"You were logged out" after downloading an attachment due to Privacy Badger

support
#1

Logged into my site when I click on an attachment, a popup comes up and tells me that I’ve been logged out, and provides a refresh button. Clicking that or refreshing and I’m logged back in.

I can reproduce by downloading the survey pdf from this post:

Then sometimes when I navigate to the next page, or sometimes immediately after the download without any interaction I get this popup.

you_were_logged_out

Clicking refresh or reloading the page will result in being logged in again but on the home page not the page I was expecting to go to. But I’ve been seeing this for a while and it’s just slightly annoying to get these warnings that require one extra step and get me used to ignoring warnings on the site.

Here’s it in a gif:

logout%20after%20download
logout after download.gif1069×1148 523 KB

#2

Are you using any browser plugins? Any local antivirus or “protection” that would deal with downloaded files? That’d be my very first guess. Maybe try in a different browser you don’t normally use, or safe mode in your current browser.

Can you repro this on your mobile phone with wifi turned off? That would simultaneously rule out browser plugins and desktop antivirus software and any upstream networking devices in one swell foop.

1 Like
#3

I did find a warning in the console when downloading the attachment

_application-b340ff561f4deaf627006a01fbc69a9abc5cee80ab3cf0367803a94f9f22cb21.js:10740 Resource interpreted as Document but transferred with MIME type application/pdf: "https://discourse-cdn-sjc2.com/standard17/uploads/ros/original/2X/1/19bddd29016a5fbec4040bacf13ed7a6b434f168.pdf".
redirectTo @ _application-b340ff561f4deaf627006a01fbc69a9abc5cee80ab3cf0367803a94f9f22cb21.js:10740
trackClick @ _application-b340ff561f4deaf627006a01fbc69a9abc5cee80ab3cf0367803a94f9f22cb21.js:18931
(anonymous) @ _application-b340ff561f4deaf627006a01fbc69a9abc5cee80ab3cf0367803a94f9f22cb21.js:44634
dispatch @ _ember_jquery-cf9339810550f9c92505dfbb37362c58a4a8a83bcee2d99174547b01c06ed7d3.js:5198
g.handle @ _ember_jquery-cf9339810550f9c92505dfbb37362c58a4a8a83bcee2d99174547b01c06ed7d3.js:5006

But I think it’s potentially unrelated.

I isolated it to be using the EFF Privacy Badger Chrome Extension which was blocking cookies for the domain discourse.ros.org specifically.

discourse_cookies_privacy_badger

However that domain only comes up in the case that I navigate through the attachment.

Privacy badger usually doesn’t list it when browsing the site before downloading the attachment so I didn’t know it was blocking.

no_main_cookie

I’m not sure when Privacy Badger learned to flag the site. I reset it and cleared the flag and it now shows a DNT and is happy with the site by default.

dnt_discourse_ros_org

I noticed that it seems to loose the Local storage and Session storage when I download the attachment which seems odd. And this happens with Privacy Badger disabled.

cookies_before
cookies_before.png512×646 29.7 KB

vs after the download

cookies_after
cookies_after.png512×636 26.8 KB

This seems odd to me, but if it seems ok to you there’s no need to follow up. I’m happy with the results. Thanks for your time.

3 Likes
#4

Good sleuthing! Thank you, hopefully this can help others in the future. :male_detective:

2 Likes
#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.