| Re: Remember Me and Public Suffixes |
| by Zap_English on 2017/1/27 11:02:46 ok, i changed it and it seems to be working Thanks
|
| Re: Remember Me and Public Suffixes |
| by geekwright on 2017/1/25 14:09:13 Quote:
OK, I see the issue. Here is the cookie arriving at the browser: le="color: #000000"><?php Set-Cookie: xoops_userxxx=xxx; expires=Thu, 25-Jan-2018 13:14:58 GMT; path=/; domain=.in.ua .in.ua is a public suffix. It has the same meaning for setting cookies as a top level domain, i.e. .com, the same as .co.uk For security, browsers will not accept cookies for domains that consist of only a public suffix. The cookie is being sent, but is rightfully ignored by the browser. XOOPS 2.5 does not properly handle public suffixes. The code which attempts to determine the domain to use for cookies is obsolete, and produces incorrect results in cases like this. For this case, I would recommend hacking the "XOOPS_COOKIE_DOMAIN" define, In include/common.php, line 98 looks like this: le="color: #000000"><?php define('XOOPS_COOKIE_DOMAIN', (strpos($domain = xoops_getBaseDomain(XOOPS_URL),'.')) === FALSE ? '' : '.' . $domain); //by arion92fr Change that to read: le="color: #000000"><?php define('XOOPS_COOKIE_DOMAIN', 'rfu.in.ua'); With that change, the remember me functionality should work. This issue has been addressed in part in 2.6 with public suffix list awareness. Also, the XOOPS_COOKIE_DOMAIN should be configured at installation, rather than on the fly. I'll look and see what can be done to help in the 2.5 series. Sorry I didn't pick up on that sooner. Hope this helps. |
| Re: Remember Me doesn |
| by geekwright on 2017/1/25 3:19:54 I'm trying to take a look, but so far the activation stage is stalled. I'll keep watching for it, and see what I can tell. Quote:
|
| Re: Remember Me doesn |
| by geekwright on 2017/1/25 2:57:29 Quote:
|
| Re: Remember Me doesn |
| by Peekay on 2017/1/24 23:18:39 Looks like single quotes in in the forum post response title needs sanitising... doesn't it
|