User not staying logged in outside of forum

[JH14]

Hi all,

I've integrated the SMF forum with my website however the users are not staying logged in when for example the browser is closed and then the user goes back to the site. The forum has them logged in but not the main site.

The SSI is being called at the start of every page and I'm using the below code (PHP) to show either a login button or not.
if ($context['user']['is_logged']){
   echo '
   ';
}
else{
   echo'
      <li class="nav-item">
         <a class="nav-link" href="forum/index.php?action=login">Login</a>
      </li>
   ';
}


However for validation before posting this with the code:

<?php
if($context['user']['is_logged']){
   echo'TRUE';
}
else{
   echo'FALSE';
}
?>

It is displaying FALSE

Any suggestions?

Regards,
JH14

[Arantor]

Set the cookies to be subdomain independent in the cookies configuration.

[JH14]

Should I untick the checkbox above as well or not?

[Arantor]

Given that you're using SSI and the wording for local cookie storage explicitly says "(SSI won't work well with this on.)" I wouldn't turn it on...

[JH14]

I end up with this error after doing anything now:

Session verification failed. Please try logging out and back in again, and then try again.

It will not allow me to logout of the site

[Arantor]

So wait, you now have local cookies turned *on* and subdomain cookies? (The very combination it says you shouldn't have...)

[JH14]

No local are off and Global are on. And that error shows

[Arantor]

And where are you trying to log out?

[JH14]

On the forum.

Logging in on an incognito tab also fails and gets the same error

[Arantor]

I'd get the first one, because the cookies were previously bound to whatever folder your forum was in (which is what subdomain independent does, it forces the cookies to go up a scope)

But I've not seen this other behaviour. Try clearing all the cookies to your site first?

[JH14]

That doesn't seem to have any effect.

[Arantor]

OK... link to site? I don't need or want a test account yet, I just want to see what SMF's base cookie behaviour is doing on your setup.

[JH14]

sent in PM

[JH14]

I now get this:

You were unable to login. Please check your cookie settings.

[Arantor]

I don't generally approve of people sending me PMs on the basis that 1) it's kind of rude to do it without asking first, 2) it encourages more people to do so and 3) it limits the amount of help other people can get.

In this situation I'd have to say there's something funny going on with CloudFlare dropping the pre-existing session cookie along the way, though your multi-level folder structure really doesn't help matters.

[JH14]

The 'Force cookies to be secure' is greyed out do I have to enable HTTPS beforehand and if so do you know where the tab is. as from a search on the main administration page I can't find anything apart from that box

Also the PM was as the URL is for the test platform that should not be accessible from anywhere. Apologies for that

[Arantor]

Just would have been nice to have been asked first, is all.

The force cookies to be secure part is because SMF doesn't actually see the connection as secure - even though the browser does, it's not getting through to SMF that it's secure, almost certainly related to CloudFlare again.

[JH14]

Right, I have sorted the cloudflare issue I think and the forum now recognises that it has a secure connection but I am still getting that same error. The one about the sessions. Both on an incognito tab where the user is not previously logged in as well as the tab where I am currently logged in. When I take it off of the global and put it back on local it all works fine.

All of this is being done through the forum pages as well and not any other pages, not in the forum directory

Thanks

[Arantor]

In which case SMF does not support your use case without some serious reworking of the session handling.