1 (edited by sublinear 2007-02-03 03:12)

Topic: Disabling "auto-login" (due to cookies) between sessions

I setup PunBB for a client of mine, and they're lovin' every minute of it so far. Unfortunately, their latest request has me stumped... They're using the forum to discuss sensitive information, and it irks them that their web browsers remember to keep them logged in, even after they close and open their browser again. Is there a quick fix to make PunBB request that users login on every session? I've tried removing and modifying different bits of cookie code, but it either just breaks the login completely, or throws out other unexpected errors.

Re: Disabling "auto-login" (due to cookies) between sessions

FIND

if (version_compare(PHP_VERSION, '5.2.0', '>='))
        setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure, true);
    else
        setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure);

REPLACE WITH

if (version_compare(PHP_VERSION, '5.2.0', '>='))
        setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), 0, $cookie_path, $cookie_domain, $cookie_secure, true);
    else
        setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), 0, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure);

Re: Disabling "auto-login" (due to cookies) between sessions

What page is the coding in that needs to be modified?

4

Re: Disabling "auto-login" (due to cookies) between sessions

functions.php

Re: Disabling "auto-login" (due to cookies) between sessions

anyway to have people logged out after 2 days (or n days) of inactivity?

Punbb w/coppermine and wordpress integrated

see my hack to integrate punbb with wordpress comment system.
Illustration Community

Re: Disabling "auto-login" (due to cookies) between sessions

nickfzx wrote:

anyway to have people logged out after 2 days (or n days) of inactivity?

Put an if statement before setting the cookie, if expire is more than n days (in seconds) in the future, set expire to n days (in seconds) in the future

Re: Disabling "auto-login" (due to cookies) between sessions

cool i will give it a try

Punbb w/coppermine and wordpress integrated

see my hack to integrate punbb with wordpress comment system.
Illustration Community