Otsikko: Seperate Cookie Domain setting vs. Website Domain Setting
Kirjoitti: Thurnok - marraskuu 17, 2004, 01:15:38 AP
Kirjoitti: Thurnok - marraskuu 17, 2004, 01:15:38 AP
Hi [Unknown],
As we sort of discussed, here's the situation:
- Lets say my server's domain is mydomain.com
- and I access my main domain as www.mydomain.com
- and I have some number of subdirectories under my webroot (lets say /guild1 and /guild2 etc.)
- and I have domain names registered as myguild1.com and myguild2.com
- and I have my name registrar control panel point those to the subdirs under mydomain.com
- example: www.myguild1.com is Frame URL'd to www.mydomain.com/guild1
- and: www.myguild2.com is Frame URL'd to www.mydomain.com/guild2
- hence, going to www.myguild1.com takes you to www.mydomain.com/guild1 but all URLs appear to point to www.myguild1.com
Now, in SMF you only have the option of telling it what your domain is (via the Forum URL entry in the Server Settings), not a seperate cookie domain. It uses this entry as the base URL for all the links but also as the cookie domain (as far as I can tell).
If I put the Forum URL as http://www.mydomain.com/guild1/smf then of course all the URLs point to the correct place, and cookies are handled appropriately. The problem is, mouse-over any links shows the true domain path (www.mydomain.com/guild1/smf).
If I put the Forum URL as http://www.myguild1.com/smf then you cannot log in because the cookie domain being attempted is from www.myguild1.com which is not the true domain that SMF is running under (www.mydomain.com). Note: you have to delete all the cookies from www.mydomain.com first or it will just not let you logout after you try changing the Forum URL to www.myguild1.com. (this is of course a scenario assuming you installed with the true domain to start with because the install will not be successful if you try with www.myguild1.com to start with).
As I mentioned, with phpBB there is a seperate Cookie Domain configuration setting that prevents this issue on phpBB. Is there a workaround in SMF that I could employ (one already in place I mean) or do I need to mod the cookie routine and add a cookie domain variable?
I've tried using Local Cookies, no help there, turned of database session, no help (originally had subdomain independant)... so without delving too much further into it, I'm assuming it has to do with SMF trying to set a cookie with a domain of www.myguild1.com while it is running under www.mydomain.com which is basically illegal.
As we sort of discussed, here's the situation:
- Lets say my server's domain is mydomain.com
- and I access my main domain as www.mydomain.com
- and I have some number of subdirectories under my webroot (lets say /guild1 and /guild2 etc.)
- and I have domain names registered as myguild1.com and myguild2.com
- and I have my name registrar control panel point those to the subdirs under mydomain.com
- example: www.myguild1.com is Frame URL'd to www.mydomain.com/guild1
- and: www.myguild2.com is Frame URL'd to www.mydomain.com/guild2
- hence, going to www.myguild1.com takes you to www.mydomain.com/guild1 but all URLs appear to point to www.myguild1.com
Now, in SMF you only have the option of telling it what your domain is (via the Forum URL entry in the Server Settings), not a seperate cookie domain. It uses this entry as the base URL for all the links but also as the cookie domain (as far as I can tell).
If I put the Forum URL as http://www.mydomain.com/guild1/smf then of course all the URLs point to the correct place, and cookies are handled appropriately. The problem is, mouse-over any links shows the true domain path (www.mydomain.com/guild1/smf).
If I put the Forum URL as http://www.myguild1.com/smf then you cannot log in because the cookie domain being attempted is from www.myguild1.com which is not the true domain that SMF is running under (www.mydomain.com). Note: you have to delete all the cookies from www.mydomain.com first or it will just not let you logout after you try changing the Forum URL to www.myguild1.com. (this is of course a scenario assuming you installed with the true domain to start with because the install will not be successful if you try with www.myguild1.com to start with).
As I mentioned, with phpBB there is a seperate Cookie Domain configuration setting that prevents this issue on phpBB. Is there a workaround in SMF that I could employ (one already in place I mean) or do I need to mod the cookie routine and add a cookie domain variable?
I've tried using Local Cookies, no help there, turned of database session, no help (originally had subdomain independant)... so without delving too much further into it, I'm assuming it has to do with SMF trying to set a cookie with a domain of www.myguild1.com while it is running under www.mydomain.com which is basically illegal.
