[Done] Cookie Fix

[Aether]

Ok... I think I've managed to do it (I did it manually  )...

But it's not working!

I'm using IE 5.0, my host is using PHP 4.2.2 and MySQL 3.23.41

www.4gigs.com/~aether/aetforum/yabbse

you know the "/yabbse/" and the ".yourdomain.com", for me would that be "/aetforum/yabbse/" and ".4gigs.com/~aether", or "/~aether/aetforum/yabbse/" and ".4gigs.com"?


<edit>
I've just realised that it's not even creating a cookie anymore...  
</edit>

[Gobalopper]

With the fix it should only create a cookie when you login. There is no need for it to create a cookie when you are a guest and just looking at pages.

You would set your domain to ".4gigs.com" and the directory should be "/~aether/aetforum/yabbse/".

Also if you've been messing around with it and not getting it to work you should delete your cookies each time you try a new approach as the old ones will cause problems with any new cookies unless you change the name each time.

[Aether]

Yeah. I need to change that domain and diretory then.

But the thing is, it's not even creating a cookie when I login. I deleted my cookies like I was supposed to, and no cookie was created when I triend to log on.

I'll try modding again, and hopefully it will work.

[the_tuck]

after painstakingly searching through all the files and adding the domain to all the cookies, changing the cookie name, etc etc etc i was still having a problem on one server (call it server A), while the scripts have been running perfectly on another of my servers (call it server B).

on server A the users had to login twice to be really logged in (if it they could log in at all). i ran a bunch (bunch!) of tests and what was happening was that when a user logged in the first time, the only value set in the cookie was expiretime. the username and password were nowhere to be found. yet the log_online table of the database showed the user as logged in. also, the user would initally appear to be logged in. they would see the proper welcome message, etc. but if they clicked on any links and navigated away from the page, they would suddenly be guests again. when they logged in a second time, the cookie would be properly set with expiretime, username, and password, and they could navigate without be turned into a guest.

over several hours, i traced the source of this problem to Load.php, in this part of the code:

Code Select Expand

function LoadCookie (){
   global $cookiepassword,$cookieusername,$password,$username,$HTTP_COOKIE_VARS;

   if( isset($HTTP_COOKIE_VARS[$cookiepassword]) && isset($HTTP_COOKIE_VARS['expiretime']) && $HTTP_COOKIE_VARS['expiretime'] > time())
   {
      $password = $HTTP_COOKIE_VARS[$cookiepassword];
      $username = (isset($HTTP_COOKIE_VARS[$cookieusername]) && $HTTP_COOKIE_VARS[$cookieusername] != "") ? $HTTP_COOKIE_VARS[$cookieusername] : 'Guest';
   }
   else
   {
      /* clear the cookies
         note that in php, setCookie is called in reverse order - so we set it to an
         expired time 'after' clearing it */
      setCookie($cookieusername);
      setCookie($cookieusername,'',time()-86400,"/",".domain.com");
      setCookie($cookiepassword);
      setCookie($cookiepassword,'',time()-86400,"/",".domain.com");

      /* clear the password and the username */
      $password = '';
      $username = 'Guest';
   }
}
what this code was doing (for reasons i have not tracked down precisely yet) was logging the user back out immediately. for some reason, this wasn't happening the second time. but i am sure this is problem because when i commented out

Code Select Expand

/*      setCookie($cookieusername);
      setCookie($cookieusername,'',time()-86400,"/",".domain.com");
      setCookie($cookiepassword);
      setCookie($cookiepassword,'',time()-86400,"/",".domain.com"); */
like that, it works perfectly on the first login.

again, let me note that the scripts are functioning flawlessly on server B. the only pertinent difference i could find was in a slight php version difference. server A (the problem server) is running PHP Version 4.1.2, while server B is running PHP Version 4.2.2. one slight difference between these versions is the session.use_trans_sid, which is in 4.2.2 but not 4.1.2. i'm not sure exactly why this makes such a big difference, but i am really glad my board is running properly on server A. i hope this helps you troubleshoot exactly what the problem is that some of us are experiencing.

[Mach8]

I actually have the same problem on my forum. Until recently one of my admins could login fine, but the past month he can't login.

It shows him as logged in, but when he clicks something he gets logged out almost immediately.

I've tried the cookie fix in this mod, various techniques recommended at php.net, and the latest fix you've suggested. All have not worked.

Yes, he's using IE6, but he assures me all his privacy settings are set at a minimal level.

[Gobalopper]

Did he delete his cookies he had stored previously for your site?

the_tuck unless I'm missing something the cookie fix already makes the change you mention.

[Mach8]

He's just done a hard delete of them, i.e. go to the cookies directory and delete them.

Still can't login

[the_tuck]

Gobalopper - oops. yes, your patch includes my fix. i arrived at my fix independently, by finding every cookies interaction in all the yabbse scripts and scrutinizing them. i wasn't getting anywhere until i commented out those four lines in Load.php, and then everything started working perfectly. commenting those lines out partially disables the timeout feature, does it not? but only partially, and its no biggie.

Mach8 - what version of php are you running on the problem server? what is session.use_trans_sid set to? in some odd way, its as though the server dosen't get the cookie settings properly set before it hits Load.php, under certain particular server conditions.

as i was making changes, i would always go back to settings.php and rename the cookie. its the quickest and easiest way to make sure your changes take effect.

since i commented out those four lines in Load.php, my users have been reporting a marked improvement in performance.

[joker]

Still can't login

Cookies are stored in '/Temporary Internet Files' directoty too. Our phone support lets users rename and re-create the TWO directories. This often solved that problem.

[Mayhem]

My turn to be a pai... erm... to have problems  

I can log in fine on my home comp, but my work comp gives me headaches. However I'm not terribly fussed about that, I'm just concerned over some of my members having the same problems - login, click a link to view a page, get asked to login again, login, click a link to view a page, get asked... and the cycle goes on and on.

I am about to implement the mod given but I just had a quick question. In the code you say to keep that "." in front of "yourdomain.com". Is that assuming that your forums are on your "www.yourdomain.com" address? You see, my address is "forums.yourdomain.com" and is on a completely different server to my "www.yourdomain.com" So I just want to be sure about what exactly I have to change in the code to make it work.

[phark]

Is the cookie issue finally going to be fixed in 1.5 or is that a 2.0 thing?

I don't have the cookie issue anymore since I switched to a CMS version based on YaBB SE.  But I feel for you, I had many days of headaches regarding the cookies issue.

[Gobalopper]

The .yourdomain.com is for the domain the messageboard is on. So if you had forum.someplace.com and your regular site was at www.someplace.com you could just use .someplace.com as the text for that part. If you do that the cookie will work anywhere on that domain someplace.com regardless of what the subdomain is.

I did this because some sites use both www.site.com or site.com and there would cause problems with the cookie being recognized if you don't set that field.

[edlomon]

hello,

i have some users with the problem and im wondering what kind is it? is it a boardmod or yabb pak? would be very helpful to know.thx.

[Gobalopper]

Right now its just BoardMod but it should be included with the 1.5 release so you could wait for that.

[edlomon]

ok or you can tell me how to work it on boardmod cause i only know how to work yabb pak.so if u can tell me how to run boardmod ill get it done now than later.