Cookies

[Yeehaw]

Ok, first I had the problem with not being about to log out, that really didn't bother me.
One of my 'sometime' users was having the problem of not being able to stay logged in, I couldn't duplicate the problem since I couldn't log out, so I renamed what the cookies were called, cleaned my cookies out, and immediately had to log back in. Good, I figured problem solved.

Note all this was without changing any settings from my upgrade from YabbSE 1.5.5, other than renaming the cookies from yabbusername14 to dasmfusername.

However, now you need to log in every time - whether forever has been checked or not - the session is not saved upon opening another window, be it IE, Netscape, or Firebird. Cookies are not being set in cache or any other place in the browsers. I have tried "Enable local storage of cookies" and "Use subdomain independent cookies Warning: Turn off Local Cookies first!" settings to no effect. Nothing works as far as cookies are concerned.

What am I missing?

I have created a user "datest" with the pass of "passwrd" for your convenience.

[Douglas]

No problems here.  What's your cookie's exact name?

For people that can't stay logged in, have them check to make sure they're allowing cookies from desertaquaria.com and that the site is also allowed in any firewall settings.

Windows XP and IE 6 both have enhanced security settings, which prevent cookies, by default.

[[Unknown]]

I was not able, with Internet Explorer, to login to your forum and stay logged in.

This is a cookies issue; in YaBB SE, you wouldn't be able to login at all.

Using Opera, I can tell that no cookie is being set.  I recommend you try a shorter cookie name, and make sure it has no spaces or anything in it, except A-Z, a-z, 0-9.  I also recommend you use "sub domain independent cookies".

-[Unknown]

[Yeehaw]

Ok, I shortened the cookie name to "dasmf", no spaces. Same issue.
I checkmarked "sub domain independent cookies", same same.

Mind you, I haven't changed any file/server permissions since I set YaBB up over three years ago, YaBBSE over one year ago,  and did a straight -problem free- SMF upgrade the day it came out.

What shall I try next?

[[Unknown]]

Sources/LogInOut.php, find: (backup first!)

setcookie($cookiename, serialize(array($ID_MEMBER, $password)), time() + (60 * $modSettings['cookieTime']), $cookie_url[1], $cookie_url[0], 0);

Add before:

log_error('Setting cookie: ' . $cookiename . '=' . serialize(array($ID_MEMBER, $password)) . '; expires=' . (time() + (60 * $modSettings['cookieTime'])) . '; ' . $cookie_url[1] . ' ' . $cookie_url);

And then try to login with a test user, with "stay logged in" checked.  After that, replace LogInOut.php with the backup.

Then, can you tell me what it put in your error log?

-[Unknown]

[Yeehaw]

ok, that really hoses things up.

"Parse error: parse error, unexpected T_LNUMBER in D:\Data\Business\D\desertaquaria.com\yabbse\Sources\LogInOut.php on line 203"

[[Unknown]]

Typo, try:

Code Select Expand

log_error('Setting cookie: ' . $cookiename . '=' . serialize(array($ID_MEMBER, $password)) . '; expires=' . (time() + (60 * $modSettings['cookieTime'])) . '; ' . $cookie_url[1] . ' ' . $cookie_url[0]);

-[Unknown]

[Yeehaw]

   datest    Today at 02:35:59pm 
   68.155.12.187      b7204cc4dae7aa44dd3dc9d026e38aa7 
    http://www.desertaquaria.com/yabbse/index.php?action=login2 
   Setting cookie: dasmf=a:2:{i:0;s:3:"309";i:1;s:32:"891575669262091dcd7f7518f8038e1d";}; expires=1111181759; / Array 
-------------------------------------------

   Yeehaw    Today at 02:36:19pm 
   68.155.12.187      b7204cc4dae7aa44dd3dc9d026e38aa7 
    http://www.desertaquaria.com/yabbse/index.php?action=login2 
   Setting cookie: dasmf=a:2:{i:0;s:1:"2";i:1;s:32:;}; expires=1111181779; / Array 

[[Unknown]]

So it seems like it's at least trying to set the cookie properly.  It's not even, it seems, sending a Set-Cookie header....

Hmm, Gobalopper?

-[Unknown]

[Yeehaw]

Anything yet on this issue?

[Gobalopper]

Sounds like it could be a problem similar to what Kris was having... I'll see if I can find out how we fixed that.

