Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
TransientKey
Raoul2000
New
Hi,
I'm trying to sign out from my vanilla (v2.1.5) forum, from another site (in the same domain) : when the user click on "sign out" on my site, he/she should be logged out from both my site and vanilla. To do this, I need to call the Vanilla signout url with the TransientKey as parameter, but I can't find it in the DB. There is a TransientKey column in gdn_session table, but it remains always empty.
Where can I find this TransientKey ? is it stored somewhere in the db ?
Another option would be to clear all cookies set by Vanilla ... it works but I'm not sure this is the correct way to do it?
Any advice would be appreciated.
Thanks
Tagged:
0
Comments
It's is the GDN_User table, serialized in the Attributes Column.
see: https://github.com/vanilla/vanilla/blob/master/applications/dashboard/models/class.usermodel.php#L3139-L3143
My themes: pure | minusbaseline - My plugins: CSSedit | HTMLedit | InfiniteScroll | BirthdayModule | [all] - PM me about customizations
VanillaSkins.com - Plugins, Themes and Graphics for Vanillaforums OS
Expiring cookies is totally fine, So long as your own logout has CSRF protection with it own transient/nonce.
grep is your friend.
Thanks to both of you ... I have my replies !
ciao