Seperate Cookie Domain setting vs. Website Domain Setting

[Thurnok]

Hi [Unknown],

As we sort of discussed, here's the situation:

- Lets say my server's domain is mydomain.com [nofollow]
- and I access my main domain as  www.mydomain.com [nofollow]
- and I have some number of subdirectories under my webroot (lets say /guild1  and /guild2  etc.)
- and I have domain names registered as myguild1.com [nofollow] and myguild2.com [nofollow]
- and I have my name registrar control panel point those to the subdirs under mydomain.com [nofollow]
- example: www.myguild1.com  is Frame URL'd to  www.mydomain.com/guild1 [nofollow]
- and: www.myguild2.com  is Frame URL'd to www.mydomain.com/guild2 [nofollow]
- hence, going to www.myguild1.com [nofollow] takes you to www.mydomain.com/guild1 [nofollow] but all URLs appear to point to www.myguild1.com [nofollow]

Now, in SMF you only have the option of telling it what your domain is (via the Forum URL entry in the Server Settings), not a seperate cookie domain.  It uses this entry as the base URL for all the links but also as the cookie domain (as far as I can tell).

If I put the Forum URL as http://www.mydomain.com/guild1/smf [nofollow]  then of course all the URLs point to the correct place, and cookies are handled appropriately.  The problem is, mouse-over any links shows the true domain path (www.mydomain.com/guild1/smf).

If I put the Forum URL as http://www.myguild1.com/smf [nofollow] then you cannot log in because the cookie domain being attempted is from www.myguild1.com [nofollow] which is not the true domain that SMF is running under (www.mydomain.com).  Note: you have to delete all the cookies from www.mydomain.com [nofollow] first or it will just not let you logout after you try changing the Forum URL to www.myguild1.com.  (this is of course a scenario assuming you installed with the true domain to start with because the install will not be successful if you try with www.myguild1.com [nofollow] to start with).

As I mentioned, with phpBB there is a seperate Cookie Domain configuration setting that prevents this issue on phpBB.  Is there a workaround in SMF that I could employ (one already in place I mean) or do I need to mod the cookie routine and add a cookie domain variable?

I've tried using Local Cookies, no help there, turned of database session, no help (originally had subdomain independant)... so without delving too much further into it, I'm assuming it has to do with SMF trying to set a cookie with a domain of www.myguild1.com  while it is running under  www.mydomain.com  which is basically illegal.

[[Unknown]]

Are you using Apache?  I think the simplest solution would be to use a redirect...

How is your hosting set up?  What I would do in this situation is point "mydomain1.com" to my "domain.com" hosting account, in the subfolder "mydomain1"... Here, let me clarify: (making this up...)

www.unknownbrackets.com <-- main site.
www.unknownsmf.com <-- second site.

Now, my path to unknownbrackets.com might be /home/unknown/public_html.  In this case, unknownsmf.com might go to /home/unknown/public_html/unknownsmf (many hosts will do this, in my experience.)

I would then add a .htaccess to that path (unknownsmf) telling it to redirect everything to /smf... meaning:

RedirectEngine On
RedirectMatch ^unknownsmf(.*?)$ /smf$1

(or similar...)

This would keep the domain unknownsmf.com... everything would work fine, and so would the cookies.  As far as the web browser would be concerned, the links really would be to the other URL.

Of course, this is assuming you have it all going through one host, and you have a decent host.

The reason a separate setting for the cookie domain is not available is simple; in most cases, it's not neccessary... in fact, if you've got local and subdomain independent cookies off... it shouldn't even be needed - it will be set to the default domain, as determined by the web browser.  Furthermore, even in this case you should be able to login properly; at least for a while, because the session will kick in.

To change this manually, just find in Subs-Auth.php:

setcookie($cookiename, $data, time() + $cookie_length, $cookie_url[1], $cookie_url[0], 0);

And replace:

setcookie($cookiename, $data, time() + $cookie_length, $cookie_url[1], 'www.mydomain.com', 0);

However, if having subdomain independent cookies off, local cookies off, and database driven sessions on still causes this problem, I'd like to see a link to one of these URLs to test the situation myself; I can exaimine the cookie it's trying to set and see what, if anything, is going wrong.

-[Unknown]

[Thurnok]

Info about my server/sites:

Apache 1.3.31
PHP 4.3.8
MySQL 3.23.56

Host Provider CIHOST
HD Space: 200Gig
Unlimited Bandwidth, POPs, FTPs, Email Forwarders, etc.
Unlimited CGI / Cron use

mydomain.com and www.mydomain.com [nofollow] docroot path: /home/mydomain/www
DNS provided by CIHOST
Name Registrar - Active Domain.com [nofollow] (ENOM)

Other domain names owned = 9
Name Registrar - Active Domain.com [nofollow] (ENOM)
6 of these DNS provided by Active Domain.com [nofollow]
3 DNS provided by ZoneEdit

Sites using SMF = 2
1 DNS via Active Domain.com [nofollow], 1 DNS via ZoneEdit

All 9 other domains point to some subdirectory under mydomain.com [nofollow]'s docroot path via Active Domain.com [nofollow] or ZoneEdit.

