|
ForumsSega Master System / Mark III / Game GearSG-1000 / SC-3000 / SF-7000 / OMV |
Home - Forums - Games - Scans - Maps - Cheats - Credits Music - Videos - Development - Hacks - Translations - Homebrew |
Author | Message |
---|---|
|
[Forums] Problems logging in?
Posted: Fri May 23, 2008 5:22 pm
|
As part of a site modification I've changed the forum cookie path. After doing that, I was unable to log in until I deleted the cookie.
In Firefox, you can press Shift+Ctrl+Delete and change the options to delete all your cookies, or go to Tools -> Options -> Privacy -> Show Cookies... to be more precise. In Internet Explorer, go to Tools -> Internet Options -> General -> Delete Cookies... or to be more precise it's Tools -> Internet Options -> General -> Settings... -> View Files... and look for the smspower.org forums cookie. The site modification is an attempt to let you use your forum login for other parts of the site, where appropriate. |
|
|
Posted: Sat May 24, 2008 1:31 am |
What happens if I'm still logged in and I didn't notice about the change? Should I log out and log in again? | |
|
Posted: Sat May 24, 2008 6:38 am |
It probably would not hurt.
What will generally happen is that for those who are already logged in they will end up with two cookie files. One will point to smspower.org/forums & the other to smspower.org/. Your browser will try to send the old session data and the site will invalidate the session and prevent you from logging in. |
|
|
Posted: Sat May 24, 2008 10:18 am |
I think it's a real problem. You can't expect the most casual users to even be reading this forum (website forum). I would strongly advise fixing it, maybe reverted to the old cookie path and use that for the site as a legacy thing? Or figure out a way in site code to work around it. | |
|
Posted: Sat May 24, 2008 11:28 am |
It's not that big of a deal Bock, such cookie issues are common and at worse Maxim could simply post an advisory until people get used to it.
It can't really be fixed server side as its browser specific. If he reverts the to the old cookie path then the browser will only ever send the cookie if the url points to smspower.org/forums, meaning it can't be used in other areas of the site. |
|
|
Posted: Sat May 24, 2008 11:48 am |
Hmm.. Not that I have a solution now, but it is really a big deal. Many readers have no idea what a cookie is. I never had to clear cookies of my browsers for any site I've been using in the past years.
I guess it can be fixed or detected server-side, it's only PHP code running and we can handle everything given the time to code it. |
|
|
Posted: Sat May 24, 2008 12:53 pm |
Will this problem show up for users (like myself) who clear out their cache every time their browser closes? | |
|
Posted: Sat May 24, 2008 2:59 pm |
No. |
|
|
Posted: Sat May 24, 2008 7:55 pm |
It can not be coded around server side because control of the cookie is entirely in the hands of the browser. The server can only request a cookie, it has no control over which version of the cookie gets returned to it, this is due to a security feature of the cookie specification to prevent cookie stealing. However that being said: setcookie ("smspower_forum_data", "", time() - 3600, "/forums/", ".smspower.org");
before any other page output should cause the old cookie to expire and be deleted automatically. |
|
|
Posted: Sun May 25, 2008 10:20 pm |
What makes this problem worse is that people that have the old cookie can't even do anonymous posts.
Philipp |
|
|
Posted: Sun May 25, 2008 10:36 pm |
I applied djbass's fix. It seems to help.
I apologise for the inconvenience this has caused. It it horrible to cause such problems but being able to use the forums login code and cookie for the rest of the site really helps make the site experience easy and it's something we've always intended to do anyway. The dev and cheats wikis are hooked up to it now, and it seems to work very nicely. Well, as far as I can tell... |
|
|
Posted: Mon May 26, 2008 8:26 am |
Awesome job Maxim!
Hopefully on next year competition we'll have no excuse not to setup a proper voting form now that we have logins :) |
|
|
No automatic login
Posted: Tue May 27, 2008 12:09 am
|
Guys,
Everytime I open forums on fresh session of IE7 it requires me to login... the "remember my login" checkbox doesn't seem to be working. |
|
|
Posted: Tue May 27, 2008 8:12 am |
Hmm, I'm seeing the same on IE6. It seems not to be setting the cookie any more. It seems as if the timeout on one cookie (the one we want to expire) affects the other (the one we want to persist), which is crazy, but that's IE for you.
If I get time I'll fix it by making a new page for cookie-killing and just link to it from the login screen ("Click here if you keep having to log in"). For now, I've made a small change that seems to now allow the cookie to persist for the browser session. |
|
|
Posted: Tue May 27, 2008 4:16 pm |
Didn't work for me Maxim.
