MyBB Community Forums

The user login sessions in our forum aren't maintained in Firefox and Internet Explorer. Users are forced to re-login each time to the forum even though the "Remember Me" option is checked. We've tested in Google Chrome in Windows and Linux, Konquerer in Linux, and the sessions are maintained properly in both of those. However, in any version of Internet Explorer or Firefox in any OS, the sessions are lost.

The following are the complete details of our forum:
URL: Never Die'58
Installation: New Of MyBB 1.6
Test user account: MyBBTest/password
Template: Royal Red
Plugins: Tapatalk, A2Detector, Akismet, Stop Forum Spam, and a couple of others. But the issue was present before these plugins were installed.

We've browsed through the official MyBB Community threads for various resolutions but none have been able to help us. Here's the key lines from our settings.php file:

Quote:$settings['cookiedomain'] = ".neverdie58.com";
$settings['cookiepath'] = "/community/";
$settings['cookieprefix'] = "";

The settings.php file itself has a CHMOD of 666 and is completely accessible. I've cross-verified the settings with the database and the DB values are exactly the same as above.

The following cookies are being set by our forum:

Quote:mybb[lastvisit] (1 year)
mybb[lastactive] (1 year)
loginattempts (1 year)
mybbuser (At end of session)
sid (At end of session)
adminsid (1 year)

The Firefox history settings is set to "Remember History", and is working fine with all other websites (including the MyBB Official Forums).

We're completely lost for ideas right now and any help would be greatly appreciated.

EDIT: My apologies for completely missing the glowing header post up top. I've now posted the issue there, this thread can be dealt with as appropriate.

I can verify that, at least the part about firefox.
I have reports of two members of my community (http://www.faer-eryn.de) using firefox 30.0 and experiencing the same problem.
I tried to confirm their problem with my own computer, but it works for me, even when i use that browser. I'm not at all sure what causes the difference.
Both my users who reported this are using FF 30.0 and have the german version installed (i have, too)

My forum uses Image Resizer & Optimizer with GD 2.0, Facebook profile link on Postbit 2.4, reCAPTCHA Plugin 1.1 and Registration Security Question 1.2 as plugins. Google SEO was installed once, but is deactivated for about 3 Months now. Reports started 2 weeks ago.

The problem manifests in that way that every login procedure is confirmed with "logged in correctly", but then, when the auto-reload refers to the start page, the user is called "guest" and does only have guests rights, even so he or she appears to be logged in to everyone else.
As the session is not correctly saved at the user's PC, he/she has to reenter Captcha code and everything with every login.

Deleting session variables in the forum ACP does not change anything, nor does deleting all cookies / sessions in Firefox.
As told above, cookie settings both in ACP and in settings.php seem to be correct:

$settings['cookiedomain'] = ".faer-eryn.de";
$settings['cookiepath'] = "/";
$settings['cookieprefix'] = "";

I also tried to delete settings.php as that help file said. Does anyone has another suggestion, please?

Thanks
Suse

@ZuMe: Have your users clear their cookies. Also make sure that users are using the correct URL before and after they log in. If your forum uses "faer-eryn.de" and was installed to the URL "faer-eryn.de" then they need to make sure they go to "faer-eryn.de" and not "www.faer-eryn.de" (they need to check their bookmarks too!)

@Balaji Sivaraman: You may need to have your users do the same thing ZuMe needs to have his users do. Make sure users are using the forum's installed URL. If it's "www" then make sure they include "www" and if it's not, make sure people are not including the "www" prefix. You also may need to have your users include your forum to their exceptions as "Allow" or "Always Allow." Their browser may be clearing all history for the session, excluding the "Always Allow" list.
Firefox Menu -> Options -> Options -> Privacy (tab)
Use custom permission for "History" and ensure to check "accept cookies from sites" then click on Exceptions and add neverdie58.com and click "Allow." You may close all option/setting windows for FireFox. If you know how to get the FireFox to accept wildcards, then use the wildcard for neverdie58.com. I'm not sure how FireFox and it's various flavors checks wildcards, so I'm using the exact domain you'll want to use for the forum.

Internet Explorer: open Internet Options. You can go to Control Panel (Classic View or All Control Panel Items) -> Internet Options -> Privacy (tab) -> Sites
Enter *.neverdie58.com then click "Allow". You may close Internet Options (Internet Properties) window and Control Panel.

@Cookies - i already did. I will try again with one of my users today, as i have deleted / refreshed settings.php yesterday night. Perhaps it will help.

@www./. - well, most providers in germany get you a routing of http://domain.de AND http://www.domain.de if you buy a domain. I frankly don't know which one my users are typing. I installed it using www., as i think it is the most common option, but i cannot keep all my users from leaving www. out (by intent or lazyness or whatnot...).
Is there no possibility to set cookies for both options by default? Would save a lot of trouble, right?

yours,
Suse

I am not replicating any issues on my test forum, and I use firefox all the time!

So please check that your browser is accepting cookies from the forum.

(2014-06-25, 06:44 AM)ZuMe Wrote: [ -> ]@Cookies - i already did. I will try again with one of my users today, as i have deleted / refreshed settings.php yesterday night. Perhaps it will help.

@www./. - well, most providers in germany get you a routing of http://domain.de AND http://www.domain.de if you buy a domain. I frankly don't know which one my users are typing. I installed it using www., as i think it is the most common option, but i cannot keep all my users from leaving www. out (by intent or lazyness or whatnot...).
Is there no possibility to set cookies for both options by default? Would save a lot of trouble, right?

yours,
Suse

Cookies work differently for www and non-www sites. Both could aesthetically be the same, but the "www" is an alias and treated like another domain. That's why it is important that users use the URL that the board was installed to if they continue to have any cookie-related issues. Since the board always redirects users to whatever you installed it to, users will always run into what looks like a "forced logout" problem when they use the wrong URL to login on. That's just how forum cookies work. Advise them to use the "www." in the URL if they want to use the site. If users can't add 4 additional characters to fix a problem, then there's really nothing more you can do for them without causing problems for those who already use the "www." in your domain when they visit your forum.