MyBB Hacks / Coding / Quick question re: MyBB's cookies.

 Quick question re: MyBB's cookies.
Firefox Wins Offline
Member
***
Posts: 164
Joined: Mar 2008
Post: #1
Quick question re: MyBB's cookies.
EDIT: I figured it out answer @ the end...
^^^

Forum 1
directory = bb  &  Cookie path intentionally set to root (/), for integration w/ other pages.
Root (/) setting not causing any obvious problems.

Forum 2
directory = forum (for example)
Cookie path also set to (/)

An unmodified login at Forum 1 sets cookies and enters MyBB session data, in the 'sessions' DB table.

Question 1)
Does MyBB use the session data in the database for security related to logins?
(i.e "verified sessions" / cookies based on encrypted session values, or something similar)
  • When both forums on the same domain use (/) for the cookie path, then I'm getting a 'cheap and easy' SSO (Single-Sign-On), into both forums.

Question 2)
Forum 2 is allowing me to be logged in even though the 'verified session' occurred with Forum 1. How is this possible, and / or where is the protection from session hijacking or 'phony' cookies?

Thank you.


EDIT:
  • Security is based on the login key. This 'cheap and easy' SSO only works if the user has the same login key in both DB's.
  • This is pretty cool feature to play with  Smile
(This post was last modified: 02-14-2011 03:48 AM by Firefox Wins.)
02-14-2011 03:33 AM
Find all posts by this user Quote this message in a reply

« Next Oldest | Next Newest »

Messages In This Thread
Quick question re: MyBB's cookies. - Firefox Wins - 02-14-2011 03:33 AM

Threaded Mode | Linear Mode
 Standard Tools
Forum Jump:



Contact Us | MyBB Hacks | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication