Announcement

**MiF** · Tue 11 Sep '01, 6:22am

I know what arrays are. However... I do not think cookies support arrays. I am pretty sure of it, actually.

Run this script to test it:

PHP Code:


setcookie("myarray[0]", "boo0", time()+900, "/");

setcookie("myarray[1]", "boo1", time()+900, "/");

setcookie("myarray[2]", "boo2", time()+900, "/");

setcookie("myarray[3]", "boo3", time()+900, "/");

setcookie("myarray[4]", "boo4", time()+900, "/");

Now check your cookies. You will find five seperate cookies set.

**Wayne Luke** · Tue 11 Sep '01, 10:31am

You are correct however these are session cookies and will not overwrite or override the permanent cookies set.

Also each site is allowed to set 4K worth of cookies with is a lot of threads. I have viewed my headers and had over 50 different cookies set for a vBulletin board.

**MiF** · Tue 11 Sep '01, 2:31pm

OK, play around with this code:

PHP Code:


if (isset($list)){

    if (isset($firstcookie))

        echo "\$firstcookie is set to $firstcookie<br>\n";



    if (is_array($curtimes)){

        while (list($key, $val) = each($curtimes)){

            echo "\$curtimes[$key] = $val<br>\n";

        }

    }

}

else{

    setcookie("firstcookie", "first", time()+900);



    for ($i = 0; $i < $maxtimes; $i++){

        setcookie("curtimes[$i]", "$i");

    }

}

Notice that "firstcookie" is a permanent cookie.

"curtimes[]" are session cookies

1) use ?maxtimes=10 parameter to set the cookies. Then use ?list= parameter to display them. You will see 10 curtimes cookies and 1 firstcookie.

2) Close all browser windows. Open the browser again and use ?list= parameter. You will see 0 curtimes cookies and 1 firstcookie.

3) use ?maxtimes=20 parameter to set the cookies. Then use ?list= parameter to display them. You will see 20 curtimes cookies and 0 firstcookies.

I am using IE 6 for the tests. I suspect other browsers do the same thing.

There is a 20 cookie limit for a specific path/domain irrelevant of the type of cookie.

So, in fact, the thread viewing cookies will destroy your older cookies as soon as you reach the limit. So, as soon as you reach 20 thread views, your log in info will be forgotten. This explains one of the user complaining because they were getting logged out with each thread view.

I think this should be considered a bug. Personally, I removed the thread view cookie from my code.

**Wayne Luke** · Tue 11 Sep '01, 3:29pm

Hmm I view hundreds of threads a day on my forum and have never been logged out because of a missing cookie..

I also use IE 6.0.

**tubedogg** · Tue 11 Sep '01, 11:22pm

I view the probably 200 to 300 new threads/posts each day here and I've never been logged out accidentally. Using IE6 (IE5.5 up until recently).

**MiF** · Wed 12 Sep '01, 1:34pm

Something does not make sense. Have you tried running the script I provided? What were the results?

Are your user options set to "Browse board with cookies?"

**tubedogg** · Wed 12 Sep '01, 8:28pm

Of course.

**unixman** · Wed 14 Aug '02, 9:11pm

I hate to bring up old threads (don't we all), but in my efforts to solve my cookie problems, I came across this thread and ran MiF's script.

I get the same results, running IE 6:

First time through:

Code:

$firstcookie is set to first
$curtimes[0] = 0
$curtimes[1] = 1
$curtimes[2] = 2
$curtimes[3] = 3
$curtimes[4] = 4
$curtimes[5] = 5
$curtimes[6] = 6
$curtimes[7] = 7
$curtimes[8] = 8
$curtimes[9] = 9

Second time through:

Code:

$curtimes[0] = 0
$curtimes[1] = 1
$curtimes[2] = 2
$curtimes[3] = 3
$curtimes[4] = 4
$curtimes[5] = 5
$curtimes[6] = 6
$curtimes[7] = 7
$curtimes[8] = 8
$curtimes[9] = 9
$curtimes[10] = 10
$curtimes[11] = 11
$curtimes[12] = 12
$curtimes[13] = 13
$curtimes[14] = 14
$curtimes[15] = 15
$curtimes[16] = 16
$curtimes[17] = 17
$curtimes[18] = 18
$curtimes[19] = 19

MiF, I noticed that you removed the threadview stuff from your code. Any side effects? What is it used for anyway? Getting desperate here .... willing to try anything to keep getting 50 emails a day from folks who can't seem to stay logged in.

