Phpbb: Members Have to Login Each Visit

apps

#1

I moved my forum to DH’s a few weeks ago and since then members continue to contact me each day saying that they have to enter their login details each time they come back to the forum. I also have the same problem but a couple of members I spoke to are not having the issue.

This is causing severe problems for my forum that has taken 3 years to develop and reach the 4k member mark and now it looks to be falling apart and I have run out of options on what to do.

I have posted in the Phpbb forums and no one there can help and after trying every possible fix for it I have been told it must be my hosting company.

Dreamhosts don’t want to know about it, in fact I have waited days to hear back from them after supplying all my administration details so they can login and check it out.

They said they don’t have the problem and have basicaly told me they don’t want to help and its nothing to do with them and in fact were quite insulting and suggested that they won’t help with content etc and I never asked for help with content so I don’t kow what they are on about. They also told me because they can login that I don’t have a problem but it is the member who has an issue, even after I explained that it is happening to MOST of my members…

I’m sure I’m wasting my time even posting this thread if it’s anything to do with DH’s but I will give it a shot and maybe i will find someone not part of DHs that might help.


#2

It sounds very much like a session/cookie issue. When you “moved” your forum, did you migrate your code base (use your existing code from the other account), or just your data (re-installed PhpBB and loaded the database with existing data)?

Post a url, or PM me with a url and credentials for a “dummy” account, and I’ll take a look and test it out.

–rlparker


#3

Doing a quick google let me to your thread on the phpBB forums, which stated, in part:

[quote]We were using Windows server but now moved to Unix.

Here are our forum settings…

Domain Name: www.productionforums.com
Server Port: 80
Script path: /
Cookie secure: Disabled
Cookie domain: .productionforums.com
Cookie path: /
Cookie name: productionforums
Session length [ seconds ]: 3600
Allow automatic logins: Yes
Automatic login key expiry: 0[/quote]
I logged on to your forum, did a few tests, and inspected the cookies that were generated. I’m convinced the problem is in the way you have configured the “Cookie Domain” above Why the “.”? There is a lot of discussion on various phpBB forum sites about that setting, and it needing to closely match the domain (some even insisting that the “www” needs to be there, if that is how the domain is structured). Granted, you may have told Dreahost to serve the site “with or without” the “www”, and it does, but by setting the “www” as part of the domain name in the config, cookies may not be properly recognized if you only surf to http://productionforums.com.

I suggest you browse to a few sites on your computer where the “autologin” function is working for you, and then inspect the cookies they leave in your browser, and compare that to what you site, as it configured now, leaves.

Not being a very experienced phpBB user, I’m not 100% sure, but I’m willilng to bet if you “tune” the “cookie domain” (and possibly path) you will be good to go.

BTW, you should understand that this kind of support for “3rd party software” is not something that is the responsibility of DH tech support to sort out for you, so you might be a little less “harsh” about the fact they didn’t fix it for you. :wink:

–rlparker
Not a Dreamhost Employee

–rlparker


#4

hello rlparker,

yeah it has to be something to do with that, I ran two mods to see if I can fix it which were:

starfoxtj’s Admin Toolkit & the Auto Cookies MOD

made no difference.

here is my current cookie settings:

Domain Name: www.productionforums.com
Server Port: 80
Script path: /
Cookie secure: Disabled
Cookie domain: .productionforums.com
Cookie path: /
Cookie name: productionforums
Session length [ seconds ]: 3600
Allow automatic logins: Yes
Automatic login key expiry: 0

I’m wondering if it is something to do with DH’s MySql version + using the latest phpbb version and them not been compatible?

I decided to upgrade as I moved, I was using 2.0.17 but now upgraded to the latest version 2.0.21 & I tossed out all the old code which was a bit of a mess with too many mods etc anyway and started fresh using the database. I have been planning to add the design back how it was though but I haven’t done anything until I sort the login issue out.

I exported the database & all data except for “phpbb_users_cache” & “phpbb_search_wordmatch” data and just used the structure for them tables.

The last host was windows in case you need to know that and it can help.

Here is a user account I made for DH’s so you can login as a member… I will close that account later once we have worked this out - if we do!

login: dreamhost
pass: dreamhost5

There are no other issues with the move & upgrade besides this login problem.

thanks for offering to help, it is much appreciated


#5

It looks like you posted as I was writing so I will read the rest of your new post and try out any suggestions and post straight back, thanks…


#6

Sorry abou9t the “cross-post” - We were both typing at the same time :wink:

That is always possible, as is the PHP4/PHP5 issue - luckily, at DH, you can easily change between PHP4 and PHP5 for testing (see the panel->ManageDomains->edit) to see if that has any impact.

