• Welcome to Simple Machines Community Forum. Please login or sign up.

SMF 2.0.16+ cookie changes

December 28, 2019, 03:31:53 AM
Posted by Sesquipedalian on December 28, 2019, 03:31:53 AM

Comments


Skhilled on December 28, 2019, 09:05:03 AM said
Thanks for your hard work. :)

RockLee on December 28, 2019, 09:01:19 PM said
Thanks for all the work, I think so far I don't use any mod that uses those lines (I have to see if any will give problems).


Regards!

Rob Lightbody on December 29, 2019, 11:58:22 AM said
Thanks for this post.  It explains why my Coppermine Gallery has stopped working.

I want to temporarily use your function to disable the new cookie security, to allow me to get Coppermine updated - I can see the checkbox "Use basic cookie authentication" but its disabled ?

Keep up the good work team, and thanks for the support so far.

Shambles on December 29, 2019, 04:19:41 PM said
Quote
... I can see the checkbox "Use basic cookie authentication" but its disabled ? ...

Indeed - the new cookie stuff seems to have disabled TapaTalk access.  How is this new authentication checkbox controlled?

SleePy on December 29, 2019, 04:58:10 PM said
The setting is only supposed to be enabled if another integration has triggered 'integrate_verify_user'.
You can directly add it to your Settings.php though to bypass this:

$cookie_no_auth_secret = true;


You will be logged out again after changing this.

rbradbury on December 29, 2019, 05:25:02 PM said
Thanks for the quick reply.

I added the code to Settings.php but the 'Use basic cookie authentication' checkbox remained greyed out

GL700Wing on December 29, 2019, 06:45:54 PM said
Quote from: SleePy on December 29, 2019, 04:58:10 PM
The setting is only supposed to be enabled if another integration has triggered 'integrate_verify_user'.
You can directly add it to your Settings.php though to bypass this:

$cookie_no_auth_secret = true;


You will be logged out again after changing this.
I made this change via Administration Center » Server Settings » Cookies and Sessions in the hope of also getting my Coppermine bridge to work again but now whenever I try to login to SMF I get the error message "You were unable to login. Please check your cookie settings."

The only way I could get back into my forum was to manually edit Settings.php and remove/comment out the line $cookie_no_auth_secret = 1;.


Edit: On another forum enabling this setting did not cause any issues as far as logging into SMF was concerned but it didn't resolve the Coppermine bridging issue ...

lurkalot on December 29, 2019, 07:18:56 PM said
Quote from: GL700Wing on December 29, 2019, 06:45:54 PM
Quote from: SleePy on December 29, 2019, 04:58:10 PM
The setting is only supposed to be enabled if another integration has triggered 'integrate_verify_user'.
You can directly add it to your Settings.php though to bypass this:

$cookie_no_auth_secret = true;


You will be logged out again after changing this.
I made this change via Administration Center » Server Settings » Cookies and Sessions in the hope of also getting my Coppermine bridge to work again but now whenever I try to login to SMF I get the error message "You were unable to login. Please check your cookie settings."

The only way I could get back into my forum was to manually edit Settings.php and remove/comment out the line $cookie_no_auth_secret = 1;.


Edit: On another forum enabling this setting did not cause any issues as far as logging into SMF was concerned but it didn't resolve the Coppermine bridging issue ...

Regarding the Coppermine bridge.  There's two new bridge files you can download to resolve this, uploaded tonight.  One for Coppermine 1.5.x https://forum.coppermine-gallery.net/index.php/topic,80028.msg387612.html#msg387612

and one for Coppermine 1.6.x https://forum.coppermine-gallery.net/index.php/topic,77951.msg387613.html#msg387613

KittyGalore on December 29, 2019, 07:27:09 PM said
Quote from: rbradbury on December 29, 2019, 05:25:02 PM
Thanks for the quick reply.

I added the code to Settings.php but the 'Use basic cookie authentication' checkbox remained greyed out
If you change it from disabled to enabled in the Mangeserver.php it won't be greyed out.

GL700Wing on December 29, 2019, 07:36:08 PM said
Quote from: lurkalot on December 29, 2019, 07:18:56 PM
Regarding the Coppermine bridge.  There's two new bridge files you can download to resolve this, uploaded tonight.  One for Coppermine 1.5.x https://forum.coppermine-gallery.net/index.php/topic,80028.msg387612.html#msg387612

and one for Coppermine 1.6.x https://forum.coppermine-gallery.net/index.php/topic,77951.msg387613.html#msg387613
Perfect - worked like a charm!  Thanks!!

RockLee on December 30, 2019, 08:35:45 PM said
Quote from: SleePy on December 29, 2019, 04:58:10 PM
The setting is only supposed to be enabled if another integration has triggered 'integrate_verify_user'.
You can directly add it to your Settings.php though to bypass this:

$cookie_no_auth_secret = true;


You will be logged out again after changing this.

No effect, I could not log in (at least with a secondary account) I had to comment on the entire line to allow me to enter ... I would have to do tests with a new user if the same happens but only applies to old users.


Regards!

Sesquipedalian on December 31, 2019, 01:26:51 AM said
We'll be simplifying the logic that controls this in 2.0.18.

In the meantime, if manually adding $cookie_no_auth_secret = 1; to your Settings.php isn't enough to make this work as you want, try also adding an entry for 'integrate_verify_user' to the settings table in your database, and give it a dummy value, as shown in the attached image.

RockLee on December 31, 2019, 07:58:33 AM said
In a new forum it doesn't give me problems but if I update my site, doing tests if I put in value 0 there is no problem but when I can be on my computer I make the change you suggest me! Thank you @Sesquipedalian

aegersz on February 11, 2020, 11:48:54 AM said
I followed your instructions and disabled the checkbox as required but the SA Chat mod still failes to run.

Any thoughts ?

All I could think about were the cookie changes and I have posted in the mod.

Ulibka on June 05, 2020, 09:17:48 AM said
I'm have SMF 2.017, default theme
I;m register user with russian letters : Иван

When I attempt to login (quick login, all login and password correct), password is 1234
Login redirect to index.php?action=login2 and I'm see: incorrect password


I'm input login +password and I'm can see forum

May be you know solution ?

Horme Gaming on June 05, 2020, 11:17:46 AM said

Ulibka on June 05, 2020, 03:07:38 PM said
I'm try to ask https://www.simplemachines.ru/ but nobody don't know answer.

Problem is that if you have login with 2 bytes UTF-8 - you need to login twice.

Kindred on June 05, 2020, 03:13:50 PM said
We know.

the fix has been published several times.

amd that site -- despite the name - is not an official SMF support site
Advertisement: