Announcement

Collapse
No announcement yet.

Information on cookies for privacy policy

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • unixman
    replied
    Well, its been running for a day, and haven't gotten any emails from angry users yet. Time will tell. Here are the code changes, for those that are interested:

    In global.php, find this line:

    Code:
    require('./admin/config.php');
    Stick this somewhere before it:

    Code:
    // HACK - put here to solve the cookie/login issue. There is a 20-cookie / per-domain limit in
    // most browsers.  The original bbthreadview cookie implementation in vBulletin, when ran over
    // this limit, would hose the authentication cookie.  This is a fix. We serialize bbthreadview
    // and save it as one (1) cookie, unserializing it for use here.
    
    $bbthreadview_unserialized_cookie = unserialize($_COOKIE['bbthreadview_serialized_cookie']);
    
    if($bbthreadview_unserialized_cookie) {
      while(list($key, $val) = each($bbthreadview_unserialized_cookie)) {
        $bbthreadview[$key] = $val;
      }
    }
    
    // END HACK
    Next, in showthread.php, find this:

    Code:
    if ($bbuserinfo[cookieuser]) {
      vbsetcookie("bbthreadview[$threadid]",time(),0);
    }
    REPLACE with this:

    Code:
    // Hack - cookie/login fix - see global.php for notes
    if ($bbuserinfo[cookieuser]) {
      $bbthreadview[$threadid] = time();
      $ser = serialize($bbthreadview);
      vbsetcookie("bbthreadview_serialized_cookie", $ser, 0);
    }
    // END
    Your mileage may vary.

    Cheers.
    Scott

    Leave a comment:


  • unixman
    replied
    Well, that was quick. After some tinkering around I managed to create a test harness that served as a proof of concept. Seems to work fine. I'll try and incorporate this into the VB codebase tomorrow. If I can't get to it tomorrow, I'll get to it next week (going on vacation for a week starting on Friday).

    Cheers.
    Scott

    Leave a comment:


  • unixman
    replied
    Originally posted by tubedogg
    I'll go easy on you since you appear to not be a programmer.

    bbthreadview is an array (and a cookie, but set that aside for a second).
    bbthreadview[$threadid] is an element of the bbthreadview array. For each thread you visit, the thread has a threadid. The threadid is added as an element of the array. So it is just one cookie with an array of elements for the contents. The bbuserinfo cookie works the same way.
    BTW, I feel a need to correct you here.

    While PHP (and inheritantly, vBulletin) treats bbthreadview as an array, they are, indeed, separate cookies. They are an array by naming convention, and when PHP slurps down the cookies during a transaction, they are imported into PHP namespace as a single array. Nevertheless, the cookies are individual, one per thread. There is no such thing as a "cookie array element".

    After some due diligence, it appears that the only thing they are really used for is to turn the lightbulbs on and off. If you can live without that, MiF's suggestion to just comment out the vbsetcookie line in showthread.php should solve the problem.

    One approach that I am considering as a short-term solution until VB 3.0 is released, is to store the bbthreadview cookie as a serialized array, then unserialize it during page load, back into an array that vBulletin can deal with. Haven't worked the kinks out yet, but I don't see why it wouldn't work. The only limit there, of course, is the 4K limit per cookie. Then again, that would be around 800 thread IDs that you could store, which far surpasses the 20 now, but the limit is there nonetheless.

    Cheers.
    Scott

    Leave a comment:


  • unixman
    replied
    I hate to bring up old threads (don't we all), but in my efforts to solve my cookie problems, I came across this thread and ran MiF's script.

    I get the same results, running IE 6:

    First time through:

    Code:
    $firstcookie is set to first
    $curtimes[0] = 0
    $curtimes[1] = 1
    $curtimes[2] = 2
    $curtimes[3] = 3
    $curtimes[4] = 4
    $curtimes[5] = 5
    $curtimes[6] = 6
    $curtimes[7] = 7
    $curtimes[8] = 8
    $curtimes[9] = 9
    Second time through:

    Code:
    $curtimes[0] = 0
    $curtimes[1] = 1
    $curtimes[2] = 2
    $curtimes[3] = 3
    $curtimes[4] = 4
    $curtimes[5] = 5
    $curtimes[6] = 6
    $curtimes[7] = 7
    $curtimes[8] = 8
    $curtimes[9] = 9
    $curtimes[10] = 10
    $curtimes[11] = 11
    $curtimes[12] = 12
    $curtimes[13] = 13
    $curtimes[14] = 14
    $curtimes[15] = 15
    $curtimes[16] = 16
    $curtimes[17] = 17
    $curtimes[18] = 18
    $curtimes[19] = 19
    MiF, I noticed that you removed the threadview stuff from your code. Any side effects? What is it used for anyway? Getting desperate here .... willing to try anything to keep getting 50 emails a day from folks who can't seem to stay logged in.

