[Rejected] 1.8.20 login unreliable
#11
Okay although this is not really a bug i'd like to share the solution I found.

The issue was as I already said independent of a forum theme (same with default theme).
When I inspected how the post_key is generated and validated I considered that it's always dependent on the cookie "sid" ($session->sid) which changed in the MyBB 1.8.20 update (before 1.8.20 the key was generated with $session->useragent instead).

If you have two MyBB forums with the same domain but different subdomain (e.g. forum.com and dev.forum.com), the cookies are somehow used crosssitewise even if the cookie-domain in ACP settings are set to forum.com instead of .forum.com (as it is recommended).

Is it intended that when I look up my browser cookies, the cookie domain is .forum.com even though I have forum.com (without leading dot) set in the ACP settings?
Reply
#12
What you really should do is use the setting for cookie prefix to make sure both of your forums have a different prefix. I suspect you probably have other issues with users who are on both forums due to this.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)