Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Fri Dec 09, 2016 6:45 pm


This forum is dedicated to Apache, Nginx, Lighttpd, Squid and other HTTP transport protocol related software

Author Message
debuser
Post  Post subject: Phpbb 3.0.5 "Log me on automatically" cookies and sessions problem  |  Posted: Tue May 18, 2010 4:44 pm

Joined: Thu Aug 06, 2009 2:48 am
Posts: 105

Offline
 

Phpbb 3.0.5 "Log me on automatically" cookies and sessions problem

After deploying my forum on a php 5.3 server, I noticed a very ugly behavior: The "Log me on automatically" feature wasn't having any effect and the session IDs were appended to the URLs in the GET requests (&sid=.....). After checking and modifying phpbb cookie settings and cache removing, I had no success.

The solution came from this thread: http://www.phpbb.com/community/viewtopic.php?f=46&t=1823105:

The .htaccess file in the root of the phpbb board must contain following lines:
Code:
php_flag register_globals Off
php_flag magic_quotes_gpc Off
php_value request_order GPC


First two (register_globals and magic_quotes_gpc) anyone knows what they do. Last one is a little documented in php.ini:
Quote:
; This directive determines which super global data (G,P,C,E & S) should
; be registered into the super global array REQUEST. If so, it also determines
; the order in which that data is registered. The values for this directive are
; specified in the same manner as the variables_order directive, EXCEPT one.
; Leaving this value empty will cause PHP to use the value set in the
; variables_order directive. It does not mean it will leave the super globals
; array REQUEST empty.
; Default Value: None
; Development Value: "GP"
; Production Value: "GP"
; http://php.net/request-order





Top
debuser
Post  Post subject: Re: Phpbb 3.0.5 "Log me on automatically" cookies and sessions problem  |  Posted: Tue May 18, 2010 4:46 pm

Joined: Thu Aug 06, 2009 2:48 am
Posts: 105

Offline
More info about php 5.3 request_order: http://www.suspekt.org/2008/10/01/php-53-and-delayed-cross-site-request-forgerieshijacking/


Top
debuser
Post  Post subject: Re: Phpbb 3.0.5 "Log me on automatically" cookies and sessions problem  |  Posted: Tue May 18, 2010 4:48 pm

Joined: Thu Aug 06, 2009 2:48 am
Posts: 105

Offline
Quote:
Because removing cookies from $_REQUEST might break badly written software request_order is not set by default. However the recommended setting by the PHP developer is to set it to “GP” which means only $_GET and _POST data is merged into $_REQUEST with $_POST data overwriting $_GET data.


Top
admin
Post  Post subject: Re: Phpbb 3.0.5 "Log me on automatically" cookies and sessions problem  |  Posted: Wed May 19, 2010 3:08 am
Site Admin

Joined: Mon Aug 03, 2009 8:43 am
Posts: 92

Offline
Removing the cookies from the board is necessary.
To remove the board cookies on Firefox (3.5): Right Click -> Vie Page Info -> Security -> View Cookies. Select all cookies and remove them.

_________________
VPSie - SSD VPS servers in AMS-IX, LINX, DE-CIX
https://vpsie.com


Top
Display posts from previous:  Sort by  
E-mail friendPrint view

Topics related to - "Phpbb 3.0.5 "Log me on automatically" cookies and sessions problem"
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. Starting nginx: [emerg]: directive "rewrite" is not terminated by ";"

debuser

0

3216

Tue Feb 23, 2010 6:05 am

debuser View the latest post

There are no new unread posts for this topic. Apache - Restricting "Server" information in HTTP response header with ServerTokens

debuser

0

414

Thu Nov 10, 2011 6:39 am

debuser View the latest post

There are no new unread posts for this topic. Converting PhpBB-SEO Apache RewriteRule to Nginx rewrite

debuser

0

1650

Tue Feb 23, 2010 5:00 am

debuser View the latest post

There are no new unread posts for this topic. Remove "X-Powered-By: PHP/5.2.11" from HTTP headers of your web server

debuser

0

1442

Wed Mar 24, 2010 6:49 am

debuser View the latest post

 

Who is online
Users browsing this forum: No registered users and 0 guests
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO