Log in System changes (WLPC system)


Spoiler: For now, you can still use your user name to log in despite what the form says.

We’re making some changes to the log in system. We’re phasing out user names in favour of email addresses. This change started actually three years ago.

Previously, the system accepted only user names for log in.

The first change was to allow email addresses. At the time we changed the label on the login system to add ‘(or email)’.

The second change was to give priority to email addresses by changing the label to ‘Email (or username), with the username in smaller type.

Now, with the current step, we’re strongly encouraging everybody to stick to emails only (even though usernames are still acceptable) by changing the label to ‘Email’ only and changing the form’s type to ’email’. The type change will mean that password managers will prompt for new credentials. Update: Never realized that some browsers wouldn’t allow you to use the old user name in an ’email’ field. The form now is back to ‘text’ instead of ’email’.

The main reason for this change is that having user names and email addresses is complicating the cross-site login system (WLPC login) and causing problems.

The source of these problems is that we had user databases for each of our sites before implementing the WLPC system. Many users had accounts on Storiesonline and Finestories.

When implementing the WLPC system across our sites, we didn’t wipe any site’s database. We kept all accounts.

The WLPC system tries to match accounts from different sites and synchronize the data. When a user tries to use Storiesonline’s id to log in to Finestories or to the Clitorides Awards site, the system looks to see if the user’s email address exists before trying to create a local record for this user. Sometime, if they have already created accounts on those sites, there would be conflict on the site with if the user used a different email address with the same user name or some other user used the same user name as the one from the other site. Complicated to say the least.

To minimize the possibility of such conflicts, we must eliminate as many conflict points as possible. Since everybody is required to have an email address in the system, a user name becomes redundant. Redundant values are the best candidates for elimination.

So as of today, the log in system will ask for your email address, but will accept your pre-existing user name.

At some point in the future, we’ll make the announcement that usernames are not to be used on Storiesonline and Finestories anymore. The clitorides awards site doesn’t have this problem as it started out without using user names at all.

So, the best thing you can do is make sure that your email address is up to date and start using it from now on to log in instead of your username.

Sorry for any inconvenience.


Update: Since this turned out to be more complex than a simple change on the form, I’ve set a deadline for the change. As of 2015-01-01 (more than four months from now), email addresses will be mandatory for logging in.

I’ve removed the ‘User Name’ field from the ‘My Account’ page to minimize confusion.

The notification will stay posted on the site until the deadline. It’s visible on all pages.


25 responses to “Log in System changes (WLPC system)”

  1. you need to change the size of the name field. Max 20 characters now. “whatsizname@gmail.com” gets truncated to “whatsizname@gmail.co” which is NOT recognized as a valid email address.

    • You’re not supposed to put your email address in the user name field. Just make sure that your email address in the database is up to date and you have access to it.

      I’ve removed the ‘User Name’ field from the ‘My Account’ page to minimize confusion.

  2. My email is listed as ‘alternate email’ because my previous isp is defunct.
    Will this cause problems?

    • The alternate email can’t be used for logging in and can’t be use to reset your password if you need to.

      So try to replace your account’s email address with your alternate one (after you delete the alternate entry).

  3. Just an FYI, a valid email address can be up to 256 characters long, with the user name being 64 characters in length, the domain may be up to 253 characters in length. I have yet to see any email validation system actually reference the RFC…

    • I am aware of the mail specifications, but there are practical reasons email validation puts limits.

      Have you actually ever seen a 100 characters email address, let alone 256 characters one?

  4. It may be worthwhile commenting on when email address is published or shared, and how the change affects that.

    As email addresses for many are not unique to SOL and there are obvious concerns for some in tying them to an adult site.

    • Since we don’t publish or share any data with anybody else, and we don’t publicly display email addresses on the site, this is not a concern.

      From the start of the site, we’ve kind of realized that no one wants to be visible on a mostly adult oriented site and our policies have always been to be as discreet as possible.

  5. I understand why you want to get rid of user names.

    grumble … signing in with email is a lot slower because my user name has 8 characters, my email has 20 characters … egrumble

    That feels better

    Ian

  6. I’d too like to grumble quietly, that my email address is a lot longer to type than my user name. It’s more of a pain on my tablet PC (which often seems to forget who I am, (Chrome on Android)).

    But I can understand why this is changing. Thanks for a wonderful site.

  7. I was a bit confused by a post by Ian. He started off with grumble…… Seeing that my name is Ian and my user name is grumble I was wondering when I had posted it lol.

    Most browsers have an automatic fill in capacity and will remember login details so this change should not be more than a temporary inconvenience.

  8. A bit under 24 hours ago, storiesonline starts ignoring my cookies for the site on lynx (my preferred text browser). Attempting to login resulted in being returned to the homepage an an unauthenticated user most of the time. Occasionally, the system returns a message saying that my login information was correct but my browser was not accepting cookies. The bit about the cookies is not correct, the website never attempted to update the cookies on lynx. I don’t know if my pushing Log in to ID Server from my finestories a few hours earlier causes this problem… My login details on both sites are identical.

    • Double check your settings. The log in page and its algorithms for setting cookies haven’t changed in a few months. So if this is new, then it’s on your end.

      • I did a little experiment with w3m. It complaints numerous times on invalid cookies claiming they were against some RFC. I didn’t know there are RFC governing cookies… I am guessing that lynx silently dropped these cookies. Anyway, even after I accepted all the “invalid” cookies in w3m, I still landed back on the homepage as an unauthenticated user. Now the interesting twist, after I massage the format of the resulted invalid cookies from w3m and inject them into lynx, I can login as an authenticated user,

        • The site’s cookies are set with PHP’s standard ‘setcookie()’ function. If they fail on lynx, then as far as I’m concerned, lynx is broken.

          Out of curiosity, what is the problem with the current cookies?

          • w3m rejects the cookies with the this message: “This cookie was rejected to prevent security violation. [RFC 2109 4.3.2 rule 3]”. It seems lynx just dropped them. I only translate the cookies from the w3m format into the lynx format to get it accepted in lynx.

          • Security violation!

            I guess lynx and w3m don’t like the dot ‘.’ at the beginning of the cookies’ domain.

            The dot is fairly recent development (last 5 years), I guess lynx and w3m need an update to handle it properly.

  9. What needs fixing now is “Remember me on this computer” on the log-in screen.

    It hasn’t worked in quite some time.

    • This functionality hasn’t changed in quite a long time. The difference between logging in with and without checking that box is that, when you check it, the site sets a long term cookie vs a session only cookie if the box is unchecked.

      If you’re checking the box and then when you come back later you have to log in again, that means that something is deleting the site’s cookies from your browser when you leave. Check your browser’s settings and your security software’s settings.

  10. Over on Finestories, username no longer works, it already has to be email. Is this intentional ?

    • It’s not exactly true. If your browser allows you to enter a non-email word, the site will accept it and use it as a user name.

      But, yes, we did change FS’s form to ’email’ instead of ‘text’ for acceptable type.

  11. Changing everything so that you have email addresses is fine but here is something nobody thought about. You had everyone change over to WLPC on SOL and now you have to redo your login on
    Fine stories and it tells you that that email is in use. for me its not a problem but there are many people out here that only have 1 email address, and if your reading a series on fine stories there is a problem because you cannot log in. As a question how can this problem be resolved ????????