It could also be that something got “twisted” in importing the data from one version of MySQL to the other (DH has several different version of MySQL running - YMMV).

Thanks for sending the account info - I’ve already made a “testing account” on your site - so you may want to “kill” that account.

Is it possible that there are “collisions” with you /your existing users with identically named cookies remaining on their computers? I know that sounds wierd, but does the PhpBB database contain a combination IP/cookie string, or implement some type of session/cookie correlation (I have not studied the code, but hought I would ask in case you have).

I’m thinking the first thing I would try is to set the Cookie Domain to “www.yourdomain.com”, do “the cookie dance”, and test again…then I would try putting a full path in there (something like /home/user/yourdomain.com/ if that is the path to your install)

I know it is frustrating, but I really think this can be fixed, so don’t be discouraged even though it must be frustrating to have wrestled with this for days :wink:
–rlparker


#7

I made the following changes:

I took the www out of the Cookie Domain and ran a test (making sure to always delete all cookies & internet files as i jump between these tests).

that made no difference so I also tryed that with also taking the dot out of the Cookie Name and that made no difference. I used similar settings like that in past and I have often read it is better to use the .dot & www but it would be good to know what really is the best?

yes i have seen that before, ok I might try that shortly…

It could also be that something got “twisted” in importing the data from one version of MySQL to the other[/quote]

yeah it wouldn’t surprise me from my experience doing this in past from server to server or server to local host etc…

[quote]
Is it possible that there are “collisions” with you /your existing users with identically named cookies remaining on their computers? I know that sounds wierd, but does the PhpBB database contain a combination IP/cookie string, or implement some type of session/cookie correlation (I have not studied the code, but hought I would ask in case you have).[/quote]
I’m not exactly sure what you mean for sure, can you break that question down further & simplify it more and maybe I can return the answers… (let me try all the other things first & we can come back to that if needed)

[quote]
I’m thinking the first thing I would try is to set the Cookie Domain to “www.yourdomain.com”, do “the cookie dance”, and test again…then I would try putting a full path in there (something like /home/user/yourdomain.com/ if that is the path to your install)[/quote]

Ok, i will try this too right now…


#8

I think what I’m suggesting is that you try it with “Domain Name” and “Cookie Domain” being identical


Domain Name: www.productionforums.com <---------
Server Port: 80
Script path: /
Cookie secure: Disabled
Cookie domain: www.productionforums.com <---------
Cookie path: /
Cookie name: productionforums
Session length [ seconds ]: 3600
Allow automatic logins: Yes
Automatic login key expiry: 0


Good Luck!
–rlparker


#9

Ok I understand, will try that if all else fails.

What I have done is tried the path thing… that never worked and I did even try several variations

I then changed the database to php4 from 5 and will see what happens, it takes 5-10 minutes apparentaly for it to change and will post after that with results plus i will try that other suggestion above if it doesn’t work.

btw, did you also get the login issue when you registered & left the site to come back & have to login again?


#10

Yes, I did - it obviously wasn’t recognizing the cookie (I was testing using Firefox 1.5.0.6). The cookie was there, but the site wasn’t recognizing it.

–rlparker


#11

[quote] Yes, I did - it obviously wasn’t recognizing the cookie (I was testing using Firefox 1.5.0.6). The cookie was there, but the site wasn’t recognizing it.[quote]

ok i see.

Well anyway, I changed to MySql 4 and it never made any difference, I also tried the cookie/domain thing and still no luck.

damn, this is a pain, I really am so thankful for your help, I know there is little left as for options now. i have returned it to Mysql 5 for now… plus i tried the cookie & domain sugestion, even ran the cookie mod again using complete defaut settings and still no luck.

I’m wondering now after thinking about it if it is something to do with how the forum was updated to the latest versions plus using a new host which does have very tight security, much too tight for my liking as I have had another bunch of sites I cant run here as they don’t allow external XML in the normal way and other sites I can’t edit if becuase I have to mod the code to allow for apostropes and lots of other anoying things which I plan to work around soon but have had no time yet.

so I’m thinking with all these updates then maybe the secutiy requirements for the browser changes dramitcally which is effecting most users but not all. maybe changing IE or ff secutiy settings could fix it, or maybe there is a setting in the members forum profile that is effected since it does work when I use the admin profile but not any other normal member profiles. Taking into account also that a few members I spoke to are not been effected? I’m testing in both ie & ff all the way.

