1
Zap_English
Remember Me doesn't "Remember Me"

the title says it all

XOOPS Version XOOPS 2.5.7.2
PHP Version 5.4.45
mySQL Version 5.5.54
Server API apache2handler
OS Linux

2
geekwright
Re: Remember Me doesn

Just retested it -- works fine.

"Remember me" depends on a cookie, so anything that will interferes with cookies will cause it to not work.

One common issue is that cookies for an IP address as opposed to a domain name do not work in many browsers due to security concerns. An example is a test site with XOOPS installed onhttp://127.0.0.1/ will not work properly, while installing it onhttp://localhost/ works fine.

3
Zap_English
Re: Remember Me doesn

It's a live site on a webhost

I have 4 sites and only this one doesn't work

rfu.in.ua

4
Peekay
Re: Remember Me doesn
  • 2017/1/24 23:18

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Looks like single quotes in in the forum post response title needs sanitising... doesn't it

5
geekwright
Re: Remember Me doesn

Quote:

Peekay wrote:
Looks like single quotes in in the forum post response title needs sanitising... doesn't it
just a little

6
geekwright
Re: Remember Me doesn

I'm trying to take a look, but so far the activation stage is stalled. I'll keep watching for it, and see what I can tell.

Quote:

Zap_English wrote:
It's a live site on a webhost

I have 4 sites and only this one doesn't work

rfu.in.ua

7
geekwright
Re: Remember Me and Public Suffixes

Quote:

Zap_English wrote:
...
I have 4 sites and only this one doesn't work

rfu.in.ua


OK, I see the issue. Here is the cookie arriving at the browser:
Set-Cookiexoops_userxxx=xxxexpires=Thu25-Jan-2018 13:14:58 GMTpath=/; domain=.in.ua


.in.ua is a public suffix. It has the same meaning for setting cookies as a top level domain, i.e. .com, the same as .co.uk

For security, browsers will not accept cookies for domains that consist of only a public suffix. The cookie is being sent, but is rightfully ignored by the browser.

XOOPS 2.5 does not properly handle public suffixes. The code which attempts to determine the domain to use for cookies is obsolete, and produces incorrect results in cases like this.

For this case, I would recommend hacking the "XOOPS_COOKIE_DOMAIN" define,

In include/common.php, line 98 looks like this:
define('XOOPS_COOKIE_DOMAIN', (strpos($domain xoops_getBaseDomain(XOOPS_URL),'.')) === FALSE '' '.' $domain); //by arion92fr

Change that to read:
define('XOOPS_COOKIE_DOMAIN''rfu.in.ua');


With that change, the remember me functionality should work.

This issue has been addressed in part in 2.6 with public suffix list awareness. Also, the XOOPS_COOKIE_DOMAIN should be configured at installation, rather than on the fly. I'll look and see what can be done to help in the 2.5 series.

Sorry I didn't pick up on that sooner. Hope this helps.

8
Zap_English
Re: Remember Me and Public Suffixes

ok, i changed it

and it seems to be working

Thanks

Login

Who's Online

158 user(s) are online (100 user(s) are browsing Support Forums)


Members: 0


Guests: 158


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits