SSI login / logout

djmentos · June 26, 2010, 05:23:21 PM

Hi.

I have a lot of problem with SSI and login and logout function.
Sessions are set on DB, local cookies are OFF, and subdomain independent - ON

Paths:
./forum/SSI.php
./panel/index.php - all i using here

index.php:
(logout)

Code Select


<li><?php ssi_logout($_SERVER['REQUEST_URL']); ?></li>
<li><?php echo '<a href="/forum/index.php?action=logout;'.$context['session_id'].'">xxx</a>'; ?></li>
<?php } else { ?>

In my case (both variants are the same):
Create link:
forum/index.php?action=logout;f43058289ed=ed25a7cfdafd7046fe6ec5c61b6f1103

Board's logout link looks like:
index.php?action=logout;d31dc5853d6=6663c2424184719a6e0e37a004f49527

So there are two others sessions! Why? (When i try logout i get error with sessions verification failed caption)

Second problem is with redirect after login, its not works

Code Select


$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
echo '<form style="margin: 0 auto; width: 300px;" action="', $scripturl, '?action=login2" method="post" accept-charset="', $context['character_set'], '">
<div style="float: left;">
<p>Login: <input type="text" name="user" value="', $user_info['username'], '"></p>
<p>Hasło: <input type="password" name="passwrd"></p>

<p><input type="checkbox" class="remember" id="remember"> <label for="remember">Zapamiętaj mnie</label></p>
<p><input type="submit" value="Zaloguj się" class="submit"></p>
</div>
<img src="images/secure.png" alt="" style="float: left;">
</form>'

Redirects me to board index.

funguy123us · June 27, 2010, 06:01:21 PM

Quote from: djmentos on June 26, 2010, 05:23:21 PM
When i try logout i get error with sessions verification failed caption)

I am getting the same error. Any ideas?

JBlaze · June 27, 2010, 09:10:53 PM

You may need to truncate your smf_sessions table, and make sure that subdomain independent cookies are enabled.

funguy123us · June 27, 2010, 11:04:04 PM

I was able to fix this by unchecking following..

Use database driven sessions

thanks

JBlaze · June 27, 2010, 11:05:07 PM

Marked solved.

djmentos · June 28, 2010, 04:55:17 AM

Ok. It works, but from what I know sessions being kept in database are slightly more secure? Why SSI dosn't work with sessions form databases?

Secondly forwarding while loging in still dosn't work. After logging of its okey.

funguy123us · June 28, 2010, 12:48:42 PM

Quote from: djmentos on June 28, 2010, 04:55:17 AM
Ok. It works, but from what I know sessions being kept in database are slightly more secure? Why SSI dosn't work with sessions form databases?

Secondly forwarding while loging in still dosn't work. After logging of its okey.

I agree with you. What I did is just a workaround.

djmentos · July 30, 2010, 04:43:01 AM

I found a problem with redirect on login.
session_start() was on a top of PHP file.

News:

SSI login / logout