PhpBB cookie help

Forum Moderators: coopster

Message Too Old, No Replies

PhpBB cookie help

How is it working?

AjiNIMC

6:22 pm on Jan 7, 2006 (gmt 0)

When I am logging out of phpbb forums it says,

setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);

setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);

but I still see the cookies there with userid =-1, how is this setcookie changing the userid or resetting the cookie as the value passed is ''.

Am I sounding too stupid? On saturday morning I am not able to crack it , please help.

Thanks,
AjiNIMC

AjiNIMC

3:06 am on Jan 8, 2006 (gmt 0)

Any help?

AlexK

3:12 am on Jan 8, 2006 (gmt 0)

Compare the 2 sets of code side-by-side; the first is logout code, the second is std phpBB2 cookie code:

setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
.
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);

It is a bit obvious what the difference is, I think?

AjiNIMC

3:16 am on Jan 8, 2006 (gmt 0)

setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);

This is when you are logging in right? my Question is how are they getting the value inside cookie while logging out cookie resets it with nothing.

setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);

AlexK

4:00 am on Jan 8, 2006 (gmt 0)

The point of receiving a cookie in a phpBB2 forum is to be able to auto-login.

The point of logging out in a phpBB2 forum is to clear down the above.

It should be getting obvious to you by now that I do not understand what difficulty you are having. May I suggest that you try again to put the question in a different way.

AjiNIMC

1:31 pm on Jan 8, 2006 (gmt 0)

logged in cookie
phpbb2mysql_data
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%2286791958643c11354ec6847.06809492%22%3Bs%3A6%3A%22userid%22%3Bs%3A2%3A%2321%22%3B%7D
www.example.com/
1536
3384943104
29831976
793651904
29758551
*

Logged out cookie
phpbb2mysql_data
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D
www.example.com/
1536
2849910400
29831975
297049200
29758550
*

Logging out setcookie
setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);

Let me try to rephrase it. I am checking whether the user is logged in or not using .htaccess, here the problem is even after logged out the cookie is not deleted, it just sets the userid to -1 in cookie. If I can delete the cookies it will be solve the problem, or if I can delete the line "userid%22%3Bi%3A-1%3B%7D" from cookies.

How can I do that here?

Thanks
AjiNIMC

AlexK

10:36 pm on Jan 8, 2006 (gmt 0)

That is *not* a cookie for a logged-out user. If you look closely at it, you will see both autologinid and userid:

phpbb2mysql_data
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D
www.example.com/

...which is only obtained with a (serialised) login cookie (eg sessions.php#370, session_pagestart()). A logout cookie is empty; it uses neither of the above (eg sessions.php#460, session_end()).

AjiNIMC

1:06 am on Jan 9, 2006 (gmt 0)

%22%3Bi%3A-1%3B%

Here the userid is -1 which is for a guest, this is in effect after upgrading to 2.0.19.

AlexK

4:10 am on Jan 9, 2006 (gmt 0)

Ah strewth.

THAT IS *NOT* A COOKIE FOR A LOGGED-OUT USER. THAT IS A COOKIE FOR A GUEST. COOKIES FOR LOGGED-OUT USERS ARE EMPTY.

Did that manage to get through?

AjiNIMC

1:15 pm on Jan 9, 2006 (gmt 0)

Please try the latest phpbb, it will answer some questions. I will come back to the code after a day.

jatar_k

7:01 pm on Jan 9, 2006 (gmt 0)

AjiNIMC, I think AlexK has the gist of it

AlexK, you're cracking me up ;)