Jump to content

Invalid session

Lone Star 1

Recommended Posts

AOL is a rotten peice of garbage and always has been, I have dealt with people in support several years ago who had all kinds of problems with thier proxy servers. Why? Because AOL wants to keep you within the AOL environment, so actual internet connections they have suck, because they refuse to spend money on speed. This goes along with websites you see "AOL users click here," because AOL insists on reinventing the wheel for minimal bandwidth (like turning graphics into .ART inferior images instead of .JPG, this is done via the proxy for your viewing torture), along with basically destroying any hopes of a normal web browsing life. AOLs proxy server destroys almost any chance of logging into a website painlessly, again this is one I know from experience thanks to thier proxy scheme.


Money is spent on obtaining new customers, thier own support is making barely more than minimum wage. They charge the most for services yet provide the worst of it, on top of thier popup ad schemata, but as a company they were once a hot investment because of the way they treated people who fell for thier plot.


Last time I saw AOL Broadband it was 144kbit, barely faster than dual channel ISDN, the slowest broadband you could possibly sell. If its still 144 that would make my own RCN cable connection more than 30 times faster, and no screwy proxy servers or PPPoE garbage to slow that down any further either.


Your probably going to tell me how no other sites have any issues etc, I haven't had anything really odd go on here, but bandwidth costs money and nobody is getting charged for being a member here. Steve Case is leaving AOL next month, although I doubt anyone is going to fix anything, the company is projected to get worse with his departure.


Ways to be successfull in business:

* Treat your customers like crap

* Provide poor service, but make it look flashy

* Charge lots, deliver little

* Pay your own employees nothing, half of them should volunteer


I would use a modem before I'd support AOL again.


Good luck

Link to comment
Share on other sites

Guest Aaron

I have been working on computer for over 9 years, and have yet to see machine that did not have strange problems after AOL was installed. I once had a customer that let their 12 year old install AOL on one of the compters at their business. They had to pay me for 8 hours work to remove AOL so that their network would work again. The joy of the AOL software is that the uninstall does not work. The only way to completely remove it is to manually remove all references to it from the registry and find and delete all of its files.


If you have access to broadband, I suggest getting a DSL connection through your telco. In my part of the country, they are usually the best connections for the money. The cable modems have some problems, and many of the contractors that you have to let set up your connection know only enough about the computers to be dangerous.

Link to comment
Share on other sites

Yep, the AOL program installs a proprietary stack that screws up alot of software. If you do have other services available in your area they would be good to look into.


I never much liked the idea of sharing cable bandwidth, but I still get 3mbit down 1mbit up, faster than any DSL I have ever owned, even slow cable made my old DSL line look SLOW. I was paying for 384/128 and used to get 700kbit, after problems ONLY occuring on weekends they bumped me down to 384 giving me 300kbit effective throughput after I SPECIFICALLY said thats not the problem, otherwise its quite obvious the problem would not be weekends only. I'm sure other companies are better but even slow cable is FASTER, on the east coast some people have had bad luck, that is where investigating various companies comes into play.


Just like anything else, research is needed, or else its hit or miss. Maybe http://www.dslreports.com could be of some help. I was able to let my cable guy just do the TV/Phone stuff, I setup the network stuff already (just had to rename my computer and set it for DHCP).

Link to comment
Share on other sites

Sorry to say it, but I agree. If you have AOL, your SOL. I've had dial up, DSL, ADSL, and cable. By far the cable was the best. Most DSL co. will tell you "up to" this speed is possible, which I've now used 3 different ones, but none was faster then the cable connection I had, plus running a home network, which didn't seem to effect connection speed with cable. It did slow down alittle over the weekend though. Downloading a 6MB file in 16 sec. is nothing to sneeze at.

Right now I'm in the process of getting cable again, and suprisingly enough, they state "pay this much, get this much", "pay more, get more". At this time in our area one of the big cable co.(starts with a C) is having a special on combination connections. You end up paying more for the cable connection for the tv, but far less for the internet, which after doing some math, gets me a faster connection, the same channels at a $20 cheaper price compared to satelite/DSL. I called my DSL co. and told them of this and they could only bump my bill down $6 a month for the next 6 months to help me make up my mind.

As said above. A big problem with DSL is they are coming in on others lines. I just had a big problem with this in which I had a phone wire short in the attic and my phone co. came out to fix it. In doing so they screwed up the wiring for the DSL, which I then had to get the DSL co. to come out and fix my connection again, after waiting for 2 weeks. But with all the problems I've had with the 3 DSL connections I can now wire the damn thing in myself.

So, in closing, I have had the best support, connection and service from the cable providers. DSL is starting to be money hungry. Oh, and what ever you do, don't go satelite for internet. You still will end up with a dial up connection for your upload!

Link to comment
Share on other sites

AOL - there are so many reasons NOT to use it, and only one reason I can see to use it - it's plug and play.


