain images and cookies, this is all purely URL based.

Its also strange that over two system installs, and three browser setups, as well as connecting to oook before I got around to tightening my browser, this problem has always persisted. Also, when I've occasionally been here from other peoples (pretty much out of the box) Win boxes.

Any reason why an ISP might erroneously filter that cookie? Its the only thing I can think of that was mutual to all these cases.

EDIT - I'm gonna assume that not having bbuserid set is why my login times out pretty quickly, I generally have to log in again after typing one of my longer-winded posts.

Except from zero-day exploits and exploits that M$ can't patch in a timely fashion because of their proper regression testing. Fortunately, M$ has caught on to the public relations implications of letting holes intentionally go unpatched for several months; the last time this happened wsa 2005.

The new defaults on IE7 help quite a bit, but you still have to go in and disable a few services manually for non-corporate LAN system (Messenger and NetBIOS).

At some point, I'm going to have to replace the attachment-unaware email client I use as an email filter (worm programs are harmless as plain text). As for Mozilla-style vs. Opera web browsers as an exploit-killer Windows-side: We'll see, but FireFox is getting enough market share that it may already be a target.

Agreed.

Leaving the "remember me" checkbox unchecked when logging in forces this cookie to not exist. (At least, my login times out quickly then).