Odd login/logout problem

[Sir Osis of Liver]

Website and forum are in different subdirs in public_html.  If you go to website homepage, click banner link to forum, login, hit back, you return to login page, back again takes you to homepage, link back to forum you're logged out at login page.  Refresh, still logged out.  But if you open another tab and go to forum, you're still logged in.  Forum caching is disabled, tried different cookie settings, same thing.

[drewactual]

is the site https or http?

https://www.php.net/manual/en/session.security.ini.php

good little read^... i'm thinking the user contributor note at the bottom is in play here... it's because of the 'approach' (what sessions functions are ran/challenged not being the same?)...

i'm watching this one, as i've noticed it too- but ONLY when going 'back' from a login function and then to the forum.  I haven't seen it since going to memcached for sessions and tweaking the php.ini and httpd.conf carefully. 

[Arantor]

Question: are subdomain independent cookies enabled?

[Sir Osis of Liver]

Tried all combinations of cookie settings.  I moved one forum and four websites into five subdirs in /public_html, each with it's own domain.  The domains are addons, not subs.  Flipping back and forth from website to forum in one tab shows you logged out, but open another tab and you're still logged in.  Maybe some sort of caching thing, will check with support and see if they're running any server caching.  More of an oddity than a problem.

Nope, no server caching.

[Arantor]

Firstly, I don't care whether they're add on domains or not, it's not relevant. You've assumed some meaning that is wrong, subdomain independent cookies doesn't really mean that, it means more than that, because it also binds cookies in different ways based on path.

In the setup you have it may be possible that cookies are leaking but you're trying to answer questions you think I have rather than the questions I will actually have.

If you have a page at example.com and the forum in example.com/forum, setting subdomain independent cookies will let the cookies go to example.com, ie the website vs the forum.

In addition, changing the settings in "all combinations" is biased unless you're explicitly using a different browser as the admin setting page rebuilds cookies on the fly. (Though there are more combinations than 4.)

[Sir Osis of Liver]

I tried subdomain independent cookies, didn't change anything.  My browsers are configured to clear history on close (they do), and closing/opening them didn't help.  It happens in FF69, not in IE11.  I have all security/privacy options maxed in FF, but that doesn't explain why I'm logged out in same tab, logged in in new tab.  Will ask my guy which browser he's using, he found the glitch.