Announcement

Collapse
No announcement yet.

Information on cookies for privacy policy

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    I know what arrays are. However... I do not think cookies support arrays. I am pretty sure of it, actually.

    Run this script to test it:
    PHP Code:
    setcookie("myarray[0]""boo0"time()+900"/");
    setcookie("myarray[1]""boo1"time()+900"/");
    setcookie("myarray[2]""boo2"time()+900"/");
    setcookie("myarray[3]""boo3"time()+900"/");
    setcookie("myarray[4]""boo4"time()+900"/"); 
    Now check your cookies. You will find five seperate cookies set.

    Comment


    • #17
      You are correct however these are session cookies and will not overwrite or override the permanent cookies set.

      Also each site is allowed to set 4K worth of cookies with is a lot of threads. I have viewed my headers and had over 50 different cookies set for a vBulletin board.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API

      Comment


      • #18
        OK, play around with this code:
        PHP Code:
        if (isset($list)){
            if (isset(
        $firstcookie))
                echo 
        "\$firstcookie is set to $firstcookie<br>\n";

            if (
        is_array($curtimes)){
                while (list(
        $key$val) = each($curtimes)){
                    echo 
        "\$curtimes[$key] = $val<br>\n";
                }
            }
        }
        else{
            
        setcookie("firstcookie""first"time()+900);

            for (
        $i 0$i $maxtimes$i++){
                
        setcookie("curtimes[$i]""$i");
            }

        Notice that "firstcookie" is a permanent cookie.

        "curtimes[]" are session cookies

        1) use ?maxtimes=10 parameter to set the cookies. Then use ?list= parameter to display them. You will see 10 curtimes cookies and 1 firstcookie.

        2) Close all browser windows. Open the browser again and use ?list= parameter. You will see 0 curtimes cookies and 1 firstcookie.

        3) use ?maxtimes=20 parameter to set the cookies. Then use ?list= parameter to display them. You will see 20 curtimes cookies and 0 firstcookies.

        I am using IE 6 for the tests. I suspect other browsers do the same thing.

        There is a 20 cookie limit for a specific path/domain irrelevant of the type of cookie.

        So, in fact, the thread viewing cookies will destroy your older cookies as soon as you reach the limit. So, as soon as you reach 20 thread views, your log in info will be forgotten. This explains one of the user complaining because they were getting logged out with each thread view.

        I think this should be considered a bug. Personally, I removed the thread view cookie from my code.

        Comment


        • #19
          Hmm I view hundreds of threads a day on my forum and have never been logged out because of a missing cookie..

          I also use IE 6.0.
          Translations provided by Google.

          Wayne Luke
          The Rabid Badger - a vBulletin Cloud demonstration site.
          vBulletin 5 API

          Comment


          • #20
            I view the probably 200 to 300 new threads/posts each day here and I've never been logged out accidentally. Using IE6 (IE5.5 up until recently).

            Comment


            • #21
              Something does not make sense. Have you tried running the script I provided? What were the results?

              Are your user options set to "Browse board with cookies?"

              Comment


              • #22
                Of course.

                Comment


                • #23
                  I hate to bring up old threads (don't we all), but in my efforts to solve my cookie problems, I came across this thread and ran MiF's script.

                  I get the same results, running IE 6:

                  First time through:

                  Code:
                  $firstcookie is set to first
                  $curtimes[0] = 0
                  $curtimes[1] = 1
                  $curtimes[2] = 2
                  $curtimes[3] = 3
                  $curtimes[4] = 4
                  $curtimes[5] = 5
                  $curtimes[6] = 6
                  $curtimes[7] = 7
                  $curtimes[8] = 8
                  $curtimes[9] = 9
                  Second time through:

                  Code:
                  $curtimes[0] = 0
                  $curtimes[1] = 1
                  $curtimes[2] = 2
                  $curtimes[3] = 3
                  $curtimes[4] = 4
                  $curtimes[5] = 5
                  $curtimes[6] = 6
                  $curtimes[7] = 7
                  $curtimes[8] = 8
                  $curtimes[9] = 9
                  $curtimes[10] = 10
                  $curtimes[11] = 11
                  $curtimes[12] = 12
                  $curtimes[13] = 13
                  $curtimes[14] = 14
                  $curtimes[15] = 15
                  $curtimes[16] = 16
                  $curtimes[17] = 17
                  $curtimes[18] = 18
                  $curtimes[19] = 19
                  MiF, I noticed that you removed the threadview stuff from your code. Any side effects? What is it used for anyway? Getting desperate here .... willing to try anything to keep getting 50 emails a day from folks who can't seem to stay logged in.

