The HTTP versus HTTPS (secure) issue was resolved a few years ago, so should not be influential upon Ted's latest upgrade. I wonder if some folk have existing passwords that do no meet modern password requirements/protocol?

Most modern passwords require a combination of letters, numbers, a CAPITAL here & there, and a wild card, like a ! or a ?.

Just my thoughts.

Rob

Another different tech project went awry and I didn't have time last night to dig in. (Due to unexpected trouble, I had to research, install, configure, and document instructions for staff on a new camera video recording software before the next business day started!)

But I've looked through things now. Your account looks just like mine with a few customized differences in message sending preferences. And admin things, of course. So nothing odd there.

Following along with your description, I can't quite duplicate what you describe.

I sent a reset password link to myself and changed the password (to one suggested by Chrome). And that worked and I could log in after that. But once I logged in, that link from the change-password email no longer would let me reset a password. (I could open it but it throws a link invalid error if I re-reset the password.) So the change password link, in my test, seems to be a one-time use. If it let you in without an additional user/pass prompt, I think you had a Firefox running somewhere that held your cookies/credentials in memory to allow you to be logged into the site. But if that was the case then the usual login main page at https://vb.taylorcraft.org should have let you in.

If my guess above is right, it would still be letting you in through the settings page as you describe. But it should be necessary to go that path.

In summary, I'm not sure, I can't quite duplicate it. Is it still happening for your account or are you able to log in through the main page since then?
​

Ted,
Thanks for looking into this. It really seems to be an HTTP: vs HTTPS: thing and I am suspecting it is a firefox "we know better than you how to secure your browser" thing.
I have set a direct bookmark to https://vb.taylorcraft.org and that works normally and correctly. keeps me logged in between sessions. So I am basically back up and operating.

Just for the record, here are some things I am trying.

I am running on Fedora 39 linux with firefox 122.0 and I know that firefox is implementing a lot of "stop using http and we will try to make you do it" sorts of things and I wonder if I am running afoul of one of them.

When I go to https://www.taylorcraft.org it goes correctly to the main page for the taylorcraft foundation.
The link to the forum on the middle of the page still sends me to http://vb.taylorcraft.org and to the page saying I am not logged in and I should reset my password and it doesn''t work and I am stuck there.
Firefox has an option under settings->privacy to encourage folks to use https. It can be turned on to turn all http: links into https: links. I had this disabled for some old historical reason. So I enabled it and firefox upgraded the link from http://vb.taylorcraft.org to https://vb.taylorcraft.org and everything worked perfectly. There's the forum. I'm logged in.

Here's an experiment that really makes my think it is something in my firefox. I have a copy of google chromium on the machine for a few limited things as well as my normal firefox.
Running chromium and going to https://ww.taylorcraft.org works as expected and I was asked and able to login. Expected, as I have never logged into vb.tayloraft.org from chromium. it Did update the http: to https: in the link on the foundation page. I restarted chromium, and typed http://vb.taylorcraft.org. It did not upgrade the http to https, it did send me to the login page and the login and my password worked (unlike the same experiment on firefox) and I was logged in. So with chromium everything works even when I force the http. Only my firefox gives the problem.

Back in firefox, if I use https:vb.taylorcraft.org everything still works fine. If I use http://vb.taylorcraft.org I go to the login page, but unlike in chromium my password is refused and I am stuck as before.
So I think your guess is good Firefox clearly keeps my login credentials active somehow as I have never had to log in when I visit the site.
But I am really starting to believe that I am running afoul of some hidden firefox feature that doesn't keep the login cookies or whatever and doesn't want to send passwords for an http site and thus it isn't on your end.
I'll keep playing and I will let you know if I find anything here. But as everything works fine as long as I don't use the http on the foundation page, it is mostly nagging academic interest.

Thanks for all the effort. I really do appreciate it.
Skip

And an update.
I am logged in on a different machine with a new clean installation of fedora 39 as a user other than on my normal desktop who has never touched the taylorcraft site. So this is about as new and pristine as I can be.
I go to www.taylorcraft.org and see that the link has been updated to https. It lets me into the login page and my name and password get me in properly (obviously as I am typing from this new machine)

When I explicitly go to http://vb.taylorcraft.org as on my normal desktop, it sends me to the login page, refuses my password, and I am stuck. So my many year old desktop and a new pristine installation both show the same behavior.
So this is definitely some weird mechanism in firefox and not some bug on your end.

Of course now I will have to dig into firefox and discover what it is doing, but that's another story.

Let's mark this one as (mostly) solved. It may just need a note for firefox users that if you stumble across an HTTP: URL then here there be dragons.
Thanks again.
Skip

Jeeze! tracking down that excessive mag drop on the C-85 was child's play compared to this stuff...
Skip

Hi Skip,
I use Firefox for my access to this site,and have done so for many years, and I've not had a problem at all, even after Ted's system upgrade.
I wonder if it's due to poor password security? This day & age, passwords rightly need to have a combination of numbers, letters [including Capitals] and wildcards (like % or ! or ^) .

Just a thought.
Rob
p.s. See you again in Utah some time!

ha! Yeah, tech rabbit holes can go on forever and yet never be discovered what nuance is the cause. Even as a full time tech worker, I have a fair list of things I'd like to figure-out-why some day but just settle with working around the symptoms.

As far as I can tell, everything now is https. Or should forward to https. I triple-checked the opening page on https://www.taylorcraft.org and the links are showing as https to VB site.

We'll have to be content with blaming something in your firefox then.

Cheers.