| Re: Staying logged in |
| by allnewtome on 2006/1/14 14:46:44 To answer my own question ...1. I was telling people the website address with WWW (e.g. http://www.xoops.org) 2. In mainfile.php the XOOPS_ROOT constant had no WWW (e.g. xoops.org) The discrepancy between 1 and 2 above caused the problem. I've changed mainfile.php, and will get the bloke that owns the server to change it so that it always goes to the WWW version of the site name. Hope this is useful for someone else... |
| Re: Staying logged in |
| by allnewtome on 2006/1/11 23:23:47 Just came across a problem... never happened before I used autologin, but perhaps it is not caused by autologin... xoops/error.php?c=1 page comes up when login: Quote:
Apparently this is something to do with cookies... I think it's becuase the autologin thing redirects to website.com instead of http://www.website.com, which confuses the cookies! The bloke who owns the server will change it so that it always redirects to the www version. Maybe I'm wrong - I would welcome your comments. |
| Re: Staying logged in |
| by gdamania on 2006/1/2 17:57:59 The autologin hack never really worked for me for some strange reason... sometimes it would keep a user logged in for about 10 minutes, other time it just didn't work after you closed the browser. My site is running XOOPS 2.2.3. I hope they will add it as a permanent feature in future XOOPS versions. |
| Re: Staying logged in |
| by allnewtome on 2006/1/1 23:16:39 Quote: It's a pretty blatent security hole that I'm sure you didn't intend. I hoped that they would take the trouble to log out... but, having thought about it again, I agree with you and will be changing it back to the original setting! Thank you very much
|
| Re: Staying logged in |
| by terrion on 2006/1/1 23:12:50 Quote: so that the auto-login option stays on all the time. Hopefully that was a good idea.... The risk here is to people that access the site from a public place or a physically unsecured compter. A computer lab in a university for example. When person A logs in, since his session can't time out in the usual way, when another person, B, comes up later in the day and goes to your site person B will be logged in as person A. It's a pretty blatent security hole that I'm sure you didn't intend. |