Otsikko: Re: Seperate Cookie Domain setting vs. Website Domain Setting
Kirjoitti: [Unknown] - marraskuu 17, 2004, 03:28:26 AP
Kirjoitti: [Unknown] - marraskuu 17, 2004, 03:28:26 AP
Are you using Apache? I think the simplest solution would be to use a redirect...
How is your hosting set up? What I would do in this situation is point "mydomain1.com" to my "domain.com" hosting account, in the subfolder "mydomain1"... Here, let me clarify: (making this up...)
www.unknownbrackets.com <-- main site.
www.unknownsmf.com <-- second site.
Now, my path to unknownbrackets.com might be /home/unknown/public_html. In this case, unknownsmf.com might go to /home/unknown/public_html/unknownsmf (many hosts will do this, in my experience.)
I would then add a .htaccess to that path (unknownsmf) telling it to redirect everything to /smf... meaning:
RedirectEngine On
RedirectMatch ^unknownsmf(.*?)$ /smf$1
(or similar...)
This would keep the domain unknownsmf.com... everything would work fine, and so would the cookies. As far as the web browser would be concerned, the links really would be to the other URL.
Of course, this is assuming you have it all going through one host, and you have a decent host.
The reason a separate setting for the cookie domain is not available is simple; in most cases, it's not neccessary... in fact, if you've got local and subdomain independent cookies off... it shouldn't even be needed - it will be set to the default domain, as determined by the web browser. Furthermore, even in this case you should be able to login properly; at least for a while, because the session will kick in.
To change this manually, just find in Subs-Auth.php:
setcookie($cookiename, $data, time() + $cookie_length, $cookie_url[1], $cookie_url[0], 0);
And replace:
setcookie($cookiename, $data, time() + $cookie_length, $cookie_url[1], 'www.mydomain.com', 0);
However, if having subdomain independent cookies off, local cookies off, and database driven sessions on still causes this problem, I'd like to see a link to one of these URLs to test the situation myself; I can exaimine the cookie it's trying to set and see what, if anything, is going wrong.
-[Unknown]
How is your hosting set up? What I would do in this situation is point "mydomain1.com" to my "domain.com" hosting account, in the subfolder "mydomain1"... Here, let me clarify: (making this up...)
www.unknownbrackets.com <-- main site.
www.unknownsmf.com <-- second site.
Now, my path to unknownbrackets.com might be /home/unknown/public_html. In this case, unknownsmf.com might go to /home/unknown/public_html/unknownsmf (many hosts will do this, in my experience.)
I would then add a .htaccess to that path (unknownsmf) telling it to redirect everything to /smf... meaning:
RedirectEngine On
RedirectMatch ^unknownsmf(.*?)$ /smf$1
(or similar...)
This would keep the domain unknownsmf.com... everything would work fine, and so would the cookies. As far as the web browser would be concerned, the links really would be to the other URL.
Of course, this is assuming you have it all going through one host, and you have a decent host.
The reason a separate setting for the cookie domain is not available is simple; in most cases, it's not neccessary... in fact, if you've got local and subdomain independent cookies off... it shouldn't even be needed - it will be set to the default domain, as determined by the web browser. Furthermore, even in this case you should be able to login properly; at least for a while, because the session will kick in.
To change this manually, just find in Subs-Auth.php:
setcookie($cookiename, $data, time() + $cookie_length, $cookie_url[1], $cookie_url[0], 0);
And replace:
setcookie($cookiename, $data, time() + $cookie_length, $cookie_url[1], 'www.mydomain.com', 0);
However, if having subdomain independent cookies off, local cookies off, and database driven sessions on still causes this problem, I'd like to see a link to one of these URLs to test the situation myself; I can exaimine the cookie it's trying to set and see what, if anything, is going wrong.
-[Unknown]
Otsikko: Re: Seperate Cookie Domain setting vs. Website Domain Setting
Kirjoitti: Thurnok - marraskuu 17, 2004, 11:41:26 IP
Kirjoitti: Thurnok - marraskuu 17, 2004, 11:41:26 IP
Info about my server/sites:
Apache 1.3.31
PHP 4.3.8
MySQL 3.23.56
Host Provider CIHOST
HD Space: 200Gig
Unlimited Bandwidth, POPs, FTPs, Email Forwarders, etc.