I have to go to sleep, past midnight here, i will have to have another go at this in the morning.

thanks a lot for trying to help.


#12

hello, if anyone can offer anymore ideas or suggestions it would be appreciated. It’s a new day here, I just hope I can find a solution to this problem today. If you have any ideas on what I could do and it doesn’t matter how silly it sounds then please let me know as I have run out of options now.

What would you do in this situation?


#13

I just “woke up” myself - and I think I’ll try a “test” installation via “one-click”, and see if a “new” site exhibits the same issue…I’m still thinking it might have something to do with the imported tables, or just a “bug” in the latest phpbb release (it has been known to happen!)

Only problem is, the panel is “unresponsive” at present, so this probably won’t happen until it “rolls over and stands up” (since it is now “paws/teats up” :wink: )

sigh
–rlparker


#14

hey that would be good if you ran a test installation. I look forward to hearing back on it.

I have been looking for more ideas but nothing yet.

Mine was not a one click install because I don’t use a folder …i.e. /forum/ but I run the forum in the top level. Using the one click install would not allow that, i have wondered if this has something to do with it?

I do run a number of other forums on DHs which are not having this issue but they are not on new phpb version either.


#15

I know what you mean, I have often found the DH’s panel unavailable.

I’m also now having problems with the speed of my sites on DH’s, it’s taking ages browsing my sites and other sites are fine that are not using DH’s.

I was going to upgrade another forum I have on DH’s that was also imported but never upgraded. So I’m going to upgrade it and it’s not that busy so it’s not as critical if this problem happpens on it after the upgrade… it will be interesting to see what happens.

I will keep trying to do this & post back…


#16

How did you go?

I have just found out that the members who I thought were not effected were actually wrong it seems, So it looks like every member has to login after closing the browser window. This does not happen for the admin login and that is the only member not effected by the looks.

Can anyone else help, offer any ideas even?


#17

Sorry for the delay in getting back to you…I got a little “busy”. I did do the test install, and it does not automatically log a user back in, irrespective of whether or not the “box” is checked.

I played with it quite a while, and also ran a few different “googles” looking for places other than the phpbb forum for leads, and having done that, I think it is a “general problem” or “known issue” with the most recent phpbb. I don’t see a fix anywhere.

It also occurred to me, as I was researching this further, that I don’t want that functionality - I see it as a security risk. To me, having the cookie/session “remember” you once logged in is one thing, having it “automatically log me in” if I log out and revisit from the same computer is dangerous, as it ties the authorization to the “machine” instead of the “user”.

The cookie/session does remember me if I close the browser without logging out - which is also a risk, but to my way of thinking meets the purpose. If I want to “be recognized”, I just don’t log out…if not, I log out. Just my thoughts and, of course, YMMV.

–rlparker


#18

hi, ok thanks for getting back to me.

It looks like there is a little confusion and I will try to clarify:

I only want the member to be logged back in if they didn’t logout and they select the “remember” option.

I have always only ever wanted that and I agree that it would be wrong to do it any other way. But the problem is that my members are not logged back in at all.


#19

I understand now. Just went back to my test installation and did a few more tests:

  1. It does remember the the logged in status of the administrator when closing all browsers while logged in and returning.

  2. It *does * remember the logged in status of the regular user if all browser windows are closed while the regular user is logged in, and returns with a new instance of the browser.

Now, that is not the same as the message “log me on automatically each visit” implies, because when the user “logs out” and returns it does not log them in “automagically”(which is why I say it is “broken”) but I’m glad it doesn’t!

If you want to have some real fun, try loggin in as more than one user from the same computer - you will see some real wierdness.

I used two different computers for the test, Firefox 1.5.0.6, and IE 6- whatever.

Settings:

Script Path: /phpbb/ (forum installed in mydomain.com/phpbb)
Cookie Domain: (blank)
Cookie Name: phpbb2mysql
Cookie Path: /
Cookie Secure: (disabled)
Session Length: 3600 (seconds)

–rlparker


#20

Hi, yes the admin login is the only one that works for me. If I use a normal member login and have it remembered to be logged in on return it won’t work and this is the problem for all our members that’s using the “log me on automatically each visit”.

So I’m still not any closer to getting this fixed, I have no idea what to do anymore?

I also have the same problem when testing on my own local server so it looks like we can not blame DH’s for this.