Cookies and choosing the right configuration

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
Post Reply
User avatar
Sforeign
Registered User
Posts: 5
Joined: Fri Oct 31, 2008 10:18 pm
Contact:

Cookies and choosing the right configuration

Post by Sforeign »

There are two ways as far as I know of setting up cookies on your phpBB forum. One way is with a period-prefix (.domain.com) and one without (domain.com).

Using the prefix provides cookie support for whereby someone accesses your site without putting the www. in the url. It was designed for subdomains I believe but will provide support for both.

Whereas not using the prefix could deny cookies to any user who accesses your site without using the www.

I was wondering therefore, why there are two types if it is all round better to just use the prefix in all situations?

That said I have never experienced cookie problems myself without using the prefix.

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: Cookies and choosing the right configuration

Post by Techie-Micheal »

You must have at least two periods in the domain name. You can have any of the following:

www.example.com
.example.com
example.com.
community.example.com (same as www, but added to make a point)
a.community.example.com

And so on.
Proven Offensive Security Expertise. OSCP - GXPN

User avatar
Sforeign
Registered User
Posts: 5
Joined: Fri Oct 31, 2008 10:18 pm
Contact:

Re: Cookies and choosing the right configuration

Post by Sforeign »

You say at least two, but phpBB automatically configures your cookie settings to:

Code: Select all

example.com
So I don't follow your post.

Granted, according to various sources:

Code: Select all

.example.com
Is better for all circumstances, and does have at least two periods, but the second period can't be essential for the fundamental operation if phpBB merely assigns it with one period?

Also I was wondering what cookie names can be used with the different cookie domains, and what the differences are.

User avatar
Phil
Former Team Member
Posts: 10403
Joined: Sat Nov 25, 2006 4:11 am
Name: Phil Crumm
Contact:

Re: Cookies and choosing the right configuration

Post by Phil »

You can use any cookie name, as long as it is unique. As far as I know, the benefit of being more specific with the cookie domain affected (e.g. using domain.com instead of .domain.com) is so there aren't any cookie overlap issues, but as long as the cookie name is unique that shouldn't be a concern.
Moving on, with the wind. | My Corner of the Web

User avatar
Sforeign
Registered User
Posts: 5
Joined: Fri Oct 31, 2008 10:18 pm
Contact:

Re: Cookies and choosing the right configuration

Post by Sforeign »

Thanks, now I see.

I was also wondering what the difference is between the names. As far as I know there are two, those being:

phpbb3_lepbi

and

phpbb3_lepbi2

Can either of those be used with either cookie domain... or what are the fundamentals here? I was considering using the .example.com cookie domain, to cater in the absense of a www. prefix, but was concerned as to what cookie name I should use in this case. What are the differences with these?

Kim_Possible
Registered User
Posts: 1343
Joined: Sun Sep 21, 2008 3:57 pm

Re: Cookies and choosing the right configuration

Post by Kim_Possible »

I think phpBB3 randomizes cookie names. I've seen all kinds of different cookie names for phpBB. My test site's cookie name is currently: phpbb3_5mfbv.

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: Cookies and choosing the right configuration

Post by Techie-Micheal »

Sforeign wrote:You say at least two, but phpBB automatically configures your cookie settings to:

Code: Select all

example.com
So I don't follow your post.
Not sure where you saw that, because this is what phpBB auto-configured for me:

.example.com
Granted, according to various sources:

Code: Select all

.example.com
Is better for all circumstances, and does have at least two periods, but the second period can't be essential for the fundamental operation if phpBB merely assigns it with one period?

Also I was wondering what cookie names can be used with the different cookie domains, and what the differences are.
So if phpBB did example.com without the second period, then there is either a bug or a problem with your server setup, or both, because a cookie domain needs to have at least two periods, as I explained above. :)
Proven Offensive Security Expertise. OSCP - GXPN

User avatar
Sforeign
Registered User
Posts: 5
Joined: Fri Oct 31, 2008 10:18 pm
Contact:

Re: Cookies and choosing the right configuration

Post by Sforeign »

Thanks, now I see.

Am I right in saying you can put anything, as in anything, for the cookie name? Like pinkhedgehogsonbeans would even work?

User avatar
darcie
Community Team Member
Community Team Member
Posts: 5541
Joined: Thu Jul 27, 2006 9:52 am
Location: Davis, California
Name: Darcie Griffin
Contact:

Re: Cookies and choosing the right configuration

Post by darcie »

Pretty much. But don't use dots, spaces, or other special characters. Use upper or lower case letters, numbers, and underscore.
phpBB on Facebook | Site Rules | Former Community Team leader

Post Reply

Return to “phpBB Discussion”