But if you can modify a car, I'd think dealing with a phone modem, cable modem, or DSL ISP and using native networking apps in your OS (MAC or Windows, Linux, etc.) and a mail program and browser would be pretty trivial.


My dad, being 84, frugal, and pretty computer clueless, uses juno.com. They have an AOL-like "browser" that is annoying as well. But he's patient and can wait for the phone modem and the software to FINALLY give him info - I can't stand it.


BTW, for a while there were places on the net (forums, mail lists) that wouldn't accept AOL members. Mostly because of the juvenile makeup of alot of the AOL members and the BS they caused on forums, etc.

Link to comment
Share on other sites

  • Administrators

This has been hashed over many times on the PhPBB forums.

Here is a quote from one of the authors:

Note the last paragraph:


phpBB uses sessions to "track" users as they move between pages, forums, topics, etc. A session is made up of a unique 32 character session_id which identifies the current users. This value is stored in the sessions table and either a temporary (i.e. it's deleted when the browser window is closed) cookie on the users machine or if that doesn't seem to be working it's appended to all URLs.


The problem with using just a session_id is that it becomes very easy to hijack (takeover) a session. All a user need do is obtain the session_id and add it to the url as they browse the board. If the id they grab happens to be a logged in admin or moderator ... well you get the picture.


What we do to help complicate the situation is also tie the session to the users IP. Using this method someone would need to spoof an IP and obtain the session_id in order to hijack a session, not incredibly difficult but certainly harder ... and with this sort of software it's really a case of making everything harder to do, thus disuading all but the most ardent "hackers" from bothering to attempt anything.


How do we obtain this IP? We check the availability of two variables, REMOTE_ADDR and HTTP_X_FORWARDED_FOR. Firstly we check for HTTP_X_ ..., this is typically set by "nice" proxies, caches, etc. and contains "an" IP which may be the users "real" IP or some other IP. If that does not exist or it contains a private or restricted IP range (several blocks of IPs are reserved by the international bodies responsible for IP allocation) we instead use the value contained in REMOTE_ADDR. This variable typically contains the users real IP.


However, problems arise with how some ISPs operate their systems. Instead of forwarding the users real IP or indeed a different but static IP they simply make available only the IP of the proxy being browsed. The larger ISPs do not use a single proxy or cache, the load upon it and data passing through it would be far too great. Instead they use several systems in a "proxy farm" (I tend to refer to it as something containing most of those letters ... ). A user browsing the web may be switched between these machines from one page to another (to help distribute load), with the IP changing as they go.


Obviously a problem then exists in that phpBB's ability to tie a users session to a unique id and an IP fails ... because the IP is constantly changing. There are some "nice" ISPs out there that run these farms within a single "class" or block of IPs, e.g.,,, etc.


This is why in a previous release of phpBB we introduced a slightly reduced IP checking system which now checks only the first three "quads" of an IP, i.e. is checked only for 1.2.3 the 4 is discarded. Remember, that an IPv4 address is 32bits wide, this is generally presented in the form of four 8 bit numbers. By checking just the first three numbers (24bits) we neglect 8 bits or 255 (253 in practice) possible IPs ... that's 253 seperate potential proxies ... IOW enough machines for practically any ISP on the planet. However we can go further and reduce that checking to just the first "two quads", that ignores 255 * 253 IPs!


The problem is some ISPs don't arrange their IP allocation particularly well, either for historical or other reasons ... AOL is one significant culprit. So what happens is that users can jump between completely different Class A (this is a full 32bit block of IPs) networks, e.g. to, etc. This renders IP validation completely useless for such situations

Link to comment
Share on other sites

Sometimes problems were fixed for a few days at a time, by telling people to clear thier cookies and internet cache. AOLs proxying service will still cause problems from time to time, most especially with sites that require logins.


Another thing I despise about AOL, is that to get thier "internet" service to work with your website, you basically have to figure out how to make it work on your own, otherwise you have a sea of AOL customers who somehow think it is your fault that your site doesn't work. Or of course you could pay them and you can build a keyworded site that works with the AOL service, more cash for AOL. For the developers, down to the support people, AOL customers had to be around 80% of who we talked to.


I could go on and on about how many times over they are making money off thier customers, but I've probably already annoyed a few :)



Link to comment
Share on other sites

AOL has also been caught mirroring web sites on their own servers. If they see a site that gets a lot of traffic they try and mirror that site on their own servers to increase their hit count to fool advertisers. There are plenty other services out there that will provide you with better service. Do yourself a favor and get off AOL. Check out other providers, you can get more for your money. I can't support a provider who knowingly violates copywrite laws and hijacks visitors. I've caught their tech support peolple giving bad advice more times than I can count, they even caused one of my customers to reformat his drive. :x :x The only good thing I can say about AOL is that correcting the problems they've created probably paid for my LT1 and T56 :D


- Joe

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...