Cookies

[Yeehaw]

From day to day actually - or after 90 mins or so.

[Lord_Novice]

Hey =D
im that guy that were having problems with local cookies
Ok, my domain is registered and the cookies work fine now =D

But im having the same problem he is (cant log out)!! Ill try to do that code you put here and tell ya later...

Im posting it here, just so u know that more people are also having the problem...
*Gone!*

[Yeehaw]

From day to day actually - or after 90 mins or so.

So this cannot be patched? Or just isn't high up on the "must do" list (which I could understand)?

[[Unknown]]

Well, the problem is I can't really tell why it's happening.  Why aren't the cookies being set properly?

I'm telling PHP how to set the cookie - and I made sure it was saying the right things.... but for some reason the cookie isn't being set.  I'm at a loss, so I have no way to fix this.  I need more information - there has to be something CAUSING these problems.

But, the problem is this is not SMF's fault (or so it seems...) - I'm willing to work around the issue, but I currently know of no work around.

-[Unknown]

[Kris]

Can it be a register_globals problem?

[Yeehaw]

Ok, let's look at this logically.
The cookies worked properly under YaBB Gold and YaBBSE, same file/server permissions, same dirs, and  YaBBSE using a db.
Fast forward to SMF. It upgraded YaBBSE properly (other than the english.lng issue), same file/server perms, a few new dirs, and converted the db. To make cookies work even a little bit, modified the code to hang "yourdomain.com" on them, probably due to host headers on IIS5.

Here's the question: What is the difference between YaBBSE's cookie code and SMF's? What was changed?

Here's examples of both:

SMF cookie (which does not go where it's supposed to actually - c:\documents and settings\admin\local settings\temp\cookies)

Code Select Expand

dasmf
a%3A2%3A%7Bi%3A0%3Bi%3A2%3Bi%3A1%3Bs%3A32%3A%*************************************%22%3B%7D
desertaquaria.com/
1536
2904590720
29626180
3356293680
29626170
*

YaBBSE cookie (c:\documents and settings\admin\Cookies)

Code Select Expand

YaBBSE150usernamev14
a%3A2%3A%7Bi%3A0%3Bs%3A1%3A%222%22%3Bi%3A1%3Bs%3A32%3A%*********************************%22%3B%7D
www.desertaquaria.com/
1536
920802560
29693640
1548655952
29620213
*

Pretty much the same, yes? Only real difference is where they are stored, right?

Again, what is the difference between SMF and YaBBSE's cookie code? I really hope this helps you folks.

[Lord_Novice]

Very strange, without me doing anything, it came back to normal... =\
Well, ill not complain since its working =D

But, sometimes the forum sets a cookie in my main folder (unitedmappers.net): PHPSESSID=3ca54ef7a7186e039616409cfd647a27

And this cookie is merging with another cookie set up to the main folder! How do i prevent this cookie from being set...

PS: the login cookie is set normally at unitedmappers.net/forum, and local cookies is on

[EViL0nE]

I have a question about this line:

Code Select Expand

setcookie($cookiename, serialize(array($ID_MEMBER, $password)), time() + 60 * $modSettings['cookieTime'], '/', '.yourdomain.com');
Now, I don't use PHP much, and dont' have access to the code at this moment, but in php does it handle order of operations properly? (i.e., will it multiply 60 by $modSettings first, then add to time()?)

[[Unknown]]

Multiplication is always done first.

PHPSESSID is a cookie set by PHP....

Yeehaw, looks like "global cookies" is on, but otherwise they seem the same.  I too have had cookie files put in my temp folder, and this seems to be a bug in Internet Explorer.

Maybe you could try it with another browser?

http://www.mozilla.org/products/firefox/why

-[Unknown]

[Lord_Novice]

PHPSESSID is a cookie set by PHP....

-[Unknown]

Ok, what is this cookie for? And can i disable it or redirect to another folder??? Please, help me. =)

[Yeehaw]

I have Firefox installed my friend! (among others)

Check the date on the cookie SMF generated for Firefox:



Seems for some reason, the time stamp no workie when checked as "forever".

[[Unknown]]

You can redirect it to another folder in php.ini, but that's global to all of PHP...

