If you got Logged out and forum is Asking for a Password Reset... That is OK.

Everyone,
Our forum hosting service (Vanilla), released a patch today (Friday, November 15th) in the afternoon (4:30pm CST) to fix a possible security vulnerability for some accounts/users.
The patch also forces the user to request a Password Reset or a New Password. This is a valid request and just follow the instructions (ask for an email to be sent to your email account on file, then click link in email and enter new password twice, save)... And you should be good to go.
It only affects some (few?) users--So, hopefully, few or none of you will be affected (I was, took a while with support to figure out what was happening).
-Bill
Our forum hosting service (Vanilla), released a patch today (Friday, November 15th) in the afternoon (4:30pm CST) to fix a possible security vulnerability for some accounts/users.
The patch also forces the user to request a Password Reset or a New Password. This is a valid request and just follow the instructions (ask for an email to be sent to your email account on file, then click link in email and enter new password twice, save)... And you should be good to go.
It only affects some (few?) users--So, hopefully, few or none of you will be affected (I was, took a while with support to figure out what was happening).
-Bill
Near San Francisco California: 3.5kWatt Grid Tied Solar power system+small backup genset
Comments
No worries. I thought at first I'd been kicked off the island. Whew!
I am always a bit paranoid when password change requests come out of the blue.
-Bill
Second system 1890W 3 × 300W No name brand poly, 3×330 Sunsolar Poly panels, Morningstar TS 60 PWM controller, no name 2000W inverter 400Ah LFP 24V nominal battery with Daly BMS, used for water pumping and day time air conditioning.
5Kw Yanmar clone single cylinder air cooled diesel generator for rare emergency charging and welding.
2.1 Kw Suntech 175 mono, Classic 200, Trace SW 4024 ( 15 years old but brand new out of sealed factory box Jan. 2015), Bogart Tri-metric, 460 Ah. 24 volt LiFePo4 battery bank. Plenty of Baja Sea of Cortez sunshine.
I have changed my password and now have had to log in every time I click onto the discussion page. I haven't even logged out. It's like I'm timing out or something. I have checked the "Keep me logged in" box from the first time I have logged in and it shows I have checked it but keeps logging me out. Anybody else???!
2.1 Kw Suntech 175 mono, Classic 200, Trace SW 4024 ( 15 years old but brand new out of sealed factory box Jan. 2015), Bogart Tri-metric, 460 Ah. 24 volt LiFePo4 battery bank. Plenty of Baja Sea of Cortez sunshine.
Clear cookies and cache, and try again?
-Bill
|| Midnight Classic 200 | 10, Evergreen 200w in a 160VOC array ||
|| VEC1093 12V Charger | Maha C401 aa/aaa Charger | SureSine | Sunsaver MPPT 15A
solar: http://tinyurl.com/LMR-Solar
gen: http://tinyurl.com/LMR-Lister ,
I did the password thing yesterday to log in, but set it to the old password. Tried to set a new one, but the reset thing keeps saying the token is expired.
Main daytime system ~4kw panels into 2xMNClassic150 370ah 48v bank 2xOutback 3548 inverter 120v + 240v autotransformer
Night system ~1kw panels into 1xMNClassic150 700ah 12v bank morningstar 300w inverter
https://forum.solar-electric.com/profile/password
Or, if you are logged off (or are having password problems) the login page has "forgot your password" link... Clicking and entering your user name (or possibly registered email address), that will send an email to your registered email address with another encoded link... Click that link, and you will get the change password screen.
If you change your password too often, or get messed up (I did, I think I got out of sync with the reset password emails... I think the link is a one time use, and if messed up, need to get another new link--I think, not sure)...
I did trip the internal security software because of the password change(s)--And I could never log in until Vanilla cleared the security alert.
-Bill
https://forum.solar-electric.com/entry/passwordrequest
-Bill
2.1 Kw Suntech 175 mono, Classic 200, Trace SW 4024 ( 15 years old but brand new out of sealed factory box Jan. 2015), Bogart Tri-metric, 460 Ah. 24 volt LiFePo4 battery bank. Plenty of Baja Sea of Cortez sunshine.
2.1 Kw Suntech 175 mono, Classic 200, Trace SW 4024 ( 15 years old but brand new out of sealed factory box Jan. 2015), Bogart Tri-metric, 460 Ah. 24 volt LiFePo4 battery bank. Plenty of Baja Sea of Cortez sunshine.
-Bill
We haven't had any reports of this nature yet, but we're checking into it.
On our side of the equation, I've flushed your community's cache in case there was a conflict there that was causing issues and I've done a quick audit of a few of your settings to make sure no automatically sign-outs had been toggled on.
I would advise your users to do the following:
1) As you suggested, clearing cache/cookies is a good first step.
2) Update any browser apps or programs they might have that auto-fill passwords. Most of these prompt the user when a password is changed, but if missed the popup, it could be causing a problem.
3) Verify that they're signed in with their new password on all devices and browsers that they user to view the forum.
4) Make sure that the 'Keep me signed in' box is checked off when signing in with the new password
You have a user reporting a "token is expired" issue. That means they already used that password reset link. For security reasons, those are one-use only. They should request a new password change email.
I'm unsure if you had a chance to see our status page since the issue on Friday, but our dev team has updated it with an incident report that details what happened: https://status.vanillaforums.com/incidents/2zdqxf3bt7mj
Let us know if your users continue to have issues. Also, don't hesitate to reach out if you have any questions or concerns about the security vulnerability that we patched on Friday!
--
Sincerely,
Vanilla Support
Check you PM mailbox (forum messages)... I sent your "on file" email address to this new persona.
Take care,
-Bill
I tried again and have NOT received the password reset info, though I get a popup saying it's been sent. I do check my 'junk mail' folder. Please pass this along to "Vanilla Support". It's a hotmail account FWIW as you have seen.
16 GC 215 amp ah battery’s
9 295 watt panels for ground mount will be installed next year
If anyone else is having problems, please feel free to create a new/temp user account and post above... And I will add it to the list. You can also PM me with a new password, and I will enter it into your old account to get you reactivated (I did this for photowhit, but have not heard back from him yet if this worked or not).
Sorry for the mess.
-Bill
To clarify the reset issue though, using the reset in post #14 I got the reset email with a token. Using that token resulted in the token expired message. I did this several times using a newly requested token each time. The token appeared to be unique for each.
Main daytime system ~4kw panels into 2xMNClassic150 370ah 48v bank 2xOutback 3548 inverter 120v + 240v autotransformer
Night system ~1kw panels into 1xMNClassic150 700ah 12v bank morningstar 300w inverter
Both those users' emails (@yahoo.com and @hotmail.com) had been set to Blocked in our system. That means at one point they marked a forum email (likely a notification) as spam, which triggers a response in our system that stops us from sending them further emails. I've removed that status from their emails, so they should be able to request the password changes now.
Let me know if you need anything else!
https://forum.solar-electric.com/profile/preferences/
As always, let me know if stuff is working again or not.
-Bill
Thanks Bill!
- Assorted other systems, pieces and to many panels in the closet to not do more projects.
Either way, I guess I've lost the account I've had here for 15 or more years.
EDIT: Looks like you might be able to re-activate my old account, Bill ?
boB
I was successful (I think) in assigning a new password for you. Check your email account, and it should be in there for your old tried and true account.
Take care,
-Bill