Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Users having to log in twice?

edited January 2009 in Vanilla 1.0 Help
While I'm fixing things on my forum, I thought I'd address this issue as well! Before I launch into the problem, I'm really grateful for all the help everyone here provides. You guys all make Vanilla so much more appealing. Anyway, on with the problem... Lots of my users are complaining that they have to log into my forum twice. It's a variety of users on different platforms and browsers... but it doesn't affect me. Even though the cookie is set to the forum (and sub-domains), it doesn't remember a lot of people as well. I've done a search but can't find a discussion here that addresses the problem. Any ideas?


  • MarkMark Vanilla Staff
    What version of Vanilla are you using?
  • I've got the latest version - I did a fresh install yesterday as well, to see if that would fix the problem... but it hasn't.
  • Hi! Same to me, I often need to login twice at my forum ( Bye Tiggr
  • Here's what one of my users said to me: "It's odd that I always have to log in twice... well, I only log in once, then I just click "proceed". When I click "proceed", I get the "You are signed in" page and then just continue to discussions instead of going there directly after the first log-in." :-S
  • I have this problem as well. Ive seen it happen in safari, and in firefox on windows. that been said, i have never had to log in twice on my home machine. 1.01
  • MarkMark Vanilla Staff
    edited November 2006
    Look for inconsistencies in the url. For example, I've seen things like this happen when you can access the forum through:


    Problems arise when a user follows a link without the www and then get signed in to the url *with* the www. Or vice versa.

    I've been able to rectify the problem here at the community forum by setting my cookie domain to - which means that the cookie applies to every subdomain possible on

    However, it might have something to do with your php session's cookie domain. I've never had to mess with the domain of my session cookies - the defaults seem to work fine for me. But you can force it to the same as your vanilla cookie with the session_set_cookie_params php function.

    That function needs to be called on every page load and *before* the session is created, so you should be able to add it to your conf/settings.php file and have it work for you.

    If you give it a shot and it works, come on back here and tell us about it. I might end up adding it into the core.

    Something like this should work:

    session_set_cookie_params(0 , $Configuration['COOKIE_PATH'], $Configuration['COOKIE_DOMAIN']);
  • i have my cookie set to too, with the cookie path being / do i just have to stick that line in settings.php at the end or somewhere in particular?
  • MarkMark Vanilla Staff
    The end of your conf/settings.php is probably the best place, yeah.
  • It's strange, my forum jumps between to domains: and, but I don't know why! After login in, it goes to the domain without www, no matter what I put inside the settings. After changing the cookie-domain and the settings, it got messed up, more and more. So I decided to set it back, and tried your code-line from above. This seems to work fine! Thank you! Tiggr
  • MarkMark Vanilla Staff
    Glad it worked out. If other people try it and it works, post your stories in here. I want to know if it should be in the core.
  • Hi! I'm sorry, I have to correct myself. At home it works fine, at work, I need to loggin twice. Strange! Using Firefox in both places. Bye Tiggr
  • I had similar problem by myself too. I created a webpage and did all the developing on my box. When finally everything worked I moved the page to Internet, but among other small issues (bad programmin from my end...) the logging system worked funny. I use Vanilla's login system, but I "hacked" it so that there is a small login box on every page. The login box has login form if not logged in, and when logged in it tells who is logged in. If I logged in on say index page of the webpage and then moved to Vanilla's page (on different directory of course), I were no longer logged in and none of the $_session variables were set, it were just empty array. But if I pressed any link on the Vanilla's page, like Categories, it logged me in... eh? Being a newbie at web developing I were somewhat puzzled about what were the cause of that behaviour. Anyways, little messing around and I found out that the Vanilla's login system made 2 different session cookies, one for "" and one for "" and thus the login system were messed up. To cut the pointlessly long story short, I added that line of code that Mark posted couple posts above and the login system started to behave like it should. Well, except that I set Vanilla to use "" as cookie path, but it creates the cookie for "". Is that a known issue or am I just being a newbie for understanding the setting wrong or something? I set the cookie path from the Vanilla's settings and I set it to "". Not excatly a problem or anything, but still.. Also, as default the page's address is without "www." (so it's just, but when I open any of Vanilla's page, it adds the "www." to the address (so it's I think that's one reason why it created 2 session cookies. I use Vanilla 1.0.1 for the record. teidon
  • Firstly, I'd suggest you use for your cookies as they'll be effective with or without the www (assuming for some reason thats not going to be a problem). When you say it made 2 different cookies, were the lussumocookieone and lussumocookietwo (or whatever theyre called) on a certain thing, and the session cookies on another? I'm pretty sure session cookies are set by the configuration of your server and therefore might not necessarily be the same (i might be wrong there but i'm pretty sure thats my experience) As for vanilla adding www. to stuff, what do you have set as your application paths?
  • "Firstly, I'd suggest you use for your cookies as they'll be effective with or without the www (assuming for some reason thats not going to be a problem)." Good point, me == newbie. "When you say it made 2 different cookies, were the lussumocookieone and lussumocookietwo (or whatever theyre called) on a certain thing, and the session cookies on another?" It created 2 PHPSESSID cookies, even if I didn't log in. One for (for webpage), the other for (for Vanilla). I didn't check where it created the lussumocookies, but they are only created when you mark the "remember me" checkbox. But now as things are working well, it creates all the cookies for "As for vanilla adding www. to stuff, what do you have set as your application paths?" That would be "" (no www. in there), the default by Vanilla's install script. Cookie domain is "" (default too, I think). Cookie path is "/" because the login box needs the cookies on every page. And for the record, my webpage's domain isn't, nor is the Vanilla's directory called vanilla, but I just though to call it here. Shorter and easier for you. :) teidon
  • Mark, just for the record, I thought I'd let you know what happened when I set the cookie to the entire domain instead of just the 'forum' directory... Basically, people started saying that they could access the forum *without* having to log in at all, even on different machines. I reset the cookie back to the 'forum' directory and although people get the log-in screen twice, they can just click 'proceed' without filling in their details in on the second one.
  • Hi Again!

    This could be interessting for the problem too:

    I cite it:
    In the preliminary installation I have used an IP instead of a domain name, then I have modified to the domain name I am going to use in the "Web-path to Vanilla" in the Application Settings form.

    However the following was not modified in the settings.php


    only the: $Configuration['BASE_URL'] was modified correctly.
  • edited January 2009
    I did exactly what was said above, changed the cookie domain to (and added http:// in front of the page address) and suddenly my login works correctly. Thanks guys, this was the most serious usability issue on my board
  • There is no conf/settings.php on my forums! I am having the same problem on www. and without www.

Sign In or Register to comment.