Cookie domain question

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
redsquirrel
Registered User
Posts: 40
Joined: Wed Aug 20, 2014 3:54 am

Cookie domain question

Post by redsquirrel »

I noticed that if the cookie domain is not set correctly, everything breaks, including being able to login. Even after setting it correctly, it will not work until cookies are manually cleared from the browser, the link at the bottom to delete cookies does not work. This is a bit of an issue since that info is stored in the database, so when I move between dev/test/prod if I restore the DB from another environment then I need to manually go change it. If anything happens in prod where the domain changes it would also break for all users until they manually delete their cookies.

Is there a way around this, like a way to set this via a config file? Shouldn't the software just be using the current hostname via $_SERVER['HTTP_HOST'] instead of relying on a setting?
Last edited by Mick on Thu Dec 07, 2023 8:08 pm, edited 1 time in total.
Reason: Solved.
User avatar
Brf
Support Team Member
Support Team Member
Posts: 53460
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}

Re: Cookie domain question

Post by Brf »

If the Force Settings flag is set to no, it attempts to use the hostname you are referencing, to fill in that setting. I am assuming there is some security involved with keeping it in a setting, rather than reading from the server it every time.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26651
Joined: Fri Aug 29, 2008 9:49 am

Re: Cookie domain question

Post by Mick »

When next you do your swap from “dev/test/prod“ etc. edit the cookie settings to suit the new domain then rename the cookie itself by changing the last digit. That way everyone visiting the board will get the new cookie.

Knowledge Base - Fixing incorrect cookie settings.

Edit: As per Brf check “Force Settings”.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
redsquirrel
Registered User
Posts: 40
Joined: Wed Aug 20, 2014 3:54 am

Re: Cookie domain question

Post by redsquirrel »

Hmm yeah I suppose a cookie script might be an option, I'll make one that is just automated and takes no user input. I can just run it any time I move the database between environments. Although is there a way to tell the browser to also delete the cookies including old ones with a different name? When I'm restoring a db locally in my dev environment I can't login until I manually clear all phpbb related cookies even from other domains. I could see that being an issue in prod, such as if I have to restore a backup after a server issue or something.
User avatar
P_I
Community Team Member
Community Team Member
Posts: 2394
Joined: Tue Mar 01, 2011 8:35 pm
Location: Western Canada 🇨🇦

Re: Cookie domain question

Post by P_I »

redsquirrel wrote: Wed Dec 06, 2023 5:48 pm I'll make one that is just automated and takes no user input. I can just run it any time I move the database between environments.
Mine is posted here.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
redsquirrel
Registered User
Posts: 40
Joined: Wed Aug 20, 2014 3:54 am

Re: Cookie domain question

Post by redsquirrel »

Cool that's pretty much what I had in mind, so I'll just use that.

Return to “[3.3.x] Support Forum”