PHP-Nuke/PHPbb Cookie Settings - The DEFINITIVE ANSWER

New Member Joined: Sep 19, 2006 Posts: 1

PHP-Nuke/PHPbb Cookie Settings - The DEFINITIVE ANSWER

There have been multiple posts about problems people have been having with cookies not being properly set or working properly from within PHP-Nuke, especially in relation to the PHPbb forums.

Symptoms of cookie problems within the PHPbb module of PHP-Nuke include:
1) Users unable to login or remain logged in during their session
2) Users being forced to login ever time they visit the site
3) New PHPbb forum messages being highlighted the first time a visitor enters the forums, but then all new message indicators disappear as soon as the user reads or creates a single post, refreshes the browser, hits the browser back button, or leaves the forum and reenters without logging out of the forum or website.

The goal of this post is to demystify the meaning of these configuration settings in PHPbb, and also to dispel some misinformation that has been spread as "solutions" to this issue.

Within the PHPbb Forum Administration (not to be confused with the PHP-Nuke admininstration area!), go to:
GENERAL ADMIN > CONFIGURATION

Value: DOMAIN NAME
-- Generally this will be [ Only registered users can see links on this board! Get registered or login! ]
-- If you installed PHP-Nuke (aka Raven) into a subfolder within your wwwroot, then you may want to consider setting this to the full path to the PHP-Nuke root. For example, it may need to read [ Only registered users can see links on this board! Get registered or login! ]
-- In general, you should never have a trailing slash (/) at the end of the Domain Name.
-- NOTE: This setting has NOTHING to do with the cookies, however, it DOES affect all of the path settings for the other forum configuration sections, since the DOMAIN NAME will be automatically prepended to the beginning of all of the paths you define.

Value: COOKIE DOMAIN
-- Generally it is best to leave this field BLANK!
-- This is the "domain" that will be set and used for the cookies.
-- The "cookie domain" must match exactly the URL domain that the user's browser is using to access your website.
-- It is important to understand that if your webserver is configured to respond to requests at multiple URL domains (such as yoursite.com, [ Only registered users can see links on this board! Get registered or login! ] and also forum.yoursite.com) then each URL domain will create and look for their own separate set of cookies on the user's browser. In other words, a cookie that was set by yoursite.com will NOT work if the user returns to your site by visiting [ Only registered users can see links on this board! Get registered or login! ] Therefore, if you define a value for COOKIE DOMAIN, then PHPbb will ONLY set cookies for that URL domain, hence they will only work if the user's browser is visiting your site by using that exact URL. By leaving the COOKIE DOMAIN value blank, your webserver will automatically create cookies for whatever domain URL the browser used to access your site. This will not fix the issue of cookies from one URL not being usable by another URL, but it will eliminate the likelihood of a user's cookies not working properly within the session or on future visits.

Value: COOKIE NAME:
-- Generally you can leave this at its default setting.
-- There should NEVER be a space, a period (.), or a slash (/) in a cookie name! Only use basic latin letters and numbers, avoid all punctuation.
-- It should NOT be left blank. PHP-Nuke creates its own set of cookies, so to avoid conflict you should define a value here.
-- The COOKIE NAME value will automatically be prepended to the name of all cookies set by PHPbb.
-- If you are running more than one forum on your webserver it would be wise to change it to keep the cookies from each forum from overwriting or interfering with one another.
-- I would recommend naming it "phpbbyoursite" (without the quotes), but you can make it anything you want as long as you use valid characters.

Value: COOKIE PATH:
-- This is where most people get messed up!
-- The magic bullet is that the COOKIE PATH must fill in any gap between the end of the URL domain, and where the PHP-Nuke file "modules.php" exists! See the examples below.
-- Generally you can leave this at its default setting of a single slash (/).
-- It should NOT be left blank, and should NOT contain any spaces.
-- The last character in the COOKIE PATH should ALWAYS be a slash (/).
-- PHPbb will automatically assemble cookies in the following manner: COOKIE DOMAIN + COOKIE PATH + COOKIE NAME) It is therefore imperative that your combined settings will result in a valid constructed URL path.
-- It is important to understand that the slashes (/) are critical since this is what divides the cookie domain, path, and name values from one another. If there are no slashes, then the values will run into one another without any separation, resulting in an invalid URL.

Value: COOKIE SECURE
-- Generally you should leave this at its default value of "Disabled".
-- If you don't know what SSL is or what this means, then don't mess with it!

Value: SESSION LENGTH [ SECONDS ]
-- Generally you should leave this at its default value of "3600".
-- This is how long a session cookie will last before it auto expires on the user's browser.
-- Again, if you don't know what this means, or a specific reason of why you should change it, then don't mess with it!

Some Practical Examples:
Example #1: You access PHP-Nuke (aka Raven) at [ Only registered users can see links on this board! Get registered or login! ] --or-- [ Only registered users can see links on this board! Get registered or login! ] --or-- [ Only registered users can see links on this board! Get registered or login! ]
COOKIE DOMAIN = (blank)
COOKIE NAME = phpbbyoursite
COOKIE PATH = /
COOKIE SECURE = Disabled
SESSION LENGTH = 3600

Example #2: You access PHP-Nuke (aka Raven) at [ Only registered users can see links on this board! Get registered or login! ]
COOKIE DOMAIN = (blank)
COOKIE NAME = phpbbyoursite
COOKIE PATH = /phpnuke/
COOKIE SECURE = Disabled
SESSION LENGTH = 3600

Example #3: You access PHP-Nuke (aka Raven) at [ Only registered users can see links on this board! Get registered or login! ]
COOKIE DOMAIN = (blank)
COOKIE NAME = phpbbyoursite
COOKIE PATH = /members/phpnuke/
COOKIE SECURE = Disabled
SESSION LENGTH = 3600

Troubleshooting method:
By default, most browsers will accept all cookies automatically. For temporary troubleshooting, in your browser's settings, modify your privacy or security settings regarding cookies, and set your browser to Prompt you before accepting for ALL cookies. This way, your browser will pop up a dialog box which will enable you to view the cookie contents in detail. Be sure to accept them, but this way you can see what the actual cookie values are to ensure that the domain, path, and name are being defined properly. The actual value of the cookies is less important. What's important are the domain and path. After enabling prompt for cookies, clear your browsers cache and cookies, then close all browser sessions. Once that's done, open a browser and start to test your PHP-Nuke installation to ensure the cookies are being set properly.

That should do it! You're on your own from here on, I'm not able to handle support requests or follow-up questions. I'm just a community member and putting this out there for the community's benefit. Enjoy!

----------------------
-I4nI- Audie Murphy [ Only registered users can see links on this board! Get registered or login! ]
www [dot] i4niclan [dot] net
----------------------

Site Admin Joined: Jun 04, 2004 Posts: 6432

Welcome, and thank you for the informative post.

Posted: Wed Sep 20, 2006 9:24 am

I find some problems with this.

First cookie domain should not be left blank as it can cause problems and conflicts. It should match your domain, as the title suggests. So in the example [ Only registered users can see links on this board! Get registered or login! ] it should be .yoursite.com Please take note of the starting . as the domain requires 2 dots. If your site is [ Only registered users can see links on this board! Get registered or login! ] the domain would be nuke.yoursite.com

Second the cookie name can be left blank, it will not hurt anything, but that is not recommend. You should be naming it something that makes sense. I tell everyone you should name it your domain name. The reason being is that if you need to delete a cookie its much easier to find when it has a name that makes sense. So using the previous example of [ Only registered users can see links on this board! Get registered or login! ] I would suggest making the cookie name yoursite

Here is some more information: [ Only registered users can see links on this board! Get registered or login! ]

Posted: Sun Oct 01, 2006 9:55 am

Thanks for these postings. I tried the autocookie mod that's referred to in technocrat's post on two different systems. On one I just get bad path messages and on the other a blank screen. I read the phpbb forum re. installation and tried several approaches, even read the readme and it doesn't work. I don't have time to fool with it further but I thought I'd report it. I suspect the problem has to do with the phpbb_root path and perhaps the fact that this was designed to work with "pure" phpbb and not with phpbb embedded in Nuke.

FWIW the conclusion I came to was that it needs to be installed in /modules/Forums/install after you create such an install directory but as I said it doesn't work. (I'm trying to deal with the problem of a user who doesn't have a clue whether he is logged in or not and is trying to create a new topic in Forums and getting SQL errors on bbtopics ... where he should probably be getting redirected to a login screen ... but I dare not have him mess with cookies or I'll be responsible when nothing on his computer works anymore ... so I'm just hoping that when I do the rn210 thing and get upgraded to bbtonuke 2.21 the problem will magically disappear. Or he'll get discouraged and stop reporting it or figure out how to login).

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

I came across this topic while looking for something and I thought I would add to it. PHrEEkie submitted a download on October 17, 2007 called AutoCookie for phpNuke. His description of the script.

PHrEEkie wrote:

This file reads your current cookie settings for phpBB when installed in PHP-Nuke. Do not use this file with a standalone phpBB installation! Your current settings are displayed, along with a Form that contains suggested settings that are known to be stable. These suggestions may or may not be the same as your current settings. You are allowed to accept any suggestions, or manually modify any setting at will. If it is all going horribly wrong, you can choose to load a Default set of cookie settings, enabling you to start at square one.

Download AutoCookie for phpNuke

Involved Joined: Oct 09, 2006 Posts: 413 Location: UK

Hey...thats 1 recommended script right there.

I was experiencing many issues mentioned above. I just got the script, ran it....and robert's your dad's brother...fixed.

And i made sure i moved it to a non-public area, and renamed it afterwards Wink