Unlimited CGI / Cron use
mydomain.com and www.mydomain.com docroot path: /home/mydomain/www
DNS provided by CIHOST
Name Registrar - Active Domain.com (ENOM)
Other domain names owned = 9
Name Registrar - Active Domain.com (ENOM)
6 of these DNS provided by Active Domain.com
3 DNS provided by ZoneEdit
Sites using SMF = 2
1 DNS via Active Domain.com, 1 DNS via ZoneEdit
All 9 other domains point to some subdirectory under mydomain.com's docroot path via Active Domain.com or ZoneEdit.
Examples: (URL Path --- File Path)
Guild 1 (using PostNuke):
www.myguild1.com --- /home/mydomain/www/guild1
BBS/Forum for this site (phpBB 2.0.10):
www.myguild1.com/guild1bbs --- /home/mydomain/www/guild1/guild1bbs
(this is actually the one I'm testing now. I have a duplicate for this site now as follows):
Guild 1 (using Mambo)[DNS via ZoneEdit]:
new.myguild1.com --- /home/mydomain/www/guilds/guild1
BBS/Forum for this site (SMF):
new.myguild1.com/smf --- /home/mydomain/www/guilds/guild1/smf
Guild 2 (using PostNuke):
www.myguild2.com --- /home/mydomain/www/guilds/guild2
BBS/Forum for this site (phpBB 2.0.10):
www.myguild2.com/myguild2bbs --- /home/mydomain/www/guilds/guild2/guild2bbs
Guild 3 (using PostNuke):
www.myguild3.com --- /home/mydomain/www/guilds/guild3
BBS/Forum for this site (phpBB 2.0.10):
www.myguild3.com/myguild3bbs --- /home/mydomain/www/guilds/guild3/guild3bbs
Client 1 (custom website):
www.myclient1.com --- /home/mydomain/www/clients/client1
Client 2 (custom website):
www.myclient2.com --- /home/mydomain/www/clients/client2
BBS/Forum for this site (phpBB 2.0.8):
www.myclient2.com --- /home/mydomain/www/clients/client2/phpbb
Client 3 (home site IS phpBB 2.0.8):
www.myclient3.com --- /home/mydomain/www/clients/client3
Client 4 (custom, but switching to use Mambo):
www.myclient4.com --- /home/mydomain/www/clients/client4
Family (using Mambo)[DNS via Active-Domain.com]:
www.myfamilyname.org --- /home/mydomain/www/myfamilyname
BBS/Forum for this site (SMF):
www.myfamilyname.org/smf --- /home/mydomain/www/myfamilyname/smf
Friend (custom website):
www.hostformyfriend.com --- /home/mydomain/www/myfriendname
BBS/Forum for this site (phpBB 2.0.8):
www.hostformyfriend.com/phpbb --- /home/mydomain/www/myfriendname/phpbb
Note: same issue for both sites I have set SMF up on
Thought about the redirect but problem is SMF is a subdir of the domain name for that website running Mambo (which is a subdir of mydomain) so... the website is at www.myguild1.com/index.php (running Mambo) and a link from a Mambo menu launches SMF
www.myguild1.com --- points to www.mydomain.com/guilds/guild1 using URL Framing (/home/mydomain/www/guilds/guild1) so that it appears to be the root. And then SMF is a subdir of that www.myguild1.com/smf (as the URL Framing makes it appear) whereas its true URL is www.mydomain.com/guilds/guild1/smf (/home/mydomain/www/guilds/guild1/smf).
Setting the Forum URL to www.mydomain.com/guilds/guild1/smf and the file paths to /home/mydomain/www/guilds/guild1/smf works just fine however I'm looking to set the Forum URL to www.myguild1.com/smf (and of course leave the file path the true file path) so that links go to www.myguild1.com/smf/<something>
When I do that, it will not log me in. It gives the Dialog-centric Login box in the center of the page:
I tried doing it without cookies at all, just using Database Session - blocked cookies from my site completely. Works if I use the mydomain.com URL settings, but not if I use the myguild1.com URL settings. So without cookies even being created, it still has an issue which must be related to the URL Framing from the Name Registrar. (I assume).