Thanks in advance!

Cheers.
Scott

**unixman** · Wed 14 Aug '02, 9:54pm

Originally posted by tubedogg
I'll go easy on you since you appear to not be a programmer.

bbthreadview is an array (and a cookie, but set that aside for a second).
bbthreadview[$threadid] is an element of the bbthreadview array. For each thread you visit, the thread has a threadid. The threadid is added as an element of the array. So it is just one cookie with an array of elements for the contents. The bbuserinfo cookie works the same way.

BTW, I feel a need to correct you here.

While PHP (and inheritantly, vBulletin) treats bbthreadview as an array, they are, indeed, separate cookies. They are an array by naming convention, and when PHP slurps down the cookies during a transaction, they are imported into PHP namespace as a single array. Nevertheless, the cookies are individual, one per thread. There is no such thing as a "cookie array element".

After some due diligence, it appears that the only thing they are really used for is to turn the lightbulbs on and off. If you can live without that, MiF's suggestion to just comment out the vbsetcookie line in showthread.php should solve the problem.

One approach that I am considering as a short-term solution until VB 3.0 is released, is to store the bbthreadview cookie as a serialized array, then unserialize it during page load, back into an array that vBulletin can deal with. Haven't worked the kinks out yet, but I don't see why it wouldn't work. The only limit there, of course, is the 4K limit per cookie. Then again, that would be around 800 thread IDs that you could store, which far surpasses the 20 now, but the limit is there nonetheless.

Cheers.
Scott

**unixman** · Wed 14 Aug '02, 10:06pm

Well, that was quick. After some tinkering around I managed to create a test harness that served as a proof of concept. Seems to work fine. I'll try and incorporate this into the VB codebase tomorrow. If I can't get to it tomorrow, I'll get to it next week (going on vacation for a week starting on Friday).

Cheers.
Scott

**unixman** · Thu 15 Aug '02, 1:18pm

Well, its been running for a day, and haven't gotten any emails from angry users yet. Time will tell. Here are the code changes, for those that are interested:

In global.php, find this line:

Code:

require('./admin/config.php');

Stick this somewhere before it:

Code:

// HACK - put here to solve the cookie/login issue. There is a 20-cookie / per-domain limit in
// most browsers.  The original bbthreadview cookie implementation in vBulletin, when ran over
// this limit, would hose the authentication cookie.  This is a fix. We serialize bbthreadview
// and save it as one (1) cookie, unserializing it for use here.

$bbthreadview_unserialized_cookie = unserialize($_COOKIE['bbthreadview_serialized_cookie']);

if($bbthreadview_unserialized_cookie) {
  while(list($key, $val) = each($bbthreadview_unserialized_cookie)) {
    $bbthreadview[$key] = $val;
  }
}

// END HACK

Next, in showthread.php, find this:

Code:

if ($bbuserinfo[cookieuser]) {
  vbsetcookie("bbthreadview[$threadid]",time(),0);
}

REPLACE with this:

Code:

// Hack - cookie/login fix - see global.php for notes
if ($bbuserinfo[cookieuser]) {
  $bbthreadview[$threadid] = time();
  $ser = serialize($bbthreadview);
  vbsetcookie("bbthreadview_serialized_cookie", $ser, 0);
}
// END

Your mileage may vary.

Cheers.
Scott

Announcement

Information on cookies for privacy policy

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment