Okay, so I've recently changed my web-server from Apache to nginx, as the latter seems to have a much more stable memory footprint (Apache was often exploding in RAM usage).
Anyway, nothing else has changed, but since doing this I'm encountering a weird permissions issue with my phpBB forum; namely, many users are being told they can't download attachments because they're not authorised, even though they were sent to them in a private message!
I'm struggling to debug the issue, but I can reproduce it. Adding debug statements into download/file.php I've been able to determine that permissions are returning false that shouldn't, but I can't for the life of me figure out why, as the permissions are all reporting as expected in the admin panel. I've manually inspected various places and everything looks fine; the ACL tables in the database are correct, I've cleared the cache to recreate the cached ACL settings, and done the same with clearing the user_permissions column, but nothing seems to be repairing the permissions.
I've even managed to trigger the issue in a forum, and can see that the 'f_download' permission is coming back false, even though I'm an admin user and attachment downloading is enabled board-wide.
Now of course the fact that I've switched to nginx could be coincidental, as I can't think of any reason why it should change anything, as my database hasn't moved, and I'm using the same PHP version with the same settings (in fact it was separate from Apache anyway so nothing has changed at all).
I just thought to try dumping the contents of $user->data, and discovered that the file is treating me as an anonymous user, even though I have valid login credentials everywhere else on the site. Any ideas why it would be ignoring my cookies? I've tried manually adding my sid to the URL and it makes no difference either, the $user variable is still coming through as if anonymous.