Apache 1.3.31
PHP 4.3.8
MySQL 3.23.56
Host Provider CIHOST
HD Space: 200Gig
Unlimited Bandwidth, POPs, FTPs, Email Forwarders, etc.
Unlimited CGI / Cron use
mydomain.com and www.mydomain.com docroot path: /home/mydomain/www
DNS provided by CIHOST
Name Registrar - Active Domain.com (ENOM)
Other domain names owned = 9
Name Registrar - Active Domain.com (ENOM)
6 of these DNS provided by Active Domain.com
3 DNS provided by ZoneEdit
Sites using SMF = 2
1 DNS via Active Domain.com, 1 DNS via ZoneEdit
All 9 other domains point to some subdirectory under mydomain.com's docroot path via Active Domain.com or ZoneEdit.
Examples: (URL Path --- File Path)
Guild 1 (using PostNuke):
www.myguild1.com --- /home/mydomain/www/guild1
BBS/Forum for this site (phpBB 2.0.10):
www.myguild1.com/guild1bbs --- /home/mydomain/www/guild1/guild1bbs
(this is actually the one I'm testing now. I have a duplicate for this site now as follows):
Guild 1 (using Mambo)[DNS via ZoneEdit]:
new.myguild1.com --- /home/mydomain/www/guilds/guild1
BBS/Forum for this site (SMF):
new.myguild1.com/smf --- /home/mydomain/www/guilds/guild1/smf
Guild 2 (using PostNuke):
www.myguild2.com --- /home/mydomain/www/guilds/guild2
BBS/Forum for this site (phpBB 2.0.10):
www.myguild2.com/myguild2bbs --- /home/mydomain/www/guilds/guild2/guild2bbs
Guild 3 (using PostNuke):
www.myguild3.com --- /home/mydomain/www/guilds/guild3
BBS/Forum for this site (phpBB 2.0.10):
www.myguild3.com/myguild3bbs --- /home/mydomain/www/guilds/guild3/guild3bbs
Client 1 (custom website):
www.myclient1.com --- /home/mydomain/www/clients/client1
Client 2 (custom website):
www.myclient2.com --- /home/mydomain/www/clients/client2
BBS/Forum for this site (phpBB 2.0.8):
www.myclient2.com --- /home/mydomain/www/clients/client2/phpbb
Client 3 (home site IS phpBB 2.0.8):
www.myclient3.com --- /home/mydomain/www/clients/client3
Client 4 (custom, but switching to use Mambo):
www.myclient4.com --- /home/mydomain/www/clients/client4
Family (using Mambo)[DNS via Active-Domain.com]:
www.myfamilyname.org --- /home/mydomain/www/myfamilyname
BBS/Forum for this site (SMF):
www.myfamilyname.org/smf --- /home/mydomain/www/myfamilyname/smf
Friend (custom website):
www.hostformyfriend.com --- /home/mydomain/www/myfriendname
BBS/Forum for this site (phpBB 2.0.8):
www.hostformyfriend.com/phpbb --- /home/mydomain/www/myfriendname/phpbb
Note: same issue for both sites I have set SMF up on
Thought about the redirect but problem is SMF is a subdir of the domain name for that website running Mambo (which is a subdir of mydomain) so... the website is at www.myguild1.com/index.php (running Mambo) and a link from a Mambo menu launches SMF
www.myguild1.com --- points to www.mydomain.com/guilds/guild1 using URL Framing (/home/mydomain/www/guilds/guild1) so that it appears to be the root. And then SMF is a subdir of that www.myguild1.com/smf (as the URL Framing makes it appear) whereas its true URL is www.mydomain.com/guilds/guild1/smf (/home/mydomain/www/guilds/guild1/smf).
Setting the Forum URL to www.mydomain.com/guilds/guild1/smf and the file paths to /home/mydomain/www/guilds/guild1/smf works just fine however I'm looking to set the Forum URL to www.myguild1.com/smf (and of course leave the file path the true file path) so that links go to www.myguild1.com/smf/<something>
When I do that, it will not log me in. It gives the Dialog-centric Login box in the center of the page:
I tried doing it without cookies at all, just using Database Session - blocked cookies from my site completely. Works if I use the mydomain.com URL settings, but not if I use the myguild1.com URL settings. So without cookies even being created, it still has an issue which must be related to the URL Framing from the Name Registrar. (I assume).