    Thanks in advance!

    Cheers.
    Scott

    Leave a comment:


  • tubedogg
    replied
    Of course.

    Leave a comment:


  • MiF
    replied
    Something does not make sense. Have you tried running the script I provided? What were the results?

    Are your user options set to "Browse board with cookies?"

    Leave a comment:


  • tubedogg
    replied
    I view the probably 200 to 300 new threads/posts each day here and I've never been logged out accidentally. Using IE6 (IE5.5 up until recently).

    Leave a comment:


  • Wayne Luke
    replied
    Hmm I view hundreds of threads a day on my forum and have never been logged out because of a missing cookie..

    I also use IE 6.0.

    Leave a comment:


  • MiF
    replied
    OK, play around with this code:
    PHP Code:
    if (isset($list)){
        if (isset(
    $firstcookie))
            echo 
    "\$firstcookie is set to $firstcookie<br>\n";

        if (
    is_array($curtimes)){
            while (list(
    $key$val) = each($curtimes)){
                echo 
    "\$curtimes[$key] = $val<br>\n";
            }
        }
    }
    else{
        
    setcookie("firstcookie""first"time()+900);

        for (
    $i 0$i $maxtimes$i++){
            
    setcookie("curtimes[$i]""$i");
        }

    Notice that "firstcookie" is a permanent cookie.

    "curtimes[]" are session cookies

    1) use ?maxtimes=10 parameter to set the cookies. Then use ?list= parameter to display them. You will see 10 curtimes cookies and 1 firstcookie.

    2) Close all browser windows. Open the browser again and use ?list= parameter. You will see 0 curtimes cookies and 1 firstcookie.

    3) use ?maxtimes=20 parameter to set the cookies. Then use ?list= parameter to display them. You will see 20 curtimes cookies and 0 firstcookies.

    I am using IE 6 for the tests. I suspect other browsers do the same thing.

    There is a 20 cookie limit for a specific path/domain irrelevant of the type of cookie.

    So, in fact, the thread viewing cookies will destroy your older cookies as soon as you reach the limit. So, as soon as you reach 20 thread views, your log in info will be forgotten. This explains one of the user complaining because they were getting logged out with each thread view.

    I think this should be considered a bug. Personally, I removed the thread view cookie from my code.

    Leave a comment:


  • Wayne Luke
    replied
    You are correct however these are session cookies and will not overwrite or override the permanent cookies set.

    Also each site is allowed to set 4K worth of cookies with is a lot of threads. I have viewed my headers and had over 50 different cookies set for a vBulletin board.

    Leave a comment:


  • MiF
    replied
    I know what arrays are. However... I do not think cookies support arrays. I am pretty sure of it, actually.

    Run this script to test it:
    PHP Code:
    setcookie("myarray[0]""boo0"time()+900"/");
    setcookie("myarray[1]""boo1"time()+900"/");
    setcookie("myarray[2]""boo2"time()+900"/");
    setcookie("myarray[3]""boo3"time()+900"/");
    setcookie("myarray[4]""boo4"time()+900"/"); 
    Now check your cookies. You will find five seperate cookies set.

    Leave a comment:


  • tubedogg
    replied
    I'll go easy on you since you appear to not be a programmer.

    bbthreadview is an array (and a cookie, but set that aside for a second).
    bbthreadview[$threadid] is an element of the bbthreadview array. For each thread you visit, the thread has a threadid. The threadid is added as an element of the array. So it is just one cookie with an array of elements for the contents. The bbuserinfo cookie works the same way.

    Leave a comment:


  • MiF
    replied
    The code is:
    PHP Code:
      vbsetcookie("bbthreadview[$threadid]",time(),0); 
    So, it sets cookies named "bbthreadview[1]", "bbthreadview[2]", etc. for each thread I visit. With numbers corresponding to the threads I visit, of course.

    Leave a comment:


  • MiF
    replied
    Well, it sets bbthreadview[threadid] cookie for each thread I visit. There is a limit on the number of cookies. I believe it to be 20. I don't remember if it's 20 for permanent cookies only or 20 overall, permanent and session cookies.

    Anyway, this would explain why I was getting logged out of my site. 3 cookies for my site, 2 cookies for vB and it's not hard to visit 15 threads in 1 session. It would also explain why the logging out was not consistant.

    Leave a comment:


  • tubedogg
    replied
    No no no - you have a *line* in the (singular) bbthreadview cookie for every thread you've read.

    I don't know if there is a limit or not to how many cookies per domain you can have.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X