Cannot Stay Logged in (Cookie problem?)

[Terragen]

I recently upgraded from YabbSE to SMF.

After the conversion the cookie name stayed as YabbSECookie151 or whatever it was called (I assume just so nobody would have to re-login).

Trying to test permissions I came across the "can't logout bug" which has been incorrectly identified in other threads as a "fake" bug - nope - it exists.
I tried to log out to see what unregistered users could see.. anyways I ended up deleting my cookie and once I was logged out I couldn't log in perm again.. it logs me in until I close the browser window.

Trying a suggestion I saw on here I changed the cookie name (its now SMFCookie) and so the old YabbSE cookies were working fine but now everyone is having the "can't stay logged in" bug as their old valid cookies (from yabbse) aren't being referenced.

This is definately not a "fake bug" nor is it a browser issue as all the members of the forum are experiencing it from Internet Explorer to Mozilla to Opera.

Please don't chime in and say "Works fine for me in Opera - so no bug" because its there. You may not experience it but its still happening to many people on may different computers with many browsers.

So I think the problem is cookies - now that we aren't using the old yabbse ones nobody can stay logged in.

Any suggestions are greatly appreciated - thanks.

[[Unknown]]

"can't logout bug" which has been incorrectly identified in other threads as a "fake" bug

If you get an error mssage, please try closing your browser and opening it again.  If, on the other hand, it jsut doesn't log you out please make sure "global cookies" and "local cookies" are off, or try changing the cookie name in Server Settings.

Please give me a URL so I can test it.  I can also give you SEVERAL topics on the issue.

Furthermore, this is not a bug on the site - Site Bug Reports.  Nor do I even, sorry to say, believe it is a bug - rather a misconfiguration.

-[Unknown]

[Terragen]

LOL. I actually got a

"An Error Has Occurred!
Session verification failed. Please try logging out and back in again, and then try again "

error here while trying to post.. refreshing a few times fixed the problem.

Anyways there's no logout error - it simply did not work (which I think was a problem with SMF using YabbSE cookies - everyone had that problem.. now that the cookie name is changed everyone can log out - except "logging in forever" doesnt work.

The problem wasn't an error - clicking logout would simply return you to the main page without clearing the cookie or session or whaver - it was like clicking on the "home" button.

If its a misconfiguration well then its a bug to distribute SMF improperly configured. (Or to even allow it to be misconfigured so) although I'm not sure how you can "misconfigure" cookies. It worked fine in YabbSE - I downloaded the SMF update and it hasn't worked since then. So if its a "misconfiguration" its an SMF problem as I haven't changed any of the options (except the cookie name as I said - which shouldn't be a problem.. although it wasn't working before I changed it either).

I'll PM you a link.

[Terragen]

Local cookies are off.

Also as I said before I did change the cookie name - which didn't fix the problem.

The YabbSE cookies worked fine - except you couldn't log out.

Now that I changed the cookie name everyone had to get a new cookie and since they werent using the working YabbSE cookies they have the new cookies in which "forever" has been defined as "until you close the browser".

[Homie]

make sure you go to tools -->Internet Options---> Privacy and move  the slider till it says Except all Cookies and click the apply button then click ok and then you should be able to stay logged in that happend to me once when i didnt have all cookies enabled but if it doesnt work that is something else

Regards
Homie

[Terragen]

Thanks for the input

But thats not the problem - I accept cookies fine - I *can* login - just not permenantly.

[[Unknown]]

Terragen,

I'll explain EXACTLY why this usually happens to you.  You're actually experiencing two very annoying problems with cookies, and they are not anything to do with SMF being "improperly" distributed.

If you have YaBB SE cookies set, and turn ON global cookies, you won't be able to log out (no error, it just won't work!) without clearing your old cookies.  SMF's YaBB SE upgrade package is distributed with global cookies off.

If you set the cookie to an invalid cookie name - SMF by default uses a valid one - the cookie will not "stick" because the browser will, basically, forget it.  Pass it over because it's not valid.  Either in Beta 4.1 or the cvs, the cookiename should not be changable to anything but a valid value. (spaces, dashes, everything but A-Za-z0-9 is bad.)

You are explaining EXACTLY these problems, to the letter.  Have you tried deleting your cookies for that domain?  Have you tried using a different browser to be sure it's not your Internet Explorer settings?

-[Unknown]

[Terragen]

I have no turned on global cookies.

When I ran the SMF update it stuck with the YabbSE cookies so nobody would have to relogin (I imagine). This worked fine.

Anyone who deleted their YabbSE cookie had the problem of not being able to stay logged in. I tried and this also happened to me. Following a suggestion in another thread I went to settings and changed the cookie name from the YabbSE cookie (Which worked) to SMFCookie (which as far as I can tell is a valid name). Now that the cookie name is changed EVERYONE has this problem (since the board isn't using the GOOD YabbSE cookies but rather trying to make new cookies and its not working correctly. Its not my computer or my browser - since cookies work fine everywhere else. Also everyone on the board is now having the problems (now that the cookie name is changed and nobody is using their old yabbse cookies) and some people are using opera, some are using mozilla, some using IE. So it is clearly not a browser or cookie permissions issue but it must be something to do with SMF. (Mine and everyone elses cookies worked with YabbSE and work on all the other boards we post on and now only don't work on SMF).

