News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Problem with forums linked together to sync members.....

Started by dougiefresh, December 22, 2014, 09:08:29 AM

Previous topic - Next topic

dougiefresh

I have written a mod to sync the members table between multiple forums.  I have a problem with it: the session ID is shared amongst all the forums on the same server.  So when you log out from one forum, the session is destroyed, which breaks other forums.... 

I've partially solved this problem by linking all the forums to one forum, so that the session information is syncronized...  Also linking the forum's together by cookiename and making forum aliases within $modSettings helps this issue....  But I was thinking that, in order to solve the rest of the problem, that I could do an AJAX-style call every so often to check to see if a variable within $_SESSION is still set or hasn't changed.  (Obviously I would set something unique at log-in...)  If it's not, then refresh the page to show that the user isn't logged in anymore.... 

Do you see any problems with this idea?  What interval should I use?

Any responses or ideas would be appreciated....  Thanks in advance!

Jade Elizabeth

Why don't you check it on page load? That way if they click something it logs them out instead of showing the info? :)
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

Arantor

I personally wouldn't have tied the sessions together.

Jade Elizabeth

I think that's what he's trying to do but is unsure how to?
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

dougiefresh

Quote from: Jade Elizabeth on December 22, 2014, 09:15:17 AM
Why don't you check it on page load? That way if they click something it logs them out instead of showing the info? :)
That's a good idea.....  I wish I had thought of that...  Thanks!

Arantor

This smells like reopening a vulnerability I closed in 2.0.6 for session abuse purposes.

dougiefresh

I'm not trying to open up any vulnerabilities...  Lord knows I don't need to cause any problems with the forums...

I removed the session-linking code from my mod and am going to try setting the variable at log in and check that the variable is still set before proceeding....

Jade Elizabeth

You're quite welcome dougie! Sometimes I have some bright ideas even though I don't know anything ha ha.

Let us know how you end up doing it in case someone else needs a good idea too :D.
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

Advertisement: