RRW Website Download and Login Bug

[nhillebran]

There seems to be a bug in the RRW website.  I first noticed this last night.  I know after an hour the cookie expires so a person is automatically logged out.  When I go to click on a download  it brings me to the login page.  Normally, that's not an issue.  However, I can't download that particular product.

Once I click on a particular download after the time has expired (i.e. the one hour), I'm brought to the login page.  I login again and do my search as I had previously done.  I then go to click on that product to download it and I get taken back to the login page.  Why?  It seems as if once you click on that product after the login time you get stuck in that login page loop.  Granted, I can click on any other product in the search results and download it.  Just that one product that is clicked on. The only remedy is to clear my browser's cache and cookies.  This isn't tied to any one browser.  I've experienced this in Fiefox, Opera, and Google Chrome.

It's exceedinly annoying having to keep clearing my cache and cookies.  The time does expire because there are times I'm downloading multiple products.  There are times when a product is 152MB+ in size.  That can take a while to download.

[snginc]

I don't think it's a bug (the having to clear your cache), it has to do with security for the membership.    When the website was hacked a few years ago, certain protections were put in place.  This is the result of those protective measures.

[nhillebran]

I can totally understand the desire to have security on a website such as this.  With so much PLR content, I have no doubt that's a treasure trove for nefarious people to try to download as much as they can as quick as they can.  As a web developer, I fully understand the concept of security, including expiring cookies (i.e. automatically logged out after being idle for so long). However, what complete escapes me is the concept of requiring an end user to completely clear their cache to be able to continue downloading a file.  Having to log back in after being idle is understandbale.  But preventing a person from downloading whatever file they were attempting to download prior to the login page, to me, is just completely nonsensical.

From a security standpoint, there's a lot of things that can be done on the back end to not inconvience the end user.  The first thing that comes to mind is the use of a CDN such as Cloudflare, which is free.  The forums could be security in the same way as well as with various anti-spam plugins (e.g. Stop Forum Spam).