FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » How To » Question about cookies.inc.t
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Question about cookies.inc.t [message #185533] Wed, 09 April 2014 14:58 Go to next message
eclipsewebmaster is currently offline  eclipsewebmaster   
Messages: 46
Registered: November 2009
Location: Ottawa, Ontario, Canada
Karma: 0
Member
add to buddy list
ignore all messages by this user
cookies.inc.t has this code near line 49:

   /* $p > 8 https:// or http:// */
   if (($p = strpos($_SERVER['HTTP_REFERER'], $host)) === false || $p > 8) {
       $q_opt .= ' AND s.user_id > 2000000000 ';
   }


I'm trying to understand what that is for. Our authentication process happens on a separate hostname (dev.eclipse.org) than the forum itself (www.eclipse.org). After the authentication process, we redirect the browser to fudforum's index.php/l/ so that fud can load up the session, but it never does since p > 8. Hitting fudforum's "Login" link a second time works, since HTTP_REFERER and $host are now the same machine.

I'm going to remove that snippet of code to fix my own authentication process, but I'm just wondering why you'd want to tack on a condition (AND s.user_id > 2000000000) which is likely never met.

[Updated on: Wed, 09 April 2014 15:11]

Report message to a moderator

Re: Question about cookies.inc.t [message #185573 is a reply to message #185533] Sun, 13 April 2014 02:04 Go to previous messageGo to next message
naudefj is currently offline  naudefj   
Messages: 3632
Registered: December 2004
Karma: 17
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
I guess you can also disable "Referrer Checking" for your forum. If Referrer Checking is enabled, the referer MUST match the host name. If not, the (AND s.user_id > 2000000000) condition will be added to treat it as an anonymous session.

In your case, you may want to change the code to match "same domain" instead of "same host".

[Updated on: Sun, 13 April 2014 02:04]

Report message to a moderator

Re: Question about cookies.inc.t [message #185593 is a reply to message #185573] Thu, 17 April 2014 14:31 Go to previous message
eclipsewebmaster is currently offline  eclipsewebmaster   
Messages: 46
Registered: November 2009
Location: Ottawa, Ontario, Canada
Karma: 0
Member
add to buddy list
ignore all messages by this user
Thanks for the info!
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Can I stop subscription notification?
Next Topic: Lightbox plugin help getting started
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Dec 16 19:27:44 EST 2017

Total time taken to generate the page: 0.00707 seconds