We have a 3rd party application (Learning Management System, AKA LMS) for which we have integrated phpBB as a discussion board component. We developed some PHP code that allows single sign on so that a student can log into our LMS and then get redirected to the correct phpBB forum and topic post bypassing the login prompt. This code seems to work just fine in the Firefox browser, but does not seem to work in Chrome, Internet Explorer 11, or Edge browsers. We are wondering if anyone has seen a problem like this before? We are currently using phpBB version 3.2.7 with a SQL Server database.
Without getting into the specific code we are using, the general process we are using is:
1. Check that the user's username and password is found in the users table and is correct. If OK, proceed, if not error out.
2. Check the session keys table based on user ID and last IP used. If no record found, add a record for the current user ID and IP address (involves generating a key ID which is a session ID).
3. Check the sessions table based on user ID and IP address. If no record found, create one and make sure that autologin is set to true (1). If record is found, make sure that autologin is set to true (1).
4. Create browser cookies as follows: "u" which is the user ID, "k" which is the key ID generated earlier, and "sid" which is the session ID generated earlier
5. Get the redirect URL (created by the LMS that includes a link to the topic in the correct forum and is passed into the code via POST) and append the session ID and redirect the browser to that URL.
Any ideas/suggestions? I'm thinking the issue may have something to do with the code that creates the browser cookies since that is something that could be handled differently by different browsers whereas all the other code is back end and should not be affected by the browser.