Home › Forums › Community Forum › Registration Link Expiring
Tagged: expiring links fix
This topic contains 16 replies, has 5 voices. Last updated by Foliovision 3 years, 11 months ago.
Topic Author | Topic |
---|---|
Posted: Saturday Jan 5th, 2013 at 12:47 am #36215 | |
|
|
Hello. I am having a problem with customers who do not click the registration link right away getting the error message that their link has expired. In another closed topic about this same issue Eduan said: “If the link didn’t really expire, because the time limit you gave the link hasn’t passed, and yet it gives this error.” This implies that I have given the link a time limit. I had no idea this was an option. Thus, it must be set to a default. How do I adjust this? Thanks so much! |
List Of Topic Replies
Author | Replies |
---|---|
Author | Replies |
Posted: Saturday Jan 5th, 2013 at 3:53 pm #36318 | |
|
|
Hello Erin, Does the problem happen right away? In other words, do they get a “link expired” message as soon as they check their email? Or does it work as expected and only works a certain amount of time (of which I’m not sure how much it is)? – Eduan |
|
Posted: Saturday Jan 5th, 2013 at 3:58 pm #36320 | |
|
|
The link works initially, but then expires very quickly. It might be valid for 24 hours, but not sure. I need to extend that to at lest 48 hours or longer. |
|
Posted: Monday Jan 7th, 2013 at 5:35 am #36435 | |
|
|
Erin, can you try another URL shortening service? [hilite path]Dashboard -› s2Member® -› General Options -› URL Shortening Service[/hilite] |
|
Posted: Thursday Jan 10th, 2013 at 3:32 pm #36880 | |
|
|
Hello Cristian and everybody with expiring links, since there is no option to buy a real gift membership for the site (but I read many threads on this forum, that it’s coming in next major release – however these are all closed), we told our customers to just buy the membership and then send the welcome email to whoever needs to get the gift. However these links expire quite often. And it’s actually not tinyurl failing, the error message appears on the site when they click the link in email: “Your Link Expired: If you could make sure these Gift certificates get implemented on time, it would solve two issues at once. So – I tried to look into wp-content/plugins/s2member/includes/classes/register-in.inc.php as that’s there the message appears. And there it is – 2 day limit on the registration URL:
So this is designed that way. It would be good if this would be documented in the s2Member PayPal options and button screens. There is only a mention that the “Specific Post/Page Access” links become invalid in 72 hours, but not that each registration expires like that. It’s not true that the links don’t expire in s2Member. Or is there some strange coincidence? Here’s the gift button code if it helps – perhaps this is the only kind which expires in 72 hours?:
Fix – I added this into mu-plugins/s2hacks.php, there should be less complains now.
I’m not sure if anybody figured this out in the past – could you please make sure that findings like this go into the s2Member plugin settings screens, so that people don’t wonder why the registration links expire. Thanks,
|
|
Posted: Friday Jan 11th, 2013 at 9:48 am #37004 | |
|
|
Hello Cristián and everybody at s2, also one simple additional question – why do these links have to expire at all? I assume the same link can’t be used for registration twice. Or is that just a precaution? Thanks, |
|
Posted: Saturday Jan 12th, 2013 at 2:07 pm #37150 | |
|
|
Thanks for the tip(s) Martin. I believe they expire only for precaution, security in other words. :) – Eduan |
|
Posted: Saturday Jan 12th, 2013 at 3:30 pm #37169 | |
|
|
Thanks for the heads up on this thread :-)Yes, that is correct. It’s simply an additional line of defense. A registration link contains a Paid Subscr. ID (encrypted in the link itself), which s2Member will ONLY allow ONE paid registration with. If the link is used by a customer, it cannot be used again to perform another paid registration where someone obtains paid access. |
|
Posted: Wednesday Jan 16th, 2013 at 10:51 am #37752 | |
|
|
Hello Jason, thanks for stopping by. We are still getting these warnings. I added some notification code into the includes/classes/register-in.inc.php files, so I know which conditional statement fails. So next time a client complains about not being able to use the registration link, we know what happened: 1. This one fails most often:
It’s not clear what the functions in the condition do. Could you please let us know if that’s a proper check if somebody is trying to register twice, or what could it be? I can see around 5 different PayPal I-S6… keys in 20 of my notifications. So it appears the same person tries multiple times before giving up. Is that come issue with cookies? 2. This one also failed a few times:
I have a var_dump kind of statement in my email notification and it reports that $register is NULL. Seems like the GET parameter in the registration link was not decoded properly. Perhaps it was messed up by tinyurl? The ultimate goal here would be to provide better messages to clients I think. Like “Please check if you have Cookies enabled”, or “Please check if the link opened in its full length from email” – although if should, since you use tinyurl for that. Thanks, |
|
Posted: Wednesday Jan 16th, 2013 at 11:22 am #37765 | |
|
|
Hello Jason, 1. I checked all the 10 people which had these issues – all of them appear to be registered properly. I will double check if we registered any of them by hand. So perhaps we can disregard these warnings, but it would be nice to know what’s going on and what that check is doing. Thanks, |
|
Posted: Thursday Jan 17th, 2013 at 3:32 pm #37928 | |
|
|
Thanks for the follow-up :-)Just to clarify in this thread. Registration Access Links self-expire as an additional line of defense (i.e. this tightens security, it’s NOT the only line of defense). Typically, a customer completes checkout and is sent a Registration Access Link via email. That link is good for 2 days (48 hours) by default. This is a scenario that is repeated many times in the free version of s2Member®, where PayPal Buttons have been integrated as opposed to s2Member® Pro Forms, which do NOT use Registration Access Links at all (the process is smoother for a customer). Having two full days to click a link granting you access to something that you just paid money for, and have not received yet, is usually enough for a customer. In situations where it’s not enough, for any reason, a customer may contact you about this, and it would be a good idea to generate a new Registration Access Link for them from the Dashboard. See: Dashboard -› s2Member® -› PayPal® Buttons -› Registration Access Links
Or, if you would like to increase this time frame, please use the Filter that s2Member exposes.
