MyBB Community Forums

Hi,

After submitting a form with type="post" from an external website, the user is not logged in anymore!
For example you can login into https://community.mybb.com/ forum and then use the following form in your website:

<!DOCTYPE html>
<html>
<body>
<h2>HTML Form</h2>
<form action="https://community.mybb.com/index.php" method="post">
<input type="submit" value="Submit">
</form>
</body>
</html>

you can see that after submitting the form, you are not logged in anymore!

You can check it from here.

How can I solve this problem? My forum is linked to a website which posts some information to my forum and I need the user credentials when he/she has submitted the form.

your Cookie Domain is set? if yes  remove it , if problem not solved ,send data to Destination website then login

(2021-07-15, 08:55 AM)Mostafa.Shiraali Wrote: [ -> ]your Cookie Domain is set? if yes  remove it , if problem not solved ,send data to Destination website then login

Everything is OK. The problem only occurs while using method=post.
There's no problem with a form without this parameter. You can check it here (a form without method=post).

Add this at the beginning of your PHP file:

header("access-control-allow-origin: *");

(2021-07-15, 09:36 AM)Mostafa.Shiraali Wrote: [ -> ]Add this at the beginning of your PHP file:

header("access-control-allow-origin: *");

Thank you, but didn't work.

The user status is determined by a cookie that may be set with a SameSite=Lax attribute, controlled by the SameSite Cookie Flag setting.

With the attribute set, users will appear as guests following POST requests that are cross-site: https://web.dev/same-site-same-origin/#s...cross-site

You can keep the setting enabled (as recommended) as long as the <form> is placed within the same site as the target forum.

Note that depending on what actions you expect MyBB (or plugins) to take, an Authorization code mismatch error may also appear if the my_post_key token is not included.