Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

can't get cookies to store properly

edited April 2007 in Vanilla 1.0 Help
Hi. I'm having trouble getting my Vanilla cookies to store properly, the result being that users don't stay logged in if they quit their browser. This can be a real deterrent to get people to return often. I've read the other threads on similar issues but so far nothing has worked for me. My domain is in the form of And my vanilla installation is right off the doc root. I've tried,,, And I've also tried blanking out the cookie domain and the cookie path. From other threads it sounds like that should do the trick, but it didn't for me. And I'm being good in nuking all my cookies at the appropriate times (if I change any of the cookies settings) before retesting things. I'm on a windows host, if that helps at all. I don't have this problem on a vanilla install on a linux host. So maybe it's something related to php on windows or something? Any feedback/advice is appreciated. Thanks guys!


  • I stay away from WIndows as plague, so take it with a grain of salt, but have you checked the session management, server side? Is it active ? Cookie wise?
  • I have another app on the same host that's storing cookies the way it should. When I log into my Vanilla forum the only cookie I see is the PHPSESSID and it says it expires "at end of session". I should be seeing other Vanilla related cookies, correct?
  • You should see the phpsession cookie + the remember me cookie if you tick the remember me option.
  • Should I see the PHPSESSID cookie and also lussumocookieone and lussumocookietwo cookies? If so, it looks like the cookies are are simply not getting created at all? Being able to use the Remember Me feature is the one thing holding me back from being able to use Vanilla. :(
  • edited April 2007
    I've hit a brick wall with this. Everythng config wise on the windows-host seems fine -- cookies are being set fine by other apps on the same host. Vanilla install is pretty much looking good -- no customization other than adding extensions. The cookie domain and path have been set to numerous things and now blanked out to nothing (which I've read some said was a cure) and still no luck. Can anyone think of any reason why Vanilla cookies would not be getting set? I don 't even have a troubleshooting avenue to go to at this point so I'm really stuck. It couldn't be anything permissions based could it? Some obscure windows setting that's conflicting with it? I'm grabbing at straws here obviously. But if I can't figure this out I'm sadly going to have to look at a different forum software, which is a bummer because I'm really liking how Vanilla approaches discussions and I haven't seen any other forums that do something similar.
  • Are you using apache or IIS?

    If it is IIS, you might need the help of Mark. I don't think other people here have much experience of Vanilla on ISS.
  • MarkMark Vanilla Staff
    edited April 2007
    Some versions of IIS have been known to have problems setting cookies with PHP if you set them and then drop a new location directive in the header (which Vanilla does because it is necessary). I'd try creating a test page that creates cookies using the values you've tried above and doesn't do a redirect to another page after. Then create another version of it that creates cookies with other names/values and does redirect after. See if either of those fails. If so, it's definitely a documented windows IIS problem which should have some form of support document in the Microsoft Knowledgebase online.
  • Mark - thanks for the response. This is good information and it provides me with a starting point at least! I'll verify the version of IIS I'm using and then hit the Microsoft Knowledgebase to see if I can find anything that pertains to this. Would be great if I can find a documented workaround, even if it means upgrading to a newer version of IIS.
  • I think I found it: As you said, Vanilla drops a new location directive in the cookie header. And this KB article is saying that IIS will ignore all other headers when the Location header (redirect) is set. This is a problem in IIS 3, 4, and 5, but supposedly is fixed in IIS 6. And I've just verified that I'm running on IIS 5.0. So I think an upgrade to IIS 6 may be needed to get Vanilla cookies to get set correctly like they do on a *nix host. I'm going to see if I can upgrade to IIS 6.0 and if that does the trick... and report back with the news here.
  • Arg. Just found out that upgrading to IIS 6.0 isn't an option for me because I'm on a Windows 2000 server. The possible solutions to this problem are: 1- Migrate to Apache/IIS6/Whatever 2- Use a Non Parsed Header Script (nph-*.php) 3- Try with header('Refresh: 0; $URL'); #1 is not an option for my situation. If I wanted to try #2, which file would it be? /library/People/People.Class.Authenticator.php? Not sure if this would work but my idea was to change People.Class.Authenticator.php to nph-People.Class.Authenticator.php and then create an alias from People.Class.Authenticator.php to nph-People.Class.Authenticator.php so that I wouldn't have to alter any code. Do I have the right file? Or am I totally off-base? Would something like this even work?
This discussion has been closed.