miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
Specific miniBB Support Forums / Specific /   
 

Bad cookie?

 
Author marsbar
Associated Member
#1 | Posted: 18 Jul 2020 16:59 
Hi, Paul.

More issues ...

1) I've been experiencing problem logging out of my miniBB: my log-out link (https://www.example.com/forums/?mode=logout) does not work consistently: most of the time the link does nothing, and I need to either do a hard refresh (ctrl + f5) or clear my cookies. Hard refresh does not always help; but clearing cookies always do--as expected.

I also experience the same issue when using the mobile version of my miniBB which is installed on a subdomain (https://m.example.com/).

Is this an obvious case of my having mis-configured something in the setup file? Cookies?

$cookiedomain='.example.com';
$cookiename='miniBBsite';
$cookiepath='/';
$cookiesecure=FALSE;
$cookie_expires=108000;
$cookie_renew=1800;
$cookielang_exp=2592000;

2) Account registration emails not firing or firing into black hole central?
When you were testing my miniBB yesterday, and created the test accounts -- did you receive account registration emails? Earlier I created two test accounts to check the updated premoderation set-up as you had asked; but the system-generated passwords for the two accounts never reached me. And I had used addresses from two different domains.

Is there a way to check whether the account activation emails are being sent? I am thinking that if they are being sent, then the problem may lie with the recipient's mail service -- e.g., aggressive spam filtering.

If you need to inspect my set-up, please let me know: I will email you updated access details.

Wishing you a good weekend--
marsbar

Author Paul
Lead Developer
#2 | Posted: 19 Jul 2020 15:59 | Edited: Paul 
marsbar:
I also experience the same issue when using the mobile version of my miniBB which is installed on a subdomain (https://m.example.com/).

This is no longer supported. For Mobile template, use the newest version of this add-on and eliminate the older one (incl. the subdomain).

As about the issue #1, make sure you are logging from the same domain as it's mentioned in $main_url setting; logging from www.example.com is not the same as from example.com, i.e. www- and non-www version differ for cookies. If you have both version enabled, make sure so setup a proper redirection, only one version should be used.

When I've checked your forums, I was not experiencing the logout issue, but there is definitely some caching function installed. You could try to ask your hoster more about it, as it could cause dynamic logout issues, too.

As about the issue #2, if I remember properly, I was not checking email box at all, 'cause after registration I was immediately logged in :) but in general, there could be various reasons of such "black hole central", it could be analyzed on the server with root access only. Here's one of the things to improve I've experienced with miniBB emails.

Author Paul
Lead Developer
#3 | Posted: 19 Jul 2020 21:17 | Edited: Paul 
UPDATE: I've checked the inbox of an email address I've registered on your forums, and I've received all confirmation emails.

Another details is that all they went to Spam folder... but follow the link above I've provided on how to cure it (or at least to try).

BTW I'm not sure if this is miniBB's behavior to log-in automatically even if the password been emailed... I'll check a look at this process in defaults and will let you know in this thread if something has to be fixed regarding this weird approach.

Author marsbar
Associated Member
#4 | Posted: 26 Jul 2020 07:00 
Paul:
This is no longer supported. For Mobile template, use the newest version of this add-on and eliminate the older one (incl. the subdomain).

Thanks, Paul -- I hadn't realised so much work had been done with the add-on. I was still running v1.5 until today. (Today's upgrade has resulted in some clashes between miniBB's default modern styling and my local customisations; notwithstandig, functionally, I have not noticed any breakages so far.)

Paul:
UPDATE: I've checked the inbox of an email address I've registered on your forums, and I've received all confirmation emails.

Good news, Paul: the confirmation emails that I had reported missing eventually showed up in my mailboxes after some hours of delay.

Paul:
BTW I'm not sure if this is miniBB's behavior to log-in automatically even if the password been emailed...

Oh, that is *not* the intended result! :(

Paul:
I'll check a look at this process in defaults and will let you know in this thread if something has to be fixed regarding this weird approach.

Thank you, and I look forward to reading about your findings.

Happy weekend--
marsbar

Author marsbar
Associated Member
#5 | Posted: 26 Jul 2020 09:33 
Hi again, Paul.

Regarding the issue with logging out of my forums, I've think I may have resolved the problem by disabling FastCGI on my domain.

Cheers,
marsbar

Author Paul
Lead Developer
#6 | Posted: 28 Jul 2020 17:01 
marsbar:
I may have resolved the problem by disabling FastCGI

Not sure how it could be related :-) in most cases I've analyzed, logging out problem always meant the improper way of cookie setting. But anyway, if it works now for you, that's fine.

Author Paul
Lead Developer
#7 | Posted: 29 Jul 2020 15:26 | Edited: Paul 
I'm not sure if this is miniBB's behavior to log-in automatically even if the password been emailed...

I've checked this issue today, and could confirm that default miniBB script does not perform the auto-login, if a Registration process been tied up with emailing the password (i.e. if you have $closeRegister option set to 1, there should be no auto-login after registration).

This is how it should work, bb_func_regusr.php contains a clear condition:

if(!isset($closeRegister) or $closeRegister==0)

which locks the auto-login.

I'm not sure why it was being logged-in automatically on your forum while this option set up... you should take closer care of it. It's out of logics to auto-login the user, but trying to verify the email address at once. Doesn't make sense...

Author marsbar
Associated Member
#8 | Posted: 8 Aug 2020 15:44 
Hi, Paul.

Thanks so much for looking into the "auto log in" issue -- I'll test at my end and then report back as soon as I can.

As for FastCGI, I wonder whether my hosting provider offers this option to gain "efficiencies" (caching mechanism?) on the server side? I've disabled it -- and suddenly gone is the problem with not being able to log out immediately.

To be continued ...

marsbar

Author Paul
Lead Developer
#9 | Posted: 8 Aug 2020 18:23 
I'm more experienced in coding and not server-side behaviours, that's why I couldn't have a straight idea how FastCGI could be related to cookies. It's kind of outdated bridge for CGI programs — but for PHP it's not necessary, PHP interacts with the server using its own methods... so I suppose, something else is attached to FastCGI as a module, which also could be responsible for caching — who knows... server configurations are very different.

As I've mentioned, cookies problem could be more related to improper domain configuration. Firefox also has a panel indicating what cookies are being set, what domain and path is used — analyzing this, you could get some ideas where's a mistake.

Also, before you investigate this problem, delete all cookies from your domain in advance, then you will clearly see what new cookies are set.

Author marsbar
Associated Member
#10 | Posted: 16 Aug 2020 08:28 
Hi, Paul.

Paul:
I've checked this issue today, and could confirm that default miniBB script does not perform the auto-login, if a Registration process been tied up with emailing the password (i.e. if you have $closeRegister option set to 1, there should be no auto-login after registration).

I tested the registration process on my miniBB installation; I am happy to report that everything worked as expected:
user agrees to terms and conditions ->
user signs up (inputs preferred username and email address) ->
user waits for system-generated password to come via email ->
user logs into forums using received password. (User could not log in otherwise. No "auto logging in" happened.)

Have a good weekend--
marsbar

Author Paul
Lead Developer
#11 | Posted: 19 Aug 2020 20:49 
marsbar
Thanks for confirming! Good to know it works like it should.

Specific miniBB Support Forums / Specific /
 Bad cookie?
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


 ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Install the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
 ⇑