"You were logged out" after downloading an attachment due to Privacy Badger

Logged into my site when I click on an attachment, a popup comes up and tells me that I’ve been logged out, and provides a refresh button. Clicking that or refreshing and I’m logged back in.

I can reproduce by downloading the survey pdf from this post:

Then sometimes when I navigate to the next page, or sometimes immediately after the download without any interaction I get this popup.

you_were_logged_out

Clicking refresh or reloading the page will result in being logged in again but on the home page not the page I was expecting to go to. But I’ve been seeing this for a while and it’s just slightly annoying to get these warnings that require one extra step and get me used to ignoring warnings on the site.

Here’s it in a gif:

Are you using any browser plugins? Any local antivirus or “protection” that would deal with downloaded files? That’d be my very first guess. Maybe try in a different browser you don’t normally use, or safe mode in your current browser.

Can you repro this on your mobile phone with wifi turned off? That would simultaneously rule out browser plugins and desktop antivirus software and any upstream networking devices in one swell foop.

1 Like

I did find a warning in the console when downloading the attachment

_application-b340ff561f4deaf627006a01fbc69a9abc5cee80ab3cf0367803a94f9f22cb21.js:10740 Resource interpreted as Document but transferred with MIME type application/pdf: "https://discourse-cdn-sjc2.com/standard17/uploads/ros/original/2X/1/19bddd29016a5fbec4040bacf13ed7a6b434f168.pdf".
redirectTo @ _application-b340ff561f4deaf627006a01fbc69a9abc5cee80ab3cf0367803a94f9f22cb21.js:10740
trackClick @ _application-b340ff561f4deaf627006a01fbc69a9abc5cee80ab3cf0367803a94f9f22cb21.js:18931
(anonymous) @ _application-b340ff561f4deaf627006a01fbc69a9abc5cee80ab3cf0367803a94f9f22cb21.js:44634
dispatch @ _ember_jquery-cf9339810550f9c92505dfbb37362c58a4a8a83bcee2d99174547b01c06ed7d3.js:5198
g.handle @ _ember_jquery-cf9339810550f9c92505dfbb37362c58a4a8a83bcee2d99174547b01c06ed7d3.js:5006

But I think it’s potentially unrelated.

I isolated it to be using the EFF Privacy Badger Chrome Extension which was blocking cookies for the domain discourse.ros.org specifically.

discourse_cookies_privacy_badger

However that domain only comes up in the case that I navigate through the attachment.

Privacy badger usually doesn’t list it when browsing the site before downloading the attachment so I didn’t know it was blocking.

no_main_cookie

I’m not sure when Privacy Badger learned to flag the site. I reset it and cleared the flag and it now shows a DNT and is happy with the site by default.

dnt_discourse_ros_org

I noticed that it seems to loose the Local storage and Session storage when I download the attachment which seems odd. And this happens with Privacy Badger disabled.

vs after the download

This seems odd to me, but if it seems ok to you there’s no need to follow up. I’m happy with the results. Thanks for your time.

3 Likes

Good sleuthing! Thank you, hopefully this can help others in the future. :male_detective:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.