Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Fri Oct 18, 2019 8:11 pm


Username:
Subject:
Message body:
Enter your message here, it may contain no more than 60000 characters. 

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
Font size:
 
Font colour
Options:
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Disable BBCode
Disable smilies
Do not automatically parse URLs
Confirmation code
Confirmation code:
In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.
     

Topic review - Phpbb 3.0.5 "Log me on automatically" cookies and sessions problem
Author Message
Post subject: Re: Phpbb 3.0.5 "Log me on automatically" cookies and sessions problem  |  Post Posted: Wed May 19, 2010 3:08 am
Removing the cookies from the board is necessary.
To remove the board cookies on Firefox (3.5): Right Click -> Vie Page Info -> Security -> View Cookies. Select all cookies and remove them.
Post subject: Re: Phpbb 3.0.5 "Log me on automatically" cookies and sessions problem  |  Post Posted: Tue May 18, 2010 4:48 pm
Quote:
Because removing cookies from $_REQUEST might break badly written software request_order is not set by default. However the recommended setting by the PHP developer is to set it to “GP” which means only $_GET and _POST data is merged into $_REQUEST with $_POST data overwriting $_GET data.
Post subject: Re: Phpbb 3.0.5 "Log me on automatically" cookies and sessions problem  |  Post Posted: Tue May 18, 2010 4:46 pm
More info about php 5.3 request_order: http://www.suspekt.org/2008/10/01/php-53-and-delayed-cross-site-request-forgerieshijacking/
Post subject: Phpbb 3.0.5 "Log me on automatically" cookies and sessions problem  |  Post Posted: Tue May 18, 2010 4:44 pm
After deploying my forum on a php 5.3 server, I noticed a very ugly behavior: The "Log me on automatically" feature wasn't having any effect and the session IDs were appended to the URLs in the GET requests (&sid=.....). After checking and modifying phpbb cookie settings and cache removing, I had no success.

The solution came from this thread: http://www.phpbb.com/community/viewtopic.php?f=46&t=1823105:

The .htaccess file in the root of the phpbb board must contain following lines:
Code:
php_flag register_globals Off
php_flag magic_quotes_gpc Off
php_value request_order GPC


First two (register_globals and magic_quotes_gpc) anyone knows what they do. Last one is a little documented in php.ini:
Quote:
; This directive determines which super global data (G,P,C,E & S) should
; be registered into the super global array REQUEST. If so, it also determines
; the order in which that data is registered. The values for this directive are
; specified in the same manner as the variables_order directive, EXCEPT one.
; Leaving this value empty will cause PHP to use the value set in the
; variables_order directive. It does not mean it will leave the super globals
; array REQUEST empty.
; Default Value: None
; Development Value: "GP"
; Production Value: "GP"
; http://php.net/request-order
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO