Posted on: 2017/1/25 14:09
Re: Remember Me and Public Suffixes
I have 4 sites and only this one doesn't work
OK, I see the issue. Here is the cookie arriving at the browser:
Set-Cookie: xoops_userxxx=xxx; expires=Thu, 25-Jan-2018 13:14:58 GMT; path=/; domain=.in.ua
is a public suffix. It has the same meaning for setting cookies as a top level domain, i.e. .com
, the same as .co.uk
For security, browsers will not accept cookies for domains that consist of only a public suffix. The cookie is being sent, but is rightfully ignored by the browser.
XOOPS 2.5 does not properly handle public suffixes. The code which attempts to determine the domain to use for cookies is obsolete, and produces incorrect results in cases like this.
For this case, I would recommend hacking the "XOOPS_COOKIE_DOMAIN" define,
In include/common.php, line 98 looks like this:
define('XOOPS_COOKIE_DOMAIN', (strpos($domain = xoops_getBaseDomain(XOOPS_URL),'.')) === FALSE ? '' : '.' . $domain); //by arion92fr
Change that to read:
With that change, the remember me functionality should work.
This issue has been addressed in part in 2.6 with public suffix list awareness. Also, the XOOPS_COOKIE_DOMAIN should be configured at installation, rather than on the fly. I'll look and see what can be done to help in the 2.5 series.
Sorry I didn't pick up on that sooner. Hope this helps.