1 (edited by ethos 2006-06-14 16:26)

Topic: Craaaaaaaaaazy Cookies

Okay. So I am running a PunBB on my website. The url is http://dreamsfade.com/board; however, the site can also be accessed using http://www.dreamsfade.com/board, http://board.dreamsfade.com, http://www.board.dreamsfade.com, and (temporarily) http://dreamsfade.com and http://www.dreamsfade.com.

(sigh)

Now the problem I am having is that when I login, usually I can logout right away perfectly fine, however if I login and browse the forum a bit, viewing the first page after index.php automatically makes it impossible to logout. I have tried everything. On occasion, if I login at http://dreamsfade.com/board, browse somewhere, and then have a logout failure, I can type http://www.dreamsfade.com/board, click the login link there, which will not log out successfully, but then if I return to http://dreamsfade.com/board, I will be logged out from that page. This is not a consistently reproduceable behavior.

I know that punBB doesn't get a long with a mixture of domains, but I have tried everything to make this work. I have adjusted the domain cookie, fooled around with my subdomains and redirects in CPanel, even reinstalled PunBB. I really like the PunBB software, but I have to wonder if the paranoid security conscious view of sessions is enough to justify the incredibly decreased usability. My users will not be discussing national secrets, after all.

Anyway, if anyone has some suggestions please let me know. I have a Cpanel interface available to me, and I am handy enough with PHP to modify anything.

I appreciate your help.

2

Re: Craaaaaaaaaazy Cookies

Have you tried picking one base URL and redirecting all the other possibilities to that?  I did that on my board so it could be accessed both with and without "www." in the URL, and it seems to work pretty well.

3 (edited by Smartys 2006-06-14 21:20)

Re: Craaaaaaaaaazy Cookies

You want a login to one URL to work for all?
Set $cookie_domain in config.php to  ".dreamsfade.com" (without the quotation marks)
Of course, after you do this make sure to clear all the various cookies you accumulated from the different addresses

4

Re: Craaaaaaaaaazy Cookies

Smartys, that's what it's currently set at.

And it's not working.

Re: Craaaaaaaaaazy Cookies

Your symptoms sound like a cookie collision. Are you sure you've tried clearing your cookies?

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: Craaaaaaaaaazy Cookies

I just tested: it works fine for me
I think Rickard is right, you simply have older cookies you haven't cleared

7

Re: Craaaaaaaaaazy Cookies

Rickard, Smartys, I went into the firefox preferences menu, selected view cookies, and deleted every cooke for my site one by one.

At present, the only cookie for punbb is as follows:

Name: punbb_cookie
Content:
Domain: .dreamsfade.com
Path: /
Send For: Any Type of Connection
Expires: At end of Session

Okay, I've tried the following, all with failure (deleting my cookies after each attempt):

Login at http://dreamsfade.com/board, logout immediately after login. Failed
Login at http://www.dreamsfade.com/board, logout immediately after login. Failed
Login at http://www.dreamsfade.com/board, navigate to http://dreamsfade.com/board/index.php immediately after login, logout. Failed.
Login at http://dreamsfade.com/board, navigate to http://www.dreamsfade.com/board/index.php immediately after login, logout. Failed.

Here is all of my pertinent information.
$cookie_name = 'punbb_cookie';
$cookie_domain = '.dreamsfade.com';
$cookie_path = '/';
$cookie_secure = 0;
$cookie_seed = '912941e0';

Absolute URL to Board: http://dreamsfade.com/board

Base URL from the Admin->Options page: http://dreamsfade.com/board

Subdomain:
http://board.dreamsfade.com redirects to http://dreamsfade.com/board/
http://www.board.dreamsfade.com redirects to http://dreamsfade.com/board/ (not explicitly set, just seems to work that way.)

Redirects:
http://dreamsfade.com redirects to http://dreamsfade.com/board
http://www.dreamsfade.com redirects to http://www.dreamsfade.com/board (can't find how to change this)

The cookie seems to be the same regardless of whether I login from http://www.dreamsfade.com/board or http://dreamsfade.com/board.

If I've missed any pertinent information, please let me know.

Thanks for your help guys. This is driving me crazy.

Re: Craaaaaaaaaazy Cookies

I don't know what to tell you: it works in both Firefox 1.5.0.4 and IE6 for me. The settings are all correct. Thus, it must be something on your computer.

9 (edited by ethos 2006-06-15 17:08)

Re: Craaaaaaaaaazy Cookies

Alright, I cleared all private data in Firefox. I logged in. Clicked the logout button, and it worked. Then I logged in again, clicked on a link to a forum, then clicked the logout button, and it didn't work.

There isn't a limited number of login/logouts in a given time period, is there?

Is my path correct?

10 (edited by Smartys 2006-06-15 17:10)

Re: Craaaaaaaaaazy Cookies

No to the logouts, yes to the path
Like I said, your settings are perfect and they work (at least for me)

And oddly enough it has now stopped working when I try to logout. One second

Re: Craaaaaaaaaazy Cookies

OK, I found the problem
Your server is sending this

Cache-Control: post-check=0, pre-check=0, max-age=18000
Expires: Thu, 21 Jul 1977 07:30:00 GMT, Thu, 15 Jun 2006 22:13:24 GMT

When PunBB doesn't send max-age and only has the 1977 bit. My problem was fixed when I turned off caching, so that would be the issue

12

Re: Craaaaaaaaaazy Cookies

Smartys, turn off caching on the server, or locally?

13 (edited by Smartys 2006-06-15 17:26)

Re: Craaaaaaaaaazy Cookies

Whatever the server (not PunBB) is sending is interfering with the logout process