logged out of smf, not joomla

dagomar · November 06, 2006, 09:41:10 AM

** Sorry if this was posted before, I looked pretty thoroughly, but didn't find exactly this **

The Problem: When I am automatically logged out of SMF, I am still logged in to Joomla.

Installed: Joomla 1.0.10 + SMF 1.1 RC3 + Joomlabridge
using: mod_smf_login and SMF is wrapped
Settings in SMF based on:
http://www.simplemachines.org/community/index.php?topic=63187.msg453559#msg453559

Notes:
I can reproduce this problem by logging in to smf and set "stay logged in for" to 1 minute. After one minute I get logged out of SMF, but not out of Joomla. This could be a security problem... Suggestions or questions, I am happy with any help!

SaVaTaGe · November 06, 2006, 05:07:33 PM

Same problem here, I sync. session timeouts but it's not a solution

dagomar · November 06, 2006, 07:43:26 PM

QuoteI sync. session timeouts but it's not a solution

Could you be a bit more specific?

Orstio · November 06, 2006, 07:57:31 PM

In the file smf.php, you should be able to find this line in the integrate_login function:

Code Select

if (isset($_VERSION) && $_VERSION->PRODUCT == 'Joomla!' && $_VERSION->DEV_LEVEL >= '8' ){

Try changing it to this:

Code Select

	if (isset($_VERSION) && $_VERSION->PRODUCT == 'Joomla!' && $_VERSION->DEV_LEVEL >= '8' && $cookietime == 3153600){

dagomar · November 07, 2006, 07:33:31 AM

QuoteTry changing it to this:

Code:

if (isset($_VERSION) && $_VERSION->PRODUCT == 'Joomla!' && $_VERSION->DEV_LEVEL >= '8' && $cookietime == 3153600){

It seems that I only get logged into SMF and the Bridge when I do that... However I miss for instance my user menu... I'll try and hack there a little bit and see what i can come up with... Thanks for any help!

dagomar · November 07, 2006, 10:34:03 PM

I still don't seem to make any progress... I don't understand what the addition of "&& $cookietime == 3153600" is good for... I'm completely in the dark

SaVaTaGe · November 11, 2006, 04:55:31 PM

Quote from: dagomar on November 06, 2006, 07:43:26 PM
QuoteI sync. session timeouts but it's not a solution

Could you be a bit more specific?

I mean that; I change the values of Joomla session timeouts and SMF session timeouts same...

Quote(isset($_VERSION) && $_VERSION->PRODUCT == 'Joomla!' && $_VERSION->DEV_LEVEL >= '8' && $cookietime == 3153600){

there is no variable defined in integrate_login function in smf.php and assigning a static value to $cookietime seems me wrong

maybe $mainframe->getCfg('lifetime') is the true choice to sync. Joomla! and SMF sessions but I am not sure about the mechanism of bridge...

Orstio · November 11, 2006, 05:49:44 PM

Quotethere is no variable defined in integrate_login function in smf.php and assigning a static value to $cookietime seems me wrong

You are correct, sorry, that's my fault.

Code Select

	if (isset($_VERSION) && $_VERSION->PRODUCT == 'Joomla!' && $_VERSION->DEV_LEVEL >= '8' && $cookielength == 3153600){

dagomar · November 13, 2006, 08:16:44 AM

Hi Orstio,

Thanks for your help. It seems that the problem is somewhere in that area, however, it seems that when I change it, The Bridge Login doesnt log me into Joomla when I login from the forum... :S Hope thats clear;

so, i go to my forum and i use the login page from the forum, not the bridge login. I get logged in into the forum, and bridge login also shows me as logged in, but I am not logged into joomla... I dont see my user menu etc. without

Code Select

&& $cookielength == 3153600
That still worked as it should...

<edit>
Ok, i just got logged out of smf but not out of joomla when i logged in with the bridge login... So it doesnt seem to have an effect after all...
</edit>

Frisbee · November 13, 2006, 12:20:56 PM

I'm having the same problem. It's definitely a security issue, and I would like to see a solution. Thank you.

dagomar · November 14, 2006, 12:17:37 PM

To me this also seems like a really important issue. When im not mistaken everybody who wants to integrate Joomla and SMF login is affected by it... Is there any way that the Bridge can log out the Joomla user if he is not logged into SMF? Is there any way the bridge can logout from SMF if the user is not logged into Joomla? That would definately do the trick, but it isnt what its doing now... It should be something like this:

Code Select


if ($loggedIntoJoomla == false && $loggedIntoSMF == true){
log out of SMF
} 
if ($loggedIntoJoomla == true && $loggedIntoSMF == false){
log out of Joomla
}

but I have no idea where and how to do that...

dagomar · November 14, 2006, 12:29:47 PM

Code Select

UPDATE jos_session SET `time`='1163524975',`userid`='62',`usertype`='Super Administrator',`username`='admin',`gid`='2',`guest`='0' WHERE session_id='077d36589286dc940f9c865c3130b5bd'

I see this when i debug my site. The session for SMF is expired, but for Joomla it does this. How strange

tracilynnb · November 19, 2006, 12:47:42 PM

I have the opposite situation, my login for Joomla expires after 24 hours, but I am still logged into SMF

SMF 1.1 RC3
Latest Bridge
Joomla 1.0.11

SaVaTaGe · November 24, 2006, 01:34:15 PM

any development in this issue? $:-\$

dagomar · December 05, 2006, 04:48:22 AM

I am being patient and all, but this issue still isnt fixed. I would please please please ask if anyone can check this out again. thanks, dago

dagomar · December 06, 2006, 09:35:10 AM

I'm not making progress at all. I am seriously considering another forum, or the other existing bridge. I did notice that in the other bridge is a function that checks if one is still logged into joomla; if not, it logs out of SMF. I really dont want to use another solution, because I really feel that the effort taken here is good, but if this issue is not being addressed I just see no other solution.

Kindred · December 06, 2006, 12:26:41 PM

dagomar, it's hard to address a situation that we can not replicate...

dagomar · December 07, 2006, 02:11:02 PM

Hi Kindred

I have explained what the issue was, and how it seems to happen. Try loging in from the forum login, and set the time to 1 minute. Then wait for a few minutes and refresh and see if everything is right. I HAVE to note that it doesnt always happen the first time you login, if you log out and login a few times like this, then this problem occurs (with me). Also I am not the only one, there were 3 more people who had similar problems... (Who reacted)

I am very willing to help you help me, if I am not clear in what i say let me know and i can maybe explain better or more thoroughly.

greetings,

Dago

Orstio · December 07, 2006, 05:41:25 PM

Can we see a URL?

NoRad · March 28, 2007, 02:37:13 AM

Sorry, just posted the same thing in another thread, but I think this one has more information. It's not a major issue for one of them because the user menu is just extra stuff, but on the other site the user menu contains members only content that they need to see when logged in. =/

News:

logged out of smf, not joomla

Orstio

Orstio

Orstio