Cookies, what cookies !

Discussion in 'General Topics' started by CloneRanger, Sep 26, 2010.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Several times i've forgotten to turn on cookies before logging in here, and i'm surprised i get logged in, but more surprised, as long as i keep refreshing, i stay logged in !

    Not complaining ;) it's just that on other sites i would need to enable cookies to do any and/or all of that.
     
  2. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
    Yep i have noticed that too, good practice. :thumb:
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    If cookies are blocked by the browser then vBulletin reverts to using a session ID (sessionhash) in the URL in order to maintain the context of a user session. It works for both members and guest sessions. The only limitation is that a session will time out if no forum link is accessed for more than 15 minutes. To stay logged in (for a member) or retain read thread & forum markers (for guests), you must click some forum link within 15 minutes of your last click. The passing of the session hash looks like this in the address bar:

    [noparse]http://www.wilderssecurity.com/index.php?s=################################[/noparse]
     
  4. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    If I am reading that right, and understanding you correctly, then I am puzzled by the fact that if I forget that I am logged in, and go away (maybe even leaving the house for hours at a time), upon returning I am greatly surprised to see that I am still logged into Wilders. How is that happening if no one is clicking a forum link every 15 minutes?
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Well, this is a "look mom, no cookies" thread, so, what I was talking about above was for those who are not allowing cookies. For them, the session hash is used to maintain their session identity and to stay logged in. Your browser is allowing cookies, so, after any 15-minite session timeout, your credentials are reconfirmed using the account information stored there. It's all automatic if you store and pass cookie values.
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    The session hash can also be passed as a variable in the web form of any forum page. If you have a utility you can dump the contents of webpages, including things like form variables. If you use Firefox, there is a right-click option called "View Page Info". In there is a tab for "Forms" which lists all the fields or variables passed by the webpage. If you check the list of field names, it is simply called "s" and it's "hidden" meaning not visible on the page. If you are being validated by session hash, then you'll see the long hex hash value in that field.
     
  8. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    It's all so simple and makes so much sense, it's as if paying closer attention to what I was reading would have been easier than asking. :cautious:
    Thank you, LWM :oops:
     
  9. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ LowWaterMark

    Yeah i see that.

    Don't see that.

    I did see 3 cookies listed.

    None of this is an issue with me, i just found it curious etc that i stayed etc logged in without my enabling cookies.

    Please don't take up lots of time on this on my behalf ;)
     
  10. fsr

    fsr Registered Member

    Joined:
    Jul 26, 2010
    Posts:
    190
    "Forms" was discontinued in FF 3.x, thanks for info Low .
     
  11. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    That explains why i don't see it, thanks ;)
     
Thread Status:
Not open for further replies.