Yeehaw, I'm now very worried that your server is using the WRONG time.  It looks like it's set a year in the past. (or something but I guess it's not.)

-[Unknown]

[Yeehaw]

Right time - bad cookie



NEXT!

[[Unknown]]

Okay, try this:

setcookie($cookiename, serialize(array($ID_MEMBER, $password)), time() + 31536000, '/', '.desertaquaria.com');

-[Unknown]

[Yeehaw]

Okay, try this:

setcookie($cookiename, serialize(array($ID_MEMBER, $password)), time() + 31536000, '/', '.desertaquaria.com');

-[Unknown]

load.php? loginout.php?

[Yeehaw]

modifed loginout.php - no change. Firefox reports cookie is good for one hour.

[[Unknown]]

Add before that:

die(timeformat(time() + 31536000));

-[Unknown]

[Yeehaw]

same same.

Here's the code currently in loginout.php concerning cookies up to this point:

Code Select Expand

// Get ready to set the cookie...
$username = $_REQUEST['user'];
$ID_MEMBER = $user_settings['ID_MEMBER'];
$password = md5_hmac($md5_passwrd, 'ys');
$cookie_url = url_parts();

// Bam!  Cookie set.  A session too, just incase.
setcookie($cookiename, serialize(array($ID_MEMBER, $password)), time() + (60 * $modSettings['cookieTime']), $cookie_url[1], $cookie_url[0], 0);
$_SESSION['login_' . $cookiename] = serialize(array($ID_MEMBER, $password, time() + (60 * $modSettings['cookieTime'])));

// Reset the login threshold.
if (isset($_SESSION['failed_login']))
unset($_SESSION['failed_login']);

$user_settings['additionalGroups'] = explode(',', $user_settings['additionalGroups']);

// Are you banned?
unset($_SESSION['ban']['last_checked']);
$user_info['is_guest'] = false;
$user_info['is_admin'] = $user_settings['ID_GROUP'] == 1 || in_array(1, $user_settings['additionalGroups']);
is_not_banned();

// An administrator, set up the login so they don't have to type it again.
if ($user_info['is_admin'])
$_SESSION['admin_time'] = time();

// You've logged in, haven't you?
updateMemberData($ID_MEMBER, array('lastLogin' => time(), 'memberIP' => '\'' . $_SERVER['REMOTE_ADDR'] . '\''));

// Get rid of the online entry for that old guest....
db_query("
DELETE FROM {$db_prefix}log_online
WHERE session = 'ip$_SERVER[REMOTE_ADDR]'
LIMIT 1", __FILE__, __LINE__);
$_SESSION['log_time'] = 0;

// Precaution - maybe the login page was linked to directly...?
if (empty($_SESSION['login_url']))
$_SESSION['login_url'] = $scripturl;

// Just log you back out if it's in maintenace mode and you AREN'T an admin.
if (empty($maintenance) || allowedTo('admin_forum'))
redirectexit('action=login2;sa=check;id=' . $ID_MEMBER);
else
redirectexit('action=logout;sesc=' . $sc);
}

// Log the user out.
function Logout()
{
global $scripturl, $db_prefix, $sourcedir, $ID_MEMBER;
global $cookiename, $maintenance, $guestaccess;

include_once($sourcedir . '/Subs-Auth.php');

// Make sure they aren't being auto-logged out.
checkSession('get');

// If you log out, you aren't online anymore :P.
db_query("
DELETE FROM {$db_prefix}log_online
WHERE ID_MEMBER = $ID_MEMBER
LIMIT 1", __FILE__, __LINE__);
$_SESSION['log_time'] = 0;

// Empty the cookie!
$cookie_url = url_parts();
die(timeformat(time() + 31536000));
setcookie($cookiename, serialize(array($ID_MEMBER, $password)), time() + 31536000, '/', '.desertaquaria.com');

// Clear everything!
$_COOKIE = array();
$_SESSION['login_' . $cookiename] = serialize(array(0, '', 0));

// Off to the merry board index we go!

[[Unknown]]

Add before that:

die(timeformat(time() + 31536000));

-[Unknown]

Did you add this?  It most certainly should be *different.*

-[Unknown]

[Yeehaw]

I posted the code as it is right this minute - there was no difference in the cookie - will last one hour according to Firefox.