Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
Chris89 Posted July 4, 2020 Posted July 4, 2020 (edited) I've got my forum setup on a subdomain of "forums" and I've got my main site integrated with IPS. It all works locally, but when I've gone to do it for real, the cookie from the forum is not setting accross the whole domain. Does anyone have any idea how to achieve this? I've added this to my constants.php file, but it's not recognising it off the forums subdomain: <?php define( 'COOKIE_DOMAIN', '.strongholdnation.co.uk' ); define( 'COOKIE_PREFIX', '' ); define( 'COOKIE_PATH', '/' ); P.S. Both parts are using SSL also. Edited July 4, 2020 by Chris89
Chris89 Posted July 4, 2020 Author Posted July 4, 2020 Quote session Session Support enabled Registered save handlers files user Registered serializer handlers php_serialize php php_binary Directive Local Value Master Value session.auto_start Off Off session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_httponly no value no value session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_samesite no value no value session.cookie_secure 0 0 session.gc_divisor 1000 1000 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.lazy_write On On session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path /opt/alt/php74/var/lib/php/session /opt/alt/php74/var/lib/php/session session.serialize_handler php php session.sid_bits_per_character 4 4 session.sid_length 32 32 session.upload_progress.cleanup On On session.upload_progress.enabled On On session.upload_progress.freq 1% 1% session.upload_progress.min_freq 1 1 session.upload_progress.name PHP_SESSION_UPLOAD_PROGRESS PHP_SESSION_UPLOAD_PROGRESS session.upload_progress.prefix upload_progress_ upload_progress_ session.use_cookies 1 1 session.use_only_cookies 1 1 session.use_strict_mode 0 0 session.use_trans_sid 0 0 Some PHP.INI settings on cookies in case it can help anyone to get any more info
Chris89 Posted July 4, 2020 Author Posted July 4, 2020 (edited) I already have a ticket in with support about this but they don't get back until (I assume) Monday. Basically, I'm completely unable to login to my admin CP, even though my login username and password is correct. I've tried on multiple devices, multiple browsers and multiple accounts with varying levels of admin access. It just keeps redirecting me back to the login page (no errors) with a query string similar to this: ?adsess=86d50dcc930de1a89a8ecb0e2cf0d543&app=core&module=system&controller=login&error=NO_COOKIE&ref=Jg== It's always the same- the error query string is "NO_COOKIE". I have no idea why this is occuring, but it's now happened for me in three different environments. When I used a business class grade server on my old isntallation (a total clean install without plugins), it was happening on there all of a sudden out of the blue. I took it as maybe an error on the old version, as that one was running 4.3. But when I've recently tried 4.4 on my local installation, it was also happening on there. Support wouldn't assist me in that case because apparently IPS don't support test installations anymore. From some debugging I did myself on this local installation, I managed to prevent the error & login correctly if I commented out lines 80-83 in the file system\Session\Admin.php. This is obviously no good on a live server though, because it's less secure and doesn't verify the session correctly. From some other debugging I did at the same time, it seemed as if my Session ID was changing each time I loaded the page or was redirected back to the login page, which I assume was the cause of this error. I have no idea whether this is some specific server setting or what, but it was fixed when the session ID stopped changing by itself. I'm just wondering really whether any other members of the community have witnessed or experienced this problem themselves, and what the cause of it was for them if they had. The only thing I can think of is that it's just a PHP configuration error, but I find that hard to believe that IPS or more users wouldn't have found this when I've found it in three hosting environments, generally out of the box installations of PHP. Edited July 4, 2020 by Chris89
Chris89 Posted July 4, 2020 Author Posted July 4, 2020 Thanks for your reply. I've just checked via phpinfo() and it is setting correctly. Unfortunately I'm on shared hosting so changing anything to do with Apache/nginx is totally out of my control on this one. Any other fixes you're aware of?
Chris89 Posted July 5, 2020 Author Posted July 5, 2020 Turns out the issue is due to cookie settings that I specified in constants.php to try and get the cookie accross the whole domain. IPS now won't assist me. If a mod is reading this topic, it's possibly a good idea to merge it with my other topic here:
Chris89 Posted July 5, 2020 Author Posted July 5, 2020 After some more debugging: These are two print_r() occurences of $_COOKIE. The first is from my forums subdomain, and the second is from the main domain. The cookies seem to be setting fine accross both parts of my site. I don't understand why it's not registering I'm logged in. Forums subdomain: Array ( [IPSSessionFront] => b52ab2e2beb6179bee5fc2932a01c720 [guestTime] => 1593960120 [ipsTimezone] => Europe/London [__cfduid] => ** [_ga] => ** [_gid] => ** [hasJS] => true [device_key] => 498c56281eb73e32f70f12b96b98d1e2 [member_id] => 2 [login_key] => 98a7496953476166f62f2636bb7de45c [loggedIn] => 1 [cpsession] => ** ) Main domain: Array ( [__cfduid] => ** [_ga] => GA1.3.211408320.1593959883 [_gid] => ** [_gat_gtag_UA_58106165_1] => * [hasJS] => true [device_key] => 498c56281eb73e32f70f12b96b98d1e2 [member_id] => 2 [login_key] => 98a7496953476166f62f2636bb7de45c [loggedIn] => 1 [IPSSessionFront] => b52ab2e2beb6179bee5fc2932a01c720 [guestTime] => 1593959947 [ipsTimezone] => Europe/London ) It seems to be an issue with $_SESSION. I've used print_r() on the SESSION variable on both the forums subdomain and my main domain using this code (amending the directory path for each location): <?php define('IPS_ROOT', __DIR__.'/include/subdomains/community/'); require IPS_ROOT.'init.php'; \IPS\Session\Front::i(); print_r($_SESSION); echo \IPS\Member::loggedIn()->name; The forums subdomain will display the data fine, but as soon as I go to the main domain it wipes the member name and starts displaying hashed again, as I was getting in this topic: https://invisioncommunity.com/forums/topic/457157-integrate-ips-with-my-own-website/ After I've visited the main domain page, I'm logged out of the forums entirely and have to log back out again. This is such a weird glitch ........
Martin A. Posted July 5, 2020 Posted July 5, 2020 https://stackoverflow.com/a/23086139 Short answer; remove the leading dot. That will restrict cookie access to only subdomains. You main site is not using a subdomain, and can therefor not access the cookies. Miss_B 1
Chris89 Posted July 6, 2020 Author Posted July 6, 2020 Thanks for you reply. Sadly, I actually tried it without the dot first- this wouldn't even allow me to login at all, even on the forums subdomain. It's only with the dot that I could login on the forum. Or totally blank.
Recommended Posts