Forum Login NOT using Serial Number

Started by Peter House, May 31, 2010, 12:15:40 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

Elias Montoya

#15
June 07, 2010, 10:25:14 PM

All i have to click to get in the forums is:
http://www.planetsquires.com/protect/forum/

I dont know why you guys cant. :)

I really really like the way paul implemented the forums, I love not seeing in google what i post in this forums.
Win7, iMac x64 Retina display 5K, i7-5820K 4.4 ghz, 32GB RAM, All updates applied. - Firefly 3.70.

Peter House

#16
June 07, 2010, 11:26:03 PM
I have tried logging out, closing my browser and rebooting.  The link in the Topic reply still gets me directly to the reply as if I had logged in.  It must have something to do with cookies since I just tried it on another computer and it does not work.

There are 5 planetsquires cookies present and none appear to have the serial number overtly.  I am using FireFox.

Elias Montoya

#17
June 08, 2010, 03:17:51 PM

I am using Ie8.
Win7, iMac x64 Retina display 5K, i7-5820K 4.4 ghz, 32GB RAM, All updates applied. - Firefly 3.70.

Roger Garstang

#18
June 08, 2010, 04:19:13 PM Last Edit: June 08, 2010, 04:25:31 PM by Roger Garstang
I imagine if you select to remember the Serial Number that the cookie for it isn't cleared. There are 5 cookies- A Session ID with the default PHPSESSID name, a SMF cookie with some type of encoded data (When URLDecoded it looks like the content of the files that session variables are stored in...seems redundant to store it on the server and a copy in a cookie), amember_nr which is some type of MD5 hash...possibly a type of session ID, amember_ru that is your user name, and amember_rp that is a MD5 Hash of your Serial number with dashes.  Seems a lot of session IDs are created, but username and password/serial are still stored as a cookie and not in the session variables.

Peter House

#19
June 08, 2010, 04:26:49 PM
If I link directly to the front end of the forum, I MUST type in my username and password (serial number).

If I link to a sub page, I get in for free!

What's wrong with this picture?  (this is an SMF issue and has nothing to do with Paul dude at planetsquires)

Roger Garstang

#20
June 08, 2010, 04:36:32 PM
As long as I don't close my browser I can go anywhere. My cookies are all set to expire when FireFox closes. When I open a new browser there are no Planetsquires cookies. One weird thing though when Logout is clicked all 5 cookies remain and a 6th PHPSESSID is created. The original is a Domain .planetsquires.com cookie and the new is a Host www.plantesquires.com cookie. Both have different Session ID values, so there is some obvious cleanup missing on logout with Session Variables and Cookies since they all remain and a 2nd session is opened. I'm guessing Paul's Host Temp folder is full of session files if there is no Cleanup Script running.

Roger Garstang

#21
June 08, 2010, 04:42:49 PM Last Edit: June 08, 2010, 04:44:42 PM by Roger Garstang
When I logout a user in my company's site I use this code at the beginning of my page:

Code Select

error_reporting(0);
ini_set('display_errors',0);
session_name("GiveItaNameSoNotCalledPHPSESSID");
if (isset($_POST['Action']) && ($_POST['Action'] == 'Logoff'))
{ // Logoff
   session_start(); // Open session so you can close it
   $_SESSION = array(); // Clear Session Variables. Also Clears the Session File so 0byte files can be deleted from TEMP folder
   if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time()-42000, '/'); // Expire Session ID Cookie
   session_destroy(); // End Session
}
session_start(); // Start Session, either new or existing if not logged out

Klaas Holland

#22
June 19, 2010, 12:35:41 PM
I use Safari and I have no problem at all.
My name and Serial number are filled in already so I just need to click sign in.

Print
Go Up Pages 1 2
User actions