Been looking into this and a few other issues. I believe it's all the result of the time change.
Our full backup (every two hours) didn't fire at 8AM UTC, this was definitely due to the time change, as it continued as normal at 9AM UTC (three hour gap)
The logout issue is a long explanation and I'm not 100% sure, but I believe anyone who visited the site in the hour before the time change and then also visited the site in the hour after the change would get fully logged out.
And finally, it looks like any new logins made during the hour after the time change would be temporary (they would expire after 60 minutes). They would also expire if you closed your browser or app. Now, however, the sessions should be sticking again.
The threat in mind when making that comment was the domain situation, which we have now moved on from. I don't regret the comment, but it has created a potentially dangerous situation where all logouts are viewed as a takeover.
Also users should keep in mind that they should not try too many bad passwords, or they may get silently blocked temporarily (correct password attempts denied)
Been looking into this and a few other issues. I believe it's all the result of the time change.
Our full backup (every two hours) didn't fire at 8AM UTC, this was definitely due to the time change, as it continued as normal at 9AM UTC (three hour gap)
The logout issue is a long explanation and I'm not 100% sure, but I believe anyone who visited the site in the hour before the time change and then also visited the site in the hour after the change would get fully logged out.
And finally, it looks like any new logins made during the hour after the time change would be temporary (they would expire after 60 minutes). They would also expire if you closed your browser or app. Now, however, the sessions should be sticking again.
You still recommending a bad password before logging in?
Yes, but not specifically with regards to Win.
The threat in mind when making that comment was the domain situation, which we have now moved on from. I don't regret the comment, but it has created a potentially dangerous situation where all logouts are viewed as a takeover.
Also users should keep in mind that they should not try too many bad passwords, or they may get silently blocked temporarily (correct password attempts denied)
Na, I gotcha. Didn't see a thread regarding the domain situation being corrected, but, who the hell knows anymore.
But, it was good advice to begin with so I usually throw a dummy out there at this point anyways. So, thank you for that.
Thanks very much for the long explanation Doggos! Much appreciated!