The signout issue seems to be resolved and it unintentionally having become a session cookie would indeed explain the phenomenon. Thanks for the quick fix, Fluxflashor!
Regarding the third party cookies, I understand how they work even though I do not agree with them whatsoever. It is quite unfortunate how most of the internet is driven by them nowadays.
Anyways, everything seems to be back to normal again now which makes me happy, so kudos! 👍
Glad to hear it!
And yeah, third party cookies suck and are an unfortunate necessity on the modern web.
-I tried loggin in but was prompted to verified account, and was send a link (1st email) -open email, verified and tried loggin again -was prompted with an other verification (2nd email) -opened email, re-verified and then tried loggin in again - (one more repeat of the very same steps, with a separate 3rd email for verification) -verified account, then successfully loggin -left the web page, came back a bit later, still needed to loggin upon return, then again later, but from a different computer
Hope this helps
Could you forward me all the verification emails to "[email protected]". Thanks!
Curious about re-re-re-verifications though. I haven't been able to replicate that with the first verification working without issue. I do know after verification you'll need to sign-in again though. If there are any sign-outs after you've been verified, that's definitely not intentional!
Out of curiosity, did anyone take a "while" to go click on their verification link?
I was under the impression that I was getting it done too fast, as the 3 verifications emails I received were all within the same 2 minutes. And upon login later on from home, I was prompted to sign-in, and again this morning, returning to work, had to do it again; not a huge deal, but not like usual either.
I've figured out the issue with the signouts and that should now be resolved. It'll require everyone to login again but functionality should be restored to what it originally was once that happens. Behind the scenes we used to do a "remember me" with our session cookies, this wasn't the case after the deploy yesterday so now we're back to remembering everyone again as a default.
Did you, on the verification page, load the page once and receive three different emails? If you can remember, if you can walk me through your login and verification process that'd be great.
Not sure what is going on since yesterday, but here are some of my initial observations:
This site is using a lot of cookies, while I am typing this apparently 111 cookies taking up 44MB
Cookies seem to be "cleared" and recreated with every page visit
Every time I close my Google Chrome browser app (Android), reopening the app afterwards I have to sign in again on this site
I did not change any browser settings on my side since yesterday.
Are you now using a different type of cookies with very short expiry perhaps?
The vast majority of the cookies that are set are from ad networks. It wouldn't surprise me if they change often or get wiped out when they no longer matter. That's not something that I have any control over, nor should that be causing issues. Out of Cards itself only uses a handful of cookies, which are used for site preferences and some cache stuff.
It does appear that our account session cookie though was incorrectly set to "Session", which means your browser would forget it when it is closed. A deploy is currently going out to revert that unintentional change.
Just tried with a different smartphone and same signout issue experienced. Now I am 100% sure that the cause is serverside. Any clues so far or perhaps close to a potential fix, Fluxflashor?
Side question, why use so many cookies? I cannot imagine which useful purpose they might serve? Most of them are probably coming from the ads. Actually, I am pretty sure about this as well because performing the same login test in incognito mode shows a very different amount of cookies in use.
Advertisers use cookies to try and deliver more tailored ads towards you.
While that page isn't going to be the full answer, because Google's ad network is only one piece of the puzzle with who gets to serve ads on the site, everyone else is doing the same stuff.
For me it worked ok. But i managed to circumvent the cloudflare check, and logged in through the dolphin browser on android (validated the email on firefox), which was impossible before (due to the infinite checking loop).
The cloudflare check is currently disabled which is why you were able to get through.
I still don't know what causes the issue, but there are other people online who have it. Typically from what I've seen it's out of date browsers or browsers that are very niche that can't reliably get by the challenge. That and potentially combined by a geolocation could cause Cloudflare to think you're not human.
I disabled it though due to some improvements we have to protect against bot users. Not going to talk about them for obvious reasons, but if it ends up working out, that'd be a plus for the few folks who were having problems.
Curious about re-re-re-verifications though. I haven't been able to replicate that with the first verification working without issue. I do know after verification you'll need to sign-in again though. If there are any sign-outs after you've been verified, that's definitely not intentional!
Out of curiosity, did anyone take a "while" to go click on their verification link?
Known issue that we've got outdated older cards. There are thousands of cards that need to be rendered again to get their correct Undead or dual-tribe tags after Blizzard's update. It's a process and it's slowly being worked on. We also don't have dual-tribe support in the database at all, so cards can't be filtered if they have two tribes.
A change went out to remove colors from content. We've been having trouble with spam bots making use of colors to cleverly hide content.
The current plan is to bring colors back initially as a premium feature, so we can rest assured they will not be abused, with us potentially making colors available for "trusted" community members in the future once a system is in place to make that actually a thing.
