| Question about cookies.inc.t [message #185533] |
Wed, 09 April 2014 18:58  |
eclipsewebmaster
Messages: 46
Registered: November 2009
Location: Ottawa, Ontario, Canada
Karma: 0
|
Member |
|
|
cookies.inc.t has this code near line 49:
/* $p > 8 https:// or http:// */
if (($p = strpos($_SERVER['HTTP_REFERER'], $host)) === false || $p > 8) {
$q_opt .= ' AND s.user_id > 2000000000 ';
}
I'm trying to understand what that is for. Our authentication process happens on a separate hostname (dev.eclipse.org) than the forum itself (www.eclipse.org). After the authentication process, we redirect the browser to fudforum's index.php/l/ so that fud can load up the session, but it never does since p > 8. Hitting fudforum's "Login" link a second time works, since HTTP_REFERER and $host are now the same machine.
I'm going to remove that snippet of code to fix my own authentication process, but I'm just wondering why you'd want to tack on a condition (AND s.user_id > 2000000000) which is likely never met.
[Updated on: Wed, 09 April 2014 19:11] Report message to a moderator |
|
|
|
| Re: Question about cookies.inc.t [message #185573 is a reply to message #185533] |
Sun, 13 April 2014 06:04  |
 |
naudefj
Messages: 3771
Registered: December 2004
Karma: 28
|
Senior Member
Administrator
Core Developer |
|
|
I guess you can also disable "Referrer Checking" for your forum. If Referrer Checking is enabled, the referer MUST match the host name. If not, the (AND s.user_id > 2000000000) condition will be added to treat it as an anonymous session.
In your case, you may want to change the code to match "same domain" instead of "same host".
[Updated on: Sun, 13 April 2014 06:04] Report message to a moderator |
|
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]