Cookie Problem (bug?)

monstr · October 2007

Hey Folks. I was running vanilla for a few months, yesterday i decided to delete the database an install a completely fresh version. The problem is, that the cookies seem to say "user id=4 login=true" or something like that, i don't know how that stuff works exactly. So some users of the old install before were now logged in as completely different users. I hope you can follow me, my english is not the best

WallPhone · October 2007

I think you need to put something like this in conf/settings.php:

$Configuration['COOKIE_USER_KEY'] = 'forgetoldcookieone';
$Configuration['COOKIE_VERIFICATION_KEY'] = 'forgetoldcookietwo';

by default they should be 'lussumocookieone/two' so I renamed the defaults to make it forget those cookies that are already out there.

monstr · October 2007

aah, i see. thank you very much for the quick support.

Dinoboff · October 2007

How could they get logged-in with a wrong verification key?

monstr · October 2007

i don't know how this could happen, we tested it serveral times and everytime it happened again...

Dinoboff · October 2007

Which extensions are you using?

Dinoboff · October 2007

Also try to change in your browser the cookie value of *cookieone and *cookietwo (and remove the session cookie) to check if you can log-in an other user account this way.

monstr · October 2007

hm this also appeared with no extension loaded

Dinoboff · October 2007

Can you log in an other user account by just changing the value of whatevercookieone in your browser (you can use the "web developper toolbar " > Cookies > view cookies information > edit cookie)

monstr · October 2007

Hm i din't try that. Now it's too late, everythink works fine again..

Cookie Problem (bug?)

Comments