Otsikko: Re: Seperate Cookie Domain setting vs. Website Domain Setting
Kirjoitti: [Unknown] - marraskuu 18, 2004, 01:05:25 AP
Kirjoitti: [Unknown] - marraskuu 18, 2004, 01:05:25 AP
Would you be against pming me with a url to just one of the guild or client SMF forums, so I can examine the cookies being sent?
-[Unknown]
-[Unknown]
Otsikko: Re: Seperate Cookie Domain setting vs. Website Domain Setting
Kirjoitti: linear - helmikuu 03, 2005, 11:32:36 AP
Kirjoitti: linear - helmikuu 03, 2005, 11:32:36 AP
Hi, this thread is sort of on-topic for my question, but I have a simpler situation it seems.
I have set up my SMF board at http://forums.example.com/ and I'm wanting to use SSI features on my various subdomains which look like http://foo.example.com and http://bar.example.com/ and so on.
If I could set (like phpbb) my cookie domain to example.com rather than forums.example.com, I expect I could get what I want.
I can't find the admin panel way to do this. I'm willing to modify the code if I need to. Can anyone point me in the right direction please?
* further detail if needed:
I'm using the firefox web developer toolbar to inspect my cookies. When I'm on a subdomain, I do see cookies set at the domain level (example.com cookies are visible/sent to pages in foo.example.com). I have verified that SMF is setting cookies with the domain forums.example.com.
I have set up my SMF board at http://forums.example.com/ and I'm wanting to use SSI features on my various subdomains which look like http://foo.example.com and http://bar.example.com/ and so on.
If I could set (like phpbb) my cookie domain to example.com rather than forums.example.com, I expect I could get what I want.
I can't find the admin panel way to do this. I'm willing to modify the code if I need to. Can anyone point me in the right direction please?
* further detail if needed:
I'm using the firefox web developer toolbar to inspect my cookies. When I'm on a subdomain, I do see cookies set at the domain level (example.com cookies are visible/sent to pages in foo.example.com). I have verified that SMF is setting cookies with the domain forums.example.com.
Otsikko: Re: Seperate Cookie Domain setting vs. Website Domain Setting
Kirjoitti: linear - helmikuu 03, 2005, 11:53:31 AP
Kirjoitti: linear - helmikuu 03, 2005, 11:53:31 AP
Okay, self-replying is a sign of insanity, perhaps, but I think what I was looking for was subdomain-independent cookies, which I seem to have found (by expanding all on the Edit Features and Options menu).
Thanks just the same.
Thanks just the same.
Otsikko: Re: Seperate Cookie Domain setting vs. Website Domain Setting
Kirjoitti: [Unknown] - helmikuu 03, 2005, 09:15:26 IP
Kirjoitti: [Unknown] - helmikuu 03, 2005, 09:15:26 IP
Lainaus käyttäjältä: linear - helmikuu 03, 2005, 11:53:31 AP
Okay, self-replying is a sign of insanity, perhaps, but I think what I was looking for was subdomain-independent cookies, which I seem to have found (by expanding all on the Edit Features and Options menu).
Thanks just the same.
Sorry, 8:30 am I'm either still asleep or on the road, and by virtue of various time zones is bad for many other members of the support team :P. I'm glad you got this sorted out, but it was exactly what I was going to say when I read your post. Note that for this to take effect, everyone will have to log in again.
-[Unknown]
Otsikko: Re: Seperate Cookie Domain setting vs. Website Domain Setting
Kirjoitti: linear - helmikuu 03, 2005, 10:23:26 IP
Kirjoitti: linear - helmikuu 03, 2005, 10:23:26 IP
No worries.
I learned a great deal grepping the code for "cookies" which put me on to better forum search terms than I used the first time, and then it all came clear. I thought I'd document the solution in case someone else searched later.
I learned a great deal grepping the code for "cookies" which put me on to better forum search terms than I used the first time, and then it all came clear. I thought I'd document the solution in case someone else searched later.