I have not changed any of the settings except for the name of the cookie - so if there are any "bad" settings they were deployed with SMF as all my settings have not changed (except cookie name) since then.

Also if that was you that created the tester account (with [email protected]) you'll never get that email so I just activated the account for you. You can try and experience the cookie problem yourself.
It works to a point (ie: if you dont leave the site for too long) but more ofen that not I get logged back out.

Hopefully we can figure out what this is since I have no clue.

[[Unknown]]

Your server is mangling the set cookie header.  This could be caused by an invalid cookie name ("SMFCookie " or " SMFCookie" or "SMF Cookie"), but can also be caused by your server setup.

Can you give me a link, through pm or otherwise, to a phpinfo.php?  This is a file with only these contents:

Code Select Expand

<?php

phpinfo();

?>

The thing is that the cookies are, as I explain in another topic, set in the same way as YaBB SE set them.

As far as the login working for a period, this is because it's using sessions; in YaBB SE, login wouldn't even work at all with these problems.  And, on that note, my testing showed me that on every page view the PHPSESSID cookie is being set - except the one that should be setting the authentication cookie, which leads me to believe that the "Set-Cookie" header is being mangled, as I said, or just plain not sent. (some server setups think they are too smart for PHP scripts; they apparently know when a cookie is not "neccessary".)

-[Unknown]

[Terragen]

Well the cookie name is SMFCookie (thats a valid name isn't it?)

I haven't changed any of the server settings and never had a problem in YabbSE so I'm not sure what would be happening now..

I'll PM you a link to phpinfo

Thanks for looking at this as I'm completely baffled and I know it worked before.. so I'm not sure what is going on

[[Unknown]]

You seem to be using PHP in CGI mode under IIS 4.0 on Windows NT 4.  This is not a horribly stable or fast setup, and using ISAPI, Apache, and/or a newer version of Windows would most likely solve the problem.

In fact, as of this July, NT 4.0 will not even be supported by Microsoft, nor will be the version of IIS you're using.

If you have any control at all over the server, you may want to try to address these issues.  While I can't promise they will solve the problem, I can tell you that PHP and all PHP scripts will run significantly faster in ISAPI mode, and under newer revisions of IIS.

If you don't, I'm not sure - this really says to me "server issue".  Have you read this topic?

http://www.simplemachines.org/community/index.php?topic=7721.0

-[Unknown]

[Terragen]

Thanks, I'll look at the topic.

Yeah that server has been up for a few years - because there were no great (free) solutions for running ASP on apache (it was pretty much IIS or nothing) and I needed to run some ASP pages... I was thinking about upgrading it all in the summer to Slack/Apache

but if the cookies are set in the same way as YabbSE then there shouldn't be a problem. I've had a YabbSE board up for almost 2 years there and NEVER had a problem like this.. and nothing has changed on the server - the only thing that has changed is the forum software (YabbSE->SMF) which is why I think SMF is pretty much the only thing.. I mean it ran fine with YabbSE :/

I'll look at that other topic - thanks.

[Terragen]

I've turned on subdomain independant cookies - I've also tried the replacement suggested in the thread you linked (And yes I put my domain in the code)

Still not working.

[[Unknown]]

The way cookies are handled is one of the few things that has hardly changed in SMF.... I'm not sure what to tell you.

-[Unknown]

[Terragen]

Alright well thanks for looking - I appreciate the time

It must be something in SMF though - I just made a testing copy of the old yabbse board with a backup database

(basically a mirror of the site right before SMF update)

and the cookies set fine (I checked using opera - with the SMF I only get phpsessionid but with yabbse I also get the yabbse cookie)

I've tried changing the cookie name, I've tried subdomain indepenadant cookies i've tried local and global cookies. Nothing works.

There must be some setting somewhere thats different from yabbse because I know the server is fine (I can set cookies using yabbse so php etc is working fine) and there must be a setting i'm missing somewhere in smf.

its driving me crazy lol.

[Terragen]

couldit be something like its using sessions before it tries cookies?

i'm totally puzzled.

[[Unknown]]

It always sets the cookie, and it sets it in exactly the same way - as I described in that topic.

-[Unknown]

[Terragen]

That's totally bizzare 

Well I guess I'll try reinstalling SMF then.. I mean I know the cookies work on my end and the server as the test YabbSE board is setting them.. hopefully its something really weird that a reinstall will fix.. if not I guess i'll go wading through the php code

Thanks

[Terragen]

Hrm.

Alright I can make a separate php file and set a test cookie in it. but if i try to set it when the other cookie is set it won't go either.

lol

I tried reinstalling SMF fresh and doesnt work either

man i'm really confused.

[[Unknown]]

This just sounds like a screwed up server to me .

-[Unknown]