[Kris]

... Sources/Load.php, find:

Code Select Expand

// Check first the cookie, then the session.
if (isset($_COOKIE[$cookiename]))
{
list ($ID_MEMBER, $password) = @unserialize(stripslashes($_COOKIE[$cookiename]));
$ID_MEMBER = !empty($ID_MEMBER) ? (int) $ID_MEMBER : 0;
}
elseif (isset($_SESSION['login_' . $cookiename]))
{
list ($ID_MEMBER, $password, $login_span) = @unserialize(stripslashes($_SESSION['login_' . $cookiename]));
$ID_MEMBER = !empty($ID_MEMBER) && $login_span > time() ? (int) $ID_MEMBER : 0;
}
else
$ID_MEMBER = 0;

Replace:

Code Select Expand

// Check first the session, then the cookie.
if (isset($_SESSION['login_' . $cookiename]))
{
list ($ID_MEMBER, $password, $login_span) = @unserialize(stripslashes($_SESSION['login_' . $cookiename]));
$ID_MEMBER = !empty($ID_MEMBER) && $login_span > time() ? (int) $ID_MEMBER : 0;
setcookie($cookiename, serialize(array($ID_MEMBER, $password)), time() + 60 * $modSettings['cookieTime'], '/', '.yourdomain.com');
}
elseif (isset($_COOKIE[$cookiename]))
{
list ($ID_MEMBER, $password) = @unserialize(stripslashes($_COOKIE[$cookiename]));
$ID_MEMBER = !empty($ID_MEMBER) ? (int) $ID_MEMBER : 0;
}
else
$ID_MEMBER = 0;

[Kris]

...LogInOut.php

Code Select Expand


function Logout()
{
global $scripturl, $db_prefix, $sourcedir, $ID_MEMBER;
global $cookiename, $maintenance, $guestaccess;

include_once($sourcedir . '/Subs-Auth.php');

// Make sure they aren't being auto-logged out.
checkSession('get');

// If you log out, you aren't online anymore :P.
db_query("
DELETE FROM {$db_prefix}log_online
WHERE ID_MEMBER = $ID_MEMBER
LIMIT 1", __FILE__, __LINE__);
$_SESSION['log_time'] = 0;

// Empty the cookie!
$cookie_url = url_parts();
setcookie($cookiename, serialize(array(0, '')), time() - 3600, '/', '.yourdomain.com');

// Clear everything!
$_COOKIE = array();
$_SESSION['login_' . $cookiename] = serialize(array(0, '', 0));

// Off to the merry board index we go!
redirectexit();
}

[Yeehaw]

No change at all - not setting cookies.

I do appreciate the effort!

SMF CodeMonkeys?

[Kris]

No change at all - not setting cookies.

I do appreciate the effort!

SMF CodeMonkeys?

You put your domain url in the code?

[EViL0nE]

Just to ask the obvious, in the "replace with" section, you did change hxxp:yourdomain.com [nonactive] to hxxp:desertaquaria.com [nonactive], correct?
Edit: ignore this, someone else types faster.

[Yeehaw]

You put your domain url in the code?

*heavy sigh* That did it, cookies are being set now - thanks Kris!


Question though, why was that the problem over a stock upgrade from YaBBSE? And will I need to modify load.php and loginout.php each time there is an upgrade? (probably so, but have to ask)

<E1? Bite Me. You Fired.>

[Kris]

Yeehaw, I guess you have a windows host that uses a redirect.
I think that one causes the problem.

The coders maybe can add a variable in the code which includes automaticaly your url in the script...

I nedd to change it each time myself too.

[Yeehaw]

Wellll....
The servers at my host are Win2k IIS5 servers that have 5 IP's set on them, one of which handles about 300 websites (the others are ftp IP's) - virtual hosting setup with host headers. I know this because I upgraded my host's network from NT to Win2k about four years ago and built the webservers. Of course the sorry bastards laid me off back in September after five years....

Tell you what though, the cookie issue is still around - you cannot stay logged in forever. Here's the cookie info SMF loads to the client:

Code Select Expand

dasmf
a%3A2%3A%7Bi%3A0%3Bi%3A2%3Bi%3A1%3Bs%3A32%3A%**********************************%22%3B%7D
desertaquaria.com/
1536
4187984512
29625978
389090176
29625969
*


Ideas?

[Kris]

I cannot stay loggid forever either.
Each time my tables are optimized, I'm logged out
(is that right?)