xoops forums

Zap_English

Quite a regular
Posted on: 2017/1/24 12:28
Zap_English
Zap_English (Show more)
Quite a regular
Posts: 374
Since: 2016/5/24
#1

Remember Me doesn't "Remember Me"

the title says it all

XOOPS Version XOOPS 2.5.7.2
PHP Version 5.4.45
mySQL Version 5.5.54
Server API apache2handler
OS Linux

geekwright

Quite a regular
Posted on: 2017/1/24 13:43
geekwright
geekwright (Show more)
Quite a regular
Posts: 262
Since: 2010/10/15
#2

Re: Remember Me doesn

Just retested it -- works fine.

"Remember me" depends on a cookie, so anything that will interferes with cookies will cause it to not work.

One common issue is that cookies for an IP address as opposed to a domain name do not work in many browsers due to security concerns. An example is a test site with XOOPS installed on http://127.0.0.1/ will not work properly, while installing it on http://localhost/ works fine.

Zap_English

Quite a regular
Posted on: 2017/1/24 23:03
Zap_English
Zap_English (Show more)
Quite a regular
Posts: 374
Since: 2016/5/24
#3

Re: Remember Me doesn

It's a live site on a webhost

I have 4 sites and only this one doesn't work

rfu.in.ua

Peekay

XOOPS is my life!
Posted on: 2017/1/24 23:18
Peekay
Peekay (Show more)
XOOPS is my life!
Posts: 2335
Since: 2004/11/20
#4

Re: Remember Me doesn

Looks like single quotes in in the forum post response title needs sanitising... doesn't it

geekwright

Quite a regular
Posted on: 2017/1/25 2:57
geekwright
geekwright (Show more)
Quite a regular
Posts: 262
Since: 2010/10/15
#5

Re: Remember Me doesn

Quote:

Peekay wrote:
Looks like single quotes in in the forum post response title needs sanitising... doesn't it
just a little

geekwright

Quite a regular
Posted on: 2017/1/25 3:19
geekwright
geekwright (Show more)
Quite a regular
Posts: 262
Since: 2010/10/15
#6

Re: Remember Me doesn

I'm trying to take a look, but so far the activation stage is stalled. I'll keep watching for it, and see what I can tell.

Quote:

Zap_English wrote:
It's a live site on a webhost

I have 4 sites and only this one doesn't work

rfu.in.ua

geekwright

Quite a regular
Posted on: 2017/1/25 14:09
geekwright
geekwright (Show more)
Quite a regular
Posts: 262
Since: 2010/10/15
#7

Re: Remember Me and Public Suffixes

Quote:

Zap_English wrote:
...
I have 4 sites and only this one doesn't work

rfu.in.ua


OK, I see the issue. Here is the cookie arriving at the browser:
Set-Cookiexoops_userxxx=xxxexpires=Thu25-Jan-2018 13:14:58 GMTpath=/; domain=.in.ua


.in.ua is a public suffix. It has the same meaning for setting cookies as a top level domain, i.e. .com, the same as .co.uk

For security, browsers will not accept cookies for domains that consist of only a public suffix. The cookie is being sent, but is rightfully ignored by the browser.

XOOPS 2.5 does not properly handle public suffixes. The code which attempts to determine the domain to use for cookies is obsolete, and produces incorrect results in cases like this.

For this case, I would recommend hacking the "XOOPS_COOKIE_DOMAIN" define,

In include/common.php, line 98 looks like this:
define('XOOPS_COOKIE_DOMAIN', (strpos($domain xoops_getBaseDomain(XOOPS_URL),'.')) === FALSE '' '.' $domain); //by arion92fr

Change that to read:
define('XOOPS_COOKIE_DOMAIN''rfu.in.ua');


With that change, the remember me functionality should work.

This issue has been addressed in part in 2.6 with public suffix list awareness. Also, the XOOPS_COOKIE_DOMAIN should be configured at installation, rather than on the fly. I'll look and see what can be done to help in the 2.5 series.

Sorry I didn't pick up on that sooner. Hope this helps.

Zap_English

Quite a regular
Posted on: 2017/1/27 11:02
Zap_English
Zap_English (Show more)
Quite a regular
Posts: 374
Since: 2016/5/24
#8

Re: Remember Me and Public Suffixes

ok, i changed it

and it seems to be working

Thanks