ws_plugin__s2member_register_link_exp_time How To Increase This Time FramePlease create this directory and file:
(NOTE: these are MUST USE plugins, see: http://codex.wordpress.org/Must_Use_Plugins)
|
|
Posted: Thursday Jan 17th, 2013 at 3:56 pm #37931 | |
|
|
@Foliovision
That’s interesting. This has never been brought up before that I remember. I’m not aware of any issues with s2Member’s handling of this scenario. However, s2Member’s cookies are encrypted using your s2Member Security Encryption Key. So changing your Key could result in lots of issues like you’re describing. See: Dashboard -› s2Member® -› General Options -› Security Encryption Key On the other hand, seeing errors here would not be that uncommon (if there is a logging routine attached to it). Some users will have expired Registration Access Links, and so s2Member is just doing it’s job.
Well if you’re suspicious there is a problem with the embedded tinyURL, try generating a Registration Access Link for yourself from the Dashboard. Click it, and watch where you land (in the address bar of your browser). Look at the query string in the final URL. Is everything there? I don’t see why it wouldn’t be :-) It actually sounds to me like your server is excluding certain values from the query string. I’ve seen this occur on servers that use Mod Security. You might want to have a look at this article. See: Knowledge Base » Mod Security, Random 503/403 Errors. Mod Security (or another security app on your server perhaps), might be stripping query string values from the HTTP request because it thinks they look suspicious. Testing a Registration Access Link for yourself and doing some debugging with this should tell you. Please let us know if you stumble onto a bug. I’ve been unable to reproduce this in our lab though. Please let us know if problems persist :-) |
|
Posted: Thursday Jan 17th, 2013 at 4:01 pm #37932 | |
|
|
How To Customize The 503 Error Message, Should A Link ExpirePlease see this post: http://www.s2member.com/forums/topic/registration-link-expiring/#post-37928 |
|
Posted: Friday Jan 18th, 2013 at 6:52 am #38019 | |
|
|
Hello Jason,
There is actually no key in our settings. It says: “Security Encryption Key ( optional, for tighter security )”
I tested some of these tinyURL links already and they worked. We actually received no complains about these two scenarios. I’m wondering if some users might run some antivirus software in their mailboxes and this software could be clicking these links and perhaps messing them up a bit. But I’m not an expert in antiviruses, so it’s just an idea. Thanks, |
|
Posted: Sunday Jan 20th, 2013 at 12:39 pm #38424 | |
|
|
Thanks for the follow-up :-)
I would log the |
|
Posted: Monday Jan 21st, 2013 at 1:14 pm #38595 | |
|
|
Hello Jason, good idea! I added it, I will stop by if I notice anything weird. Thanks, |
|
Posted: Thursday Jan 24th, 2013 at 11:25 am #39416 | |
|
|
Hello Jason and everybody, I checked my logs after a couple of days. 1. Regarding the first check which fails often and seems to be related to Security Encryption Key or cookies:
Most of the time, it happens for user agents like Apache-HttpClient/4.0.1 (java 1.5) or similar. Or this one contains McAfee in it: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; AskTbAD4/5.12.2.16749; McAfee) We also got no client complains, so it really looks like just scripts. 2. Regarding the other one which looks like a problem with tiny URL:
We got 4 of these errors since I added the extra log. Unfortunately, there is no HTTP_REFERER in $_SERVER. However we can see the cookies and the one for Google Analytics (if I’m not mistaken) often contains strings like utmcsr=facebook.com. This applies to 2 errors, then there is one more with McAfee again and one more with 'HTTP_VIA' => '1.1 ng........tmof.in.telstra.com.au:3128' which looks like some kind of weird proxy. So it looks like some people share the link on Facebook and some of them user some antivirus which triggers the links. It should be fine. Thanks, |
This topic is closed to new replies. Topics with no replies for 2 weeks are closed automatically.