UBB.threads PHP Forum Software Community Forums UBB.threads 6 Version 6 Support Cookies don't work -- but sessions do (Apache 2/Linux)

Banged my head against cookies for a while. The server would not give me any. I would log in, go to the start page, and then from there anything I would click would complain that I am not logged in. Tried setting the cookie path to "/". It didn't help.

Switched to sessions, set the session path, and now it works. But I would prefer to use cookies. Any suggestions?

Chris

Is this an upgrade? Have you tried clearing your previously set cookies?

---
- Allen <img src="http://www.stand318.com/ubb/graemlins/wavey.gif" alt=" - " />
- Stand318
- UBBâ„¢ Developers Network | UBBThreadsâ„¢ Developers Network

This is a new install of the 6.0 Beta. I have tried with many different browsers from many different computers; I have turned on cookie notification and I never get sent any cookies when I have the tracking set to 'cookies' -- but when I set it to 'sessions' it does issue session cookies.

Help! <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" />

Chris

No one knows anything about why sessions might work but cookies don't?

You most likely need to configure your browser to accept the cookies being sent:

Browser Problems

Have a read over that and let me know.

Regards,

Brett Harris
Infopop Corporation

Sorry, try again. <img border="0" title="" alt="[Smile]" src="images/icons/smile.gif" /> By day, I engineer an internet portal, so while I appreciate your intentions, I don't need to have explained to me how to enable cookies in my browser.

As I said before, I get session cookies just fine, but the software seems to not send them out when they are not session cookies. At least, I can tell you that I receive cookies when I have the tracking set to 'sessions,' and I presume the tracking is then done through session cookies, and not browser cookies. When I set tracking to 'cookies,' I receive NO cookies of any kind. I've looked at the HTML stream through snoop and there is never any cookie-setting directive.

Any other ideas?

So it doesn't even try to set a cookie at all when you log in and it's set to cookie mode? I'm not sure how familiar you are with php scripts, but if you look at about line 1015 of ubbt.inc.php you'll see where the cookies are being set. Basically it checks to see if it's in session mode and if not it calls some standard setcookie functions to set the cookies.

-------------------
Rick Baker
UBBThreads developer

Firewall stripping the cookies? I was not trying to insult your intelligence, but that article covers firewalls, clock time & a variety of other issues related to cookies.

Regards,

Brett Harris
Infopop Corporation

</font><blockquote><font size="1" face="">quote:</font><hr /><font size="" face="">Originally posted by Brett Harris:
I was not trying to insult your intelligence, but that article covers firewalls, clock time & a variety of other issues related to cookies.</font><hr /></blockquote><font size="" face="">Unfortunately, it's got nothing to do with his problem. It's the release of PHP he's running... I just walked through the same problem, and all the "it's IE 6" misdirections here didn't help me find it. See the setcookie() only sets last call bug report.

In short, since there are all these calls:

<pre>
setcookie("w3t_myid","$Uid",time()+$config['cookieexp'],"{$config['cookiepath']}");
if ( ($rememberme) &#0124;&#0124; ($w3t_key) ) {
setcookie("w3t_key","$autolog",time()+$config['cookieexp'],"{$config['cookiepath']}");
}
setcookie("w3t_mysess","$newsessionid","0","{$config['cookiepath']}");
setcookie("w3t_language","$ubbt_language",time()+$config['cookieexp'],"{$config['cookiepath']}");
setcookie("ubbt_pass","",time()-3600,"{$config['cookiepath']}");
setcookie("ubbt_dob","",time()-3600,"{$config['cookiepath']}");
</pre>

in the do_login() method of main.inc.php, it's only the last <pre>setcookie()</pre> call that gets executed. Since it's a cookie delete, no cookies are every being ATTEMPTED for IE or some mysterious firewall to muck with.

If you care to prove this to yourself, get on this setup:
</font>

• <font size="" face="">PHP Version: 4.2.2-dev</font></li>
• <font size="" face="">Apache Version: 2.0.39</font></li>

<font size="" face="">

Then run this as cookietest.php (load, then refresh, then view source):

<pre>
<?
if (is_array($HTTP_COOKIE_VARS)) {
while(list($key,$value) = each($HTTP_COOKIE_VARS)) {
echo "<!-- Debug-Cookie-Vars-{$key}: <$value> -->\r\n";
}
}
setcookie("marc","was",time()+3600,"/");
setcookie("brooks","here",time()+3600,"/");
?>
</pre>

You'll quickly realize that only the LAST cookie gets set.

If you're wondering about him using the PHP 4.2.2-dev, that's almost necessary, since the 4.2.1-stable module will not load under Apache 2.0.39; which is the first to fix the post-chunking-exploit in the 2.x source tree.

Hope this helps people not waste the time I wasted because I believed it was somehow my fault...

Marc

lucis0327 - thank you for that clarification - however your reply is a while after the thread began and I don't know that the 4.2 problem would have surfaced at that time as the bug report was submitted July 4th.

However - this is good to know for future refrence and I will ask that Rick have a look at it and we will note this for anyone running 4.2.1

Thanks again.

Regards,

Brett Harris
Infopop Corporation

Actually, I am experiencing this problem with 2.0.36 and 4.2.1. I have used the 'cookietest.php' with the same result, though -- only the second cookie is set.

I will upgrade to 2.0.39 and 4.2.2 shortly, due to the security risk. But according to this thread, I will likely still have this problem.

It is not a firewall issue. There are no firewalls between the machines. I had this problem when the machine was still on my LAN, and I tried a variety of browsers, all of which have no problem with cookies elsewhere.

http://discussion.org/ubbthreads/cookietest.php

Try for yourself.

Newest release of Apache 1.x and PHP fixed the cookie problem. I'm staying away from Apache 2.x for now.

hmm... do we know if this was ever resolved? I have a client who's cookies keep getting dropped after only a few minutes on the forum. IE-only, mozilla seems to be ok.

I went to mycookies and had

PHPSESSID
custom_w3t_myid
custom_w3t_mysess
custom_ubbt_admin

then I went into the forum and got logged out pretty soon. When I back-tracked to the mycookies file all I had was:

PHPSESSID
custom_w3t_mysess
custom_ubbt_admin


???