Make ACP cookie configuration easier

https://www.phpbb.com/ideas/
Post Reply
Author:
v12mike
Posted:
Wed Aug 07, 2019 6:38 am
Rating:
Status:
New
v12mike
Registered User
Posts: 353
Joined: Thu Jul 09, 2015 5:03 pm

Make ACP cookie configuration easier

Post by v12mike » Wed Aug 07, 2019 6:38 am

The current ACP cookie configuration page, although functionally adequate is confusing for many (especially new) admins and over the years has been the cause of a lot of issues with users (and admins) being locked out after installs, upgrades and reconfigurations.

I would like to change the default behaviour and configuration page layout to make life simpler, while not taking away the option for advanced admins to configure cookies the same way they currently do.

From the admins point of view, the default cookie configuration fields would all be blank, with the board determining a safe set of values, which could be over-ridden by an admin if desired, although the need for this should be rare, except where cookies are being shared with another application.

Going through the parameters:
  • Cookie domain: No functional change, but the help text to be updated to recommend more strongly that it be left blank. I would also investigate further whether the leading dot in the cookie domain is still relevant today (I suspect not).
  • Cookie Name: This should normally be left blank. In the case that it is left blank, the board will calculate a suitable value, by concatenating the board path with a cookie_version number which is incremented
    • each time the cookie settings are saved,
    • each time the sessions table is purged
    • each time the board protocol (http:/https:) is changed
    This is a similar concept to assets version number.
  • Cookie path: This should be left blank, but internally defaults to the board path.
  • Cookie secure: This should have a 3rd (default) option of Automatic, where the cookie secure value tracks the http: or https: configuration of the board.
I would also like the ACP cookie configuration page to display the current cookie configuration of the board.

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69294
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Make ACP cookie configuration easier

Post by KevC » Wed Aug 07, 2019 8:03 am

Surely if all of the fields are blank then more people really are going to be locked out. You would need a fundamental understanding of what should go in those fields and if you get it wrong by adding or not adding http:// in the right place then you'll never get back in.

At the moment it suggests values which are highly likely to be correct on a new installation.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

v12mike
Registered User
Posts: 353
Joined: Thu Jul 09, 2015 5:03 pm

Re: Make ACP cookie configuration easier

Post by v12mike » Wed Aug 07, 2019 10:17 am

What I am suggesting is that if all the fields in the ACP are left blank, then the board will select a safe set of parameters to populate the actual cookies (which of course are not blank).

The problem with the current implementation is that it requires admins to fill in values that they often don't understand and in the majority of installations a safe set of cookie parameters can be determined by simple algorithm.

User avatar
david63
Registered User
Posts: 16401
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Make ACP cookie configuration easier

Post by david63 » Wed Aug 07, 2019 10:28 am

v12mike wrote:
Wed Aug 07, 2019 10:17 am
then the board will select a safe set of parameters to populate the actual cookies
Isn't that what is effectively happening now?
v12mike wrote:
Wed Aug 07, 2019 10:17 am
The problem with the current implementation is that it requires admins to fill in values that they often don't understand
There is normally no requirement for an Admin to fill anything in - but they do need the facility to change the settings.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69294
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Make ACP cookie configuration easier

Post by KevC » Wed Aug 07, 2019 10:42 am

What he said ^

It generally fills in all of the correct information at the point of installation. I've never edited anything on that page in all of the installations I've ever done.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

User avatar
Tastenplayer
Registered User
Posts: 285
Joined: Thu Jul 03, 2014 9:20 pm
Location: Switzerland
Name: Jutta Koliofotis
Contact:

Re: Make ACP cookie configuration easier

Post by Tastenplayer » Tue Aug 13, 2019 7:00 am

KevC wrote:
Wed Aug 07, 2019 10:42 am
What he said ^
I've never edited anything on that page in all of the installations I've ever done.
I had to adjust the settings every time.
This is related to the server configuration / address of the forum (subdomain with reference to folders and redirection to https). Then you must not forget to add the dot in front of the cookie domain. Which beginner admin knows that there must be a dot in front of it. If this point is missing, you get problems.
My phpBB Style Board & MoreNew version of Style FlowerPowerBROWSERLING - Test your style live in all IE Versions
Be the best version of yourself rather than a bad copy of someone else!
Excuse me for my English, but I learned the language by speaking to people and not at school. The best online Translator

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69294
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Make ACP cookie configuration easier

Post by KevC » Tue Aug 13, 2019 8:32 am

More often than not it's correct already on the page when I've done installations.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

User avatar
AmigoJack
Registered User
Posts: 5604
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Make ACP cookie configuration easier

Post by AmigoJack » Wed Aug 14, 2019 7:27 am

Tastenplayer wrote:
Tue Aug 13, 2019 7:00 am
Which beginner admin knows that there must be a dot in front of it.
If that was intended as a question then the answer is: those being prepared. Being a beginner doesn't imply you weren't able to gather knowledge in advance: RFC 2109 defines cookies and the differences between a leading dot and none for the domain part - either one understands that, or one simply accepts that is is needed that way.
The worst thing about censorship is ███████████
Affin wrote:
Tue Nov 20, 2018 9:51 am
The problem is probably not my English but you do not want to understand correctly.
...
We will not come anybody anyway, nevertheless, it's best to shit this.

Post Reply

Return to “phpBB Ideas”