User/Mods/Admin cookies timeout
1master1 Offline
Member
***
Posts: 232
Joined: Oct 2010
Post: #1
User/Mods/Admin cookies timeout
I had seen that, people are able to login to the site automatically with there old user cookies. How can we control the User/Mods/Admin cookies timeout?
It isn't a good idea for the user cookies lasting for long time, as if they failed to logout of the site, the next users can be able to open the site with their account automatically.
10-26-2010 09:37 PM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #2
RE: User/Mods/Admin cookies timeout
The "Remember Me" checkbox added in 1.6 really should be unticked by default.
(yes, I added in that feature, but whoever wrote up the list of features specifically said to tick it by default, and when I suggested otherwise, I was ignored)

Otherwise, requires a code change.  Search for a header("Set-Cookie: ...") call in member.php somewhere.
I assume you're resourceful enough to search up on the syntax of the HTTP header.  If not, Google is your friend.

My Blog
(This post was last modified: 10-26-2010 10:34 PM by ZiNgA BuRgA.)
10-26-2010 10:33 PM
Find all posts by this user Quote this message in a reply
1master1 Offline
Member
***
Posts: 232
Joined: Oct 2010
Post: #3
RE: User/Mods/Admin cookies timeout
I found these two codes that comprises of user cookie in member.php

Code:
1
2
3
4
5
6
7
8
9
10
11
12
my_unsetcookie("mybbuser");
	my_unsetcookie("sid");
	if($mybb->user['uid'])
	{
		$time = TIME_NOW;
		$lastvisit = array(
			"lastactive" => $time-900,
			"lastvisit" => $time,
		);
		$db->update_query("users", $lastvisit, "uid='".$mybb->user['uid']."'");
		$db->delete_query("sessions", "sid='".$session->sid."'");
	}

Code:
1
2
3
4
5
6
7
8
9
10
		if($mybb->input['remember'] != "yes")
		{
			$remember = -1;
		}
		else
		{
			$remember = null;
		}
		my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true);
		my_setcookie("sid", $session->sid, -1, true);

which one to edit now to decrease or disable the cookie time limit.

10-27-2010 01:22 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #4
RE: User/Mods/Admin cookies timeout
Most likely one that sets the "mybbuser" cookie.  Check how the my_setcookie function works.

My Blog
10-27-2010 08:58 AM
Find all posts by this user Quote this message in a reply

« Next Oldest | Next Newest »

 Standard Tools
Forum Jump: