Garoo

For a week, because I had made changes to improve security on gayattitude, we kept receiving emails from subscribers who couldn’t log in anymore.

I couldn’t find the bug, couldn’t reproduce it on my computer, neither with Mozilla nor Explorer, even when I disabled cookies, or JavaScript, or anything. Most of those who had the problem were using the AOL interface to connect, and I hadn’t wasted time to conclude that, well, AOL being crap and all, it was too bad for them but I wasn’t going to look any deeper into it.

And then, today, I had an epiphany. I’m an AOL customer. The AOL interface is running all the time, it’s the first icon from the left on my dock. That stupid (Explorer-based, but with its inconsistencies of its own) browser is here on my computer. I can test and reproduce that bug and see what it’s about.

One hour later, here we are, the bug is fixed. (And now the site is unaccessible without cookies, which is a pity but looks inevitable. Win some, lose some.) I don’t if it was very wrong or very right, but my security update used to test the visitor’s IP address in order to verify that it was the same person who logged in. I don’t know, maybe I’m thick, but I find it logical that the same person should have the same IP. Well, looks like I shouldn’t, because it doesn’t work. When you use AOL’s included browser (which is hardly a good idea, considering how unpleasant idea, but, well…) you’re using a proxy. Okay, that’s really not original. What is (or at least to me) is that, for each page you view, you’re using a different proxy, which means your IP address, as seen from the webserver, is different.

How cute.

It seems to me that all log compilers consider that one IP address equals one unique visitor. So, beware if you have many AOL users among your readers: your statistics may be skewed by their stupid, impolite system. Damn AOL. Well, not that it’s any news.