Yeah, Blizzard killed Hearthstone esports for the big Overwatch League and Call of Duty League payday. Absolutely disgusting move by the finance department. Now the numbers are down and you know for a fact that there's some dude looking only at the numbers and thinks that axing the entire program is the right business play. I don't think that would happen, but I'm certain they are looking to cut costs on "failing" esports programs, even though esports are supposed to be a money pit in the marketing budget.
And if they don't jump ship, they could do more to push the event to players. Why Hearthstone itself doesn't have something in-game to promote it (and getting free packs when it does work) is beyond me. They should have been able to make development time at this point for the largest event of the year.
Went ahead and deleted the Brann tweet because it seemed like it was hurting more than it was helping. Never intended to bait people. Just wanted to reassure that we see the Brann conversation, and that he will 99.9% not be sticking around in Core for next year.
A balance patch is coming and outliers will be addressed. Choosing not to rotate Brann early doesn't mean we are ok with the state of certain things, and we're discussing solutions for a number of areas now.
Just to be clear, if he goes on vacation it would most likely be when the core set rotation happens with the first set release of next year. I don't want to get any hopes up for something sooner.
Thanks! Pushing out an update to fix references to this.
Clues were up yesterday afternoon so we're extending the event a few days to give everyone extra time to get Week 5 completed.
January 17 is the new end date.
Issue should be resolved.
Borders do disappear after premium expires =)
The weather was quite tame this year!
Yeah there won't be anymore as far as I'm aware.
Thanks!
I've made some changes that might have solved the issue. We'll have to wait and see if anyone else ends up with multiple confirmations.
Glad to hear it!
And yeah, third party cookies suck and are an unfortunate necessity on the modern web.
Could you forward me all the verification emails to "[email protected]". Thanks!
I've figured out the issue with the signouts and that should now be resolved. It'll require everyone to login again but functionality should be restored to what it originally was once that happens. Behind the scenes we used to do a "remember me" with our session cookies, this wasn't the case after the deploy yesterday so now we're back to remembering everyone again as a default.
Did you, on the verification page, load the page once and receive three different emails? If you can remember, if you can walk me through your login and verification process that'd be great.
The vast majority of the cookies that are set are from ad networks. It wouldn't surprise me if they change often or get wiped out when they no longer matter. That's not something that I have any control over, nor should that be causing issues. Out of Cards itself only uses a handful of cookies, which are used for site preferences and some cache stuff.
It does appear that our account session cookie though was incorrectly set to "Session", which means your browser would forget it when it is closed. A deploy is currently going out to revert that unintentional change.
Advertisers use cookies to try and deliver more tailored ads towards you.
Google's AdSense page has a bit more info on this if you're interested! https://support.google.com/adsense/answer/7549925?hl=en
While that page isn't going to be the full answer, because Google's ad network is only one piece of the puzzle with who gets to serve ads on the site, everyone else is doing the same stuff.
The cloudflare check is currently disabled which is why you were able to get through.
I still don't know what causes the issue, but there are other people online who have it. Typically from what I've seen it's out of date browsers or browsers that are very niche that can't reliably get by the challenge. That and potentially combined by a geolocation could cause Cloudflare to think you're not human.
I disabled it though due to some improvements we have to protect against bot users. Not going to talk about them for obvious reasons, but if it ends up working out, that'd be a plus for the few folks who were having problems.
There should have only been one initial sign-out.
Curious about re-re-re-verifications though. I haven't been able to replicate that with the first verification working without issue. I do know after verification you'll need to sign-in again though. If there are any sign-outs after you've been verified, that's definitely not intentional!
Out of curiosity, did anyone take a "while" to go click on their verification link?
Generally speaking, its frowned upon. You should move the copy over here if you made it to share with the community!
More info on this coming in a couple of days =)
Known issue that we've got outdated older cards. There are thousands of cards that need to be rendered again to get their correct Undead or dual-tribe tags after Blizzard's update. It's a process and it's slowly being worked on. We also don't have dual-tribe support in the database at all, so cards can't be filtered if they have two tribes.
A change went out to remove colors from content. We've been having trouble with spam bots making use of colors to cleverly hide content.
The current plan is to bring colors back initially as a premium feature, so we can rest assured they will not be abused, with us potentially making colors available for "trusted" community members in the future once a system is in place to make that actually a thing.
Sorry for the inconvenience.
Yeah, Blizzard killed Hearthstone esports for the big Overwatch League and Call of Duty League payday. Absolutely disgusting move by the finance department. Now the numbers are down and you know for a fact that there's some dude looking only at the numbers and thinks that axing the entire program is the right business play. I don't think that would happen, but I'm certain they are looking to cut costs on "failing" esports programs, even though esports are supposed to be a money pit in the marketing budget.
And if they don't jump ship, they could do more to push the event to players. Why Hearthstone itself doesn't have something in-game to promote it (and getting free packs when it does work) is beyond me. They should have been able to make development time at this point for the largest event of the year.
Update 2
Thanks for that, updating our post!
Update: Maybe not