|
Joined: Jun 2006
Posts: 693
Addict
|
Addict
Joined: Jun 2006
Posts: 693 |
I'm on 7.5.7 on my non-BellaOnline forums.
I tend to always use Chrome.
For some reason it is now losing my logged in status after only a page or two. I'll make a post in the forum, then go to the main level to make another post. It now says I'm not logged in and that I have to log in again.
When I log in I definitely check the "keep me logged in" button - and it wasn't doing this before I upgraded.
Ideas?
|
|
|
|
Joined: Apr 2007
Posts: 3,940 Likes: 1
Former Developer
|
Former Developer
Joined: Apr 2007
Posts: 3,940 Likes: 1 |
clean all your cookies with the my cookies i use chrome here and elsewhere with no probs, but with the new cookie hashes you might just need to clean up 1st
|
|
|
|
Joined: Jun 2006
Posts: 693
Addict
|
Addict
Joined: Jun 2006
Posts: 693 |
OK more information. The key problem seems to be with my lisashea forum and my wine forum. The lisashea forum is here - http://www.wineintro.com/forum/The wine forum is here - http://www.wineintro.com/wineforum/I originally only had one forum - the lisashea forum which happened to live on the wineintro.com site for various reasons. Then over time I decided to split the wine area of that forum off into its own entity so I bought another license and made the wineforum area. Are the cookies having issues because both are on the same server?
|
|
|
|
Joined: Apr 2007
Posts: 3,940 Likes: 1
Former Developer
|
Former Developer
Joined: Apr 2007
Posts: 3,940 Likes: 1 |
maybe.. since the cookie path you probably have is '/' ? add a 2 letter cookie prefix ( i recommended this in another thread for general security practices anyway ) to each forum.. that forces a logout ( 1 time ), but makes them entirely unique
|
|
|
|
Joined: Jun 2006
Posts: 693
Addict
|
Addict
Joined: Jun 2006
Posts: 693 |
SirDude -
There we go, that did the trick. I think the cookies were cross-contaminating. Thanks!
|
|
|
|
Joined: Apr 2007
Posts: 3,940 Likes: 1
Former Developer
|
Former Developer
Joined: Apr 2007
Posts: 3,940 Likes: 1 |
good... i recommend EVERY forum owner put in a cookie prefix... this is added security, because all the cookies can no longer be sniffed by bots as easily... you are changing their names from standard... ie: 'ubbt_myid' becomes 'random prefix you typed''ubbt_myid' just 2 characters is enough ( more is fine too ), but keep it unique and you've hardened your site a wee bit more also, as a part of the upgrade process, i recommend CHANGING your prefix to something NEW.. doesn't hurt to force EVERYONE to re-login ONE time to get a fresh set of cookies.. and it's another security dealio too
|
|
|
|
Joined: Mar 2008
Posts: 262
enthusiast
|
enthusiast
Joined: Mar 2008
Posts: 262 |
maybe.. since the cookie path you probably have is '/' ? add a 2 letter cookie prefix ( i recommended this in another thread for general security practices anyway ) to each forum.. that forces a logout ( 1 time ), but makes them entirely unique So if I am reading this right, we can leave the path as '/' but we should change the prefix, right. I have upgrade the testing site first and was having a problem with login taking me to a database error only viewable by admin, but if I click back and then on forum list I was logged in.. Changed the prefix and relogged in and no error.
|
|
|
|
Joined: Dec 2003
Posts: 237
Enthusiast
|
Enthusiast
Joined: Dec 2003
Posts: 237 |
I have a prefix for my cookie setting but it doesn't have a "/" slash. It is basically: xxx_ (x's in reality are letters and it includes the underscore at the end. )
Artificial Intelligence is no match for natural stupidity!
|
|
|
|
Joined: Dec 2003
Posts: 6,560 Likes: 78
|
Joined: Dec 2003
Posts: 6,560 Likes: 78 |
The "/" is in the cookie path setting not the prefix. SD commented on changing the prefix not the path.
And BTW this is something not new to 7.5.7 just good security measures to abide by.
I guess some did not want to deal with the mass logout of all current members on the initial setting change.
Blue Man Group There is no such thing as stupid questions. Just stupid answers
|
|
|
|
Joined: Apr 2007
Posts: 3,940 Likes: 1
Former Developer
|
Former Developer
Joined: Apr 2007
Posts: 3,940 Likes: 1 |
Ruben is correct... i'd not recommend changing the cookie path.. leave it / the prefix is all important tho.. and i figure a mass logout is a small measure to add some security
|
|
|
|
Joined: Jan 2008
Posts: 514
addict
|
addict
Joined: Jan 2008
Posts: 514 |
Ruben is correct... i'd not recommend changing the cookie path.. leave it / the prefix is all important tho.. and i figure a mass logout is a small measure to add some security +1 Thanks
|
|
|
0 members (),
744
guests, and
147
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|