Uutiset:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu
Advertisement:

Odd login/logout problem

Aloittaja Sir Osis of Liver, syyskuu 29, 2019, 07:25:26 IP

« edellinen - seuraava »
Tulosta
Siirry alas Sivuja1
Käyttäjän toimet

Sir Osis of Liver

syyskuu 29, 2019, 07:25:26 IP
Website and forum are in different subdirs in public_html.  If you go to website homepage, click banner link to forum, login, hit back, you return to login page, back again takes you to homepage, link back to forum you're logged out at login page.  Refresh, still logged out.  But if you open another tab and go to forum, you're still logged in.  Forum caching is disabled, tried different cookie settings, same thing.
When in Emor, do as the Snamors.
                              - D. Lister

drewactual

#1
syyskuu 29, 2019, 11:42:43 IP
is the site https or http?

https://www.php.net/manual/en/session.security.ini.php

good little read^... i'm thinking the user contributor note at the bottom is in play here... it's because of the 'approach' (what sessions functions are ran/challenged not being the same?)...

i'm watching this one, as i've noticed it too- but ONLY when going 'back' from a login function and then to the forum.  I haven't seen it since going to memcached for sessions and tweaking the php.ini and httpd.conf carefully. 

Arantor

#2
syyskuu 30, 2019, 02:09:22 AP
Question: are subdomain independent cookies enabled?
Holder of controversial views, all of which my own.

Sir Osis of Liver

#3
syyskuu 30, 2019, 12:32:35 IP Viimeisin muokkaus: syyskuu 30, 2019, 12:52:36 IP käyttäjältä Sir Osis of Liver
Tried all combinations of cookie settings.  I moved one forum and four websites into five subdirs in /public_html, each with it's own domain.  The domains are addons, not subs.  Flipping back and forth from website to forum in one tab shows you logged out, but open another tab and you're still logged in.  Maybe some sort of caching thing, will check with support and see if they're running any server caching.  More of an oddity than a problem.

Nope, no server caching.

When in Emor, do as the Snamors.
                              - D. Lister

Arantor

#4
syyskuu 30, 2019, 02:30:24 IP
Firstly, I don't care whether they're add on domains or not, it's not relevant. You've assumed some meaning that is wrong, subdomain independent cookies doesn't really mean that, it means more than that, because it also binds cookies in different ways based on path.

In the setup you have it may be possible that cookies are leaking but you're trying to answer questions you think I have rather than the questions I will actually have.

If you have a page at example.com and the forum in example.com/forum, setting subdomain independent cookies will let the cookies go to example.com, ie the website vs the forum.

In addition, changing the settings in "all combinations" is biased unless you're explicitly using a different browser as the admin setting page rebuilds cookies on the fly. (Though there are more combinations than 4.)
Holder of controversial views, all of which my own.

Sir Osis of Liver

#5
syyskuu 30, 2019, 09:23:02 IP
I tried subdomain independent cookies, didn't change anything.  My browsers are configured to clear history on close (they do), and closing/opening them didn't help.  It happens in FF69, not in IE11.  I have all security/privacy options maxed in FF, but that doesn't explain why I'm logged out in same tab, logged in in new tab.  Will ask my guy which browser he's using, he found the glitch.
When in Emor, do as the Snamors.
                              - D. Lister
Tulosta
Siirry ylös Sivuja1
Käyttäjän toimet
Advertisement: