Improvement suggestion

Neck

In class.proxyauthenticator.php replace in CheckCookie()

if (empty($_COOKIE[$this->_CookieName]))
    return FALSE;

By

if (empty($_COOKIE[$this->_CookieName]))
    return null;

Then in WakeUp()

  $HaveHandshake = $this->CheckCookie();
  if ($HaveHandshake)
     return;

By

  $HaveHandshake = $this->CheckCookie();
  if ($HaveHandshake || $HaveHandshake === null)
     return;

Purpose: avoids performing a proxy request if the handshake cookie is not present.

I'm not 100% sure about it since i'm new to vanilla. But I noticed proxyconnect does a request even when the proxy cookie is not set which makes no sense.

Tim

It has been some time since I worked actively on ProxyConnect, but if memory serves, that cookie is designed to retain the foreign signin data during the Sync Screen stage for users that need to take extra setup steps. The cookie's presence prevents redirect loops, and preserves the sync data across requests.

Tim

Requests are done to the remote site to check for a logged-in session. This needs to happen regardless of any local cookies that may be set, since we don't know what the remote site uses for its cookies, we just blindly forward all cookies.

Neck

May I ask what is the purpose of the "VanillaProxy" cookie then?

(To be more precise, I was thinking this cookie need to be set in order to have Vanilla perform the proxy request, I'm confused about its use now =D )

Tim

It has been some time since I worked actively on ProxyConnect, but if memory serves, that cookie is designed to retain the foreign signin data during the Sync Screen stage for users that need to take extra setup steps. The cookie's presence prevents redirect loops, and preserves the sync data across requests.

Neck

That makes sense. So it is actually only used for internal mechanic, time to remove it from my application. Sorry for the misunderstanding!

Tim

No problem. ProxyConnect is not the most straightforward plugin