Examples: (URL Path --- File Path)

Guild 1 (using PostNuke):
www.myguild1.com --- /home/mydomain/www/guild1
BBS/Forum for this site (phpBB 2.0.10):
www.myguild1.com/guild1bbs --- /home/mydomain/www/guild1/guild1bbs
(this is actually the one I'm testing now.  I have a duplicate for this site now as follows):
Guild 1 (using Mambo)[DNS via ZoneEdit]:
new.myguild1.com --- /home/mydomain/www/guilds/guild1
BBS/Forum for this site (SMF):
new.myguild1.com/smf --- /home/mydomain/www/guilds/guild1/smf


Guild 2 (using PostNuke):
www.myguild2.com --- /home/mydomain/www/guilds/guild2
BBS/Forum for this site (phpBB 2.0.10):
www.myguild2.com/myguild2bbs --- /home/mydomain/www/guilds/guild2/guild2bbs

Guild 3 (using PostNuke):
www.myguild3.com --- /home/mydomain/www/guilds/guild3
BBS/Forum for this site (phpBB 2.0.10):
www.myguild3.com/myguild3bbs --- /home/mydomain/www/guilds/guild3/guild3bbs

Client 1 (custom website):
www.myclient1.com --- /home/mydomain/www/clients/client1

Client 2 (custom website):
www.myclient2.com --- /home/mydomain/www/clients/client2
BBS/Forum for this site (phpBB 2.0.8):
www.myclient2.com --- /home/mydomain/www/clients/client2/phpbb

Client 3 (home site IS phpBB 2.0.8):
www.myclient3.com --- /home/mydomain/www/clients/client3

Client 4 (custom, but switching to use Mambo):
www.myclient4.com --- /home/mydomain/www/clients/client4

Family (using Mambo)[DNS via Active-Domain.com [nofollow]]:
www.myfamilyname.org --- /home/mydomain/www/myfamilyname
BBS/Forum for this site (SMF):
www.myfamilyname.org/smf --- /home/mydomain/www/myfamilyname/smf

Friend (custom website):
www.hostformyfriend.com --- /home/mydomain/www/myfriendname
BBS/Forum for this site (phpBB 2.0.8):
www.hostformyfriend.com/phpbb --- /home/mydomain/www/myfriendname/phpbb

Note: same issue for both sites I have set SMF up on



Thought about the redirect but problem is SMF is a subdir of the domain name for that website running Mambo (which is a subdir of mydomain) so... the website is at www.myguild1.com/index.php [nofollow] (running Mambo) and a link from a Mambo menu launches SMF

www.myguild1.com --- points to www.mydomain.com/guilds/guild1 [nofollow] using URL Framing (/home/mydomain/www/guilds/guild1) so that it appears to be the root.  And then SMF is a subdir of that www.myguild1.com/smf [nofollow]  (as the URL Framing makes it appear) whereas its true URL is www.mydomain.com/guilds/guild1/smf [nofollow] (/home/mydomain/www/guilds/guild1/smf).

Setting the Forum URL to www.mydomain.com/guilds/guild1/smf [nofollow] and the file paths to /home/mydomain/www/guilds/guild1/smf works just fine however I'm looking to set the Forum URL to www.myguild1.com/smf [nofollow]  (and of course leave the file path the true file path) so that links go to www.myguild1.com/smf/ [nofollow]<something>

When I do that, it will not log me in.  It gives the Dialog-centric Login box in the center of the page:



I tried doing it without cookies at all, just using Database Session - blocked cookies from my site completely.  Works if I use the mydomain.com [nofollow] URL settings, but not if I use the myguild1.com [nofollow] URL settings.  So without cookies even being created, it still has an issue which must be related to the URL Framing from the Name Registrar.  (I assume).

[[Unknown]]

Would you be against pming me with a url to just one of the guild or client SMF forums, so I can examine the cookies being sent?

-[Unknown]

[linear]

Hi, this thread is sort of on-topic for my question, but I have a simpler situation it seems.

I have set up my SMF board at http://forums.example.com/ and I'm wanting to use SSI features on my various subdomains which look like http://foo.example.com and http://bar.example.com/ and so on.

If I could set (like phpbb) my cookie domain to example.com rather than forums.example.com, I expect I could get what I want.

I can't find the admin panel way to do this. I'm willing to modify the code if I need to. Can anyone point me in the right direction please?

* further detail if needed:
I'm using the firefox web developer toolbar to inspect my cookies. When I'm on a subdomain, I do see cookies set at the domain level (example.com cookies are visible/sent to pages in foo.example.com). I have verified that SMF is setting cookies with the domain forums.example.com.

[linear]

Okay, self-replying is a sign of insanity, perhaps, but I think what I was looking for was subdomain-independent cookies, which I seem to have found (by expanding all on the Edit Features and Options menu).

Thanks just the same.

[[Unknown]]

Okay, self-replying is a sign of insanity, perhaps, but I think what I was looking for was subdomain-independent cookies, which I seem to have found (by expanding all on the Edit Features and Options menu).

Thanks just the same.

Sorry, 8:30 am I'm either still asleep or on the road, and by virtue of various time zones is bad for many other members of the support team .  I'm glad you got this sorted out, but it was exactly what I was going to say when I read your post.  Note that for this to take effect, everyone will have to log in again.

-[Unknown]

[linear]

No worries.

I learned a great deal grepping the code for "cookies" which put me on to better forum search terms than I used the first time, and then it all came clear. I thought I'd document the solution in case someone else searched later.