This time I've overriden the medium security settings, and customized it, allowing session, primary and secondary cookies. Even that wouldn't make me login automatically the second time... |
|
|
Re: No automatic login
Posted: Tue May 27, 2008 5:05 pm
|
That explains it www.getfirefox.com |
|
Unlogged person
|
Posted: Tue May 27, 2008 5:15 pm |
hehe I already have it Tom thanks. But this site should not be browser-specific. | |
|
Posted: Tue May 27, 2008 5:51 pm |
No, it should not.
Here's what the site is telling the browser to do when I log in: Set-Cookie: smspower_forum_data=*blah*; expires=Wed, 27 May 2009 17:48:58 GMT; path=/; domain=.smspower.org
Set-Cookie: smspower_forum_sid=*blah*; path=/; domain=.smspower.org Set-Cookie: smspower_forum_data=deleted; expires=Mon, 28 May 2007 17:48:57 GMT; path=/forums; domain=.smspower.org IE is somehow taking that to mean "set the first cookie to expire immediately". I'll implement a fix a little later. |
|
|
Posted: Tue May 27, 2008 6:30 pm |
OK, it seems fixed for me now in IE6:
Test 1: - I am logged out - I log in, selecting the "automatically" box - I am logged in - I go to Google - I come back by typing the address - I am still logged in Pass Test 1: - I am logged out - I log in, not selecting the "automatically" box - I am logged in - I go to Google - I come back by typing the address - I am still logged in Pass - the unchecked box means my login persists for this browser session Test 3: - I am logged out - I log in, selecting the "automatically" box - I am logged in - I close IE and open it again - I come back - I am still logged in Pass - the checked box means I am automatically logged in so long as I come back within 1 year Test 4: - I am logged out - I log in, not selecting the "automatically" box - I am logged in - I close IE and open it again - I come back - I am not logged in Pass - that's the way it's supposed to work I don't have access to IE7 so I can't test that explicitly. |
|
|
Posted: Tue May 27, 2008 7:21 pm |
Well.. for the record I use IE7 and I've not had any problems at all. | |
|
Posted: Tue May 27, 2008 7:42 pm |
Well I tested on 2 more machines here in my office, one running Xp x64 and other Vista Business x32, both IE7
The 3rd test fails on both. I'm installing http headers viewing on my machine to check what is coming to the browser. |
|
|
Posted: Tue May 27, 2008 8:02 pm |
Maxim:
Set-Cookie: smspower_forum_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; expires=Wed, 27 May 2009 19:59:12 GMT; path=/; domain=.smspower.org Set-Cookie: smspower_forum_sid=27c14f617d1692a7935c26caf2026899; path=/; domain=.smspower.org Set-Cookie: smspower_forum_data=deleted; expires=Mon, 28 May 2007 19:59:11 GMT; path=/forums; domain=.smspower.org The same cookie key is being deleted after it's set by the first header. I would try to invert those settings (i.e. deleting first, setting at the end): Set-Cookie: smspower_forum_data=deleted; expires=Mon, 28 May 2007 19:59:11 GMT; path=/forums; domain=.smspower.org Set-Cookie: smspower_forum_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; expires=Wed, 27 May 2009 19:59:12 GMT; path=/; domain=.smspower.org Set-Cookie: smspower_forum_sid=27c14f617d1692a7935c26caf2026899; path=/; domain=.smspower.org Perhaps that will help ! |
|
|
Posted: Wed May 28, 2008 4:36 am |
Its not the same cookie at all. If you look closer you will see they both share different cookie paths (one at /, the other at /forums/).
Ideally you still want to delete the cookie first anyway, which is why I suggested putting the code at the very start of the php block. However if phpBB is using the output buffering feature it may be intercepting the header before the standard function can. From the browsers perspective is really where its more important. It connects to www.smspower.org and looks to see if there is a cookie available for this domain. It sees there are 2 for smspower.org. Then it checks the URL path and sees where we are pointing to www.smspower.org/forums It finds a cookie with the path pointing to /forums and sends that one (ie the wrong one). The last step is likely where the problem is occuring, but I am unsure how each browser handles multiple cookies for the same domain. I don't know if there is a protocol in place or if anything goes. |
|
|
Posted: Wed May 28, 2008 8:25 am |
I reordered the cookie lines, maybe that'll help. | |
|
Posted: Wed May 28, 2008 3:55 pm |
It DID !
YAY \o/ \o/ \o/ |
|
|
Posted: Wed May 28, 2008 4:44 pm |
*phew*
OK, episode over then... |
|