Please consider skipping the Anubis check when a user is already logged in (feddit.org)

submitted 5 days ago* (last edited 5 days ago) by who@feddit.org to c/main@feddit.org

6 comments fedilink hide all child comments

Dear admins,

I see that feddit has adopted Anubis for bot protection. I'm glad it was chosen instead of Cloudflare (or some other invasive service).

However, having to wait for the Anubis check before I can use the site is annoying, especially when I'm already logged in. And it happens multiple times per day, amplifying the feeling that my time is being wasted.

Will you please consider skipping the Anubis check when my browser already has a valid login cookie?

Thank you.

you are viewing a single comment's thread
view the rest of the comments

[-] feddit@feddit.org 23 points 5 days ago

@who@feddit.org : this is sadly not possible, as Anubis knows nothing about the user session or login status of the user within Lemmy (or cookies for that matter). It's a tool that does heuristic checks, taking into account e.g. the IP address, the browsers user-agent header etc. It however stores sessions it has "seen" for 12h (with its own cookie) and doesn't send a challenge as long as this is persisted.

If you're seeing the challenge multiple times a day, that this usually means that the cookie either was deleted, or the session somehow otherwise got interrupted on the client side.

[-] who@feddit.org 1 points 5 days ago

It however stores sessions it has “seen” for 12h

Wow; that's surprisingly short. That means I get hit with Anubis at least six times a day when I use three browsers, and eight times a day when I use four. I often do switch between devices throughout the day, so I think this explains it.

If it can't be made login-aware, how about extending the session time to 24 or 48 hours? That would at least reduce the continual annoyances that some of us are now experiencing.

[-] gandalf_der_12te@feddit.org 1 points 5 days ago

could we maybe increase the session persistence time to 3 days then? i have the same issue as OP

[-] LOLseas@lemmy.zip 3 points 5 days ago

Why limit to 3 days when we can increase it to 8?

[-] Speiser0@feddit.org 2 points 5 days ago

Why limit to 8 days when we can increase it to 16?

[-] Tarogar@feddit.org 3 points 5 days ago

If we just remove Anubis we don't need to worry about time limits for sessions...

Oh wait I think that defeats the purpose of Anubis in the first place. Almost like it has these short session lengths for a reason. But I am not an expert.