                  Thanks in advance!

                  Cheers.
                  Scott
                  Incursus: (latin: clash, collision/attack, raid, foray, invasion)
                  We Create Thingz.

                  Comment


                  • #24
                    Originally posted by tubedogg
                    I'll go easy on you since you appear to not be a programmer.

                    bbthreadview is an array (and a cookie, but set that aside for a second).
                    bbthreadview[$threadid] is an element of the bbthreadview array. For each thread you visit, the thread has a threadid. The threadid is added as an element of the array. So it is just one cookie with an array of elements for the contents. The bbuserinfo cookie works the same way.
                    BTW, I feel a need to correct you here.

                    While PHP (and inheritantly, vBulletin) treats bbthreadview as an array, they are, indeed, separate cookies. They are an array by naming convention, and when PHP slurps down the cookies during a transaction, they are imported into PHP namespace as a single array. Nevertheless, the cookies are individual, one per thread. There is no such thing as a "cookie array element".

                    After some due diligence, it appears that the only thing they are really used for is to turn the lightbulbs on and off. If you can live without that, MiF's suggestion to just comment out the vbsetcookie line in showthread.php should solve the problem.

                    One approach that I am considering as a short-term solution until VB 3.0 is released, is to store the bbthreadview cookie as a serialized array, then unserialize it during page load, back into an array that vBulletin can deal with. Haven't worked the kinks out yet, but I don't see why it wouldn't work. The only limit there, of course, is the 4K limit per cookie. Then again, that would be around 800 thread IDs that you could store, which far surpasses the 20 now, but the limit is there nonetheless.

                    Cheers.
                    Scott
                    Incursus: (latin: clash, collision/attack, raid, foray, invasion)
                    We Create Thingz.

                    Comment


                    • #25
                      Well, that was quick. After some tinkering around I managed to create a test harness that served as a proof of concept. Seems to work fine. I'll try and incorporate this into the VB codebase tomorrow. If I can't get to it tomorrow, I'll get to it next week (going on vacation for a week starting on Friday).

                      Cheers.
                      Scott
                      Incursus: (latin: clash, collision/attack, raid, foray, invasion)
                      We Create Thingz.

                      Comment


                      • #26
                        Well, its been running for a day, and haven't gotten any emails from angry users yet. Time will tell. Here are the code changes, for those that are interested:

                        In global.php, find this line:

                        Code:
                        require('./admin/config.php');
                        Stick this somewhere before it:

                        Code:
                        // HACK - put here to solve the cookie/login issue. There is a 20-cookie / per-domain limit in
                        // most browsers.  The original bbthreadview cookie implementation in vBulletin, when ran over
                        // this limit, would hose the authentication cookie.  This is a fix. We serialize bbthreadview
                        // and save it as one (1) cookie, unserializing it for use here.
                        
                        $bbthreadview_unserialized_cookie = unserialize($_COOKIE['bbthreadview_serialized_cookie']);
                        
                        if($bbthreadview_unserialized_cookie) {
                          while(list($key, $val) = each($bbthreadview_unserialized_cookie)) {
                            $bbthreadview[$key] = $val;
                          }
                        }
                        
                        // END HACK
                        Next, in showthread.php, find this:

                        Code:
                        if ($bbuserinfo[cookieuser]) {
                          vbsetcookie("bbthreadview[$threadid]",time(),0);
                        }
                        REPLACE with this:

                        Code:
                        // Hack - cookie/login fix - see global.php for notes
                        if ($bbuserinfo[cookieuser]) {
                          $bbthreadview[$threadid] = time();
                          $ser = serialize($bbthreadview);
                          vbsetcookie("bbthreadview_serialized_cookie", $ser, 0);
                        }
                        // END
                        Your mileage may vary.

                        Cheers.
                        Scott
                        Incursus: (latin: clash, collision/attack, raid, foray, invasion)
                        We Create Thingz.

                        Comment

                        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                        Working...
                        X