[FAQ'd] subdomain cookies

Documentation is as important as the rest of the code, so if something is unclear, missing or just plain wrong, please tell it.
User avatar
dis
Posts: 209
Joined: Mon Aug 19, 2002 3:56 am

[FAQ'd] subdomain cookies

Postby dis » Thu Jan 28, 2010 2:10 am

Hi, I'd like to suggest a possible clarification/addition to the current FAQ on subdomain cookies.

Most of my nucleus blogs are on subdomains and I have never been able to get the login/cookie thing working for me. Today I finally figured out a solution that actually seems to work - fingers crossed! - so I thought I'd share it.

The solution listed here http://faq.nucleuscms.org/item/66 has never worked for me. I suspect it could be because I use different usernames on different subdomains.

I found that if I made the cookie domain ".mydomain.com", all that happened was that each login on each succeeding subdomain would replace the cookie from the preceding blog. Very annoying :cry:

I tried using "subdomain.domain.com" for each subdomain and it failed to work completely - the cookie would set ok, and each subdomain would not replace the preceding subdomain's cookie, but it would still keep asking me to login even though the cookie was there.

Today it finally occurred to me to try ".subdomain.domain.com" instead. Don't know why it took me so long, considering this has been bugging me for years. Slow thinker, I know :) But it does seem to have worked! The cookies on each different subdomain are setting properly, they are not deleting/replacing each other, AND I am finally staying logged in on all of them. [nb. Tests were all run on nucleus blogs using either v3.41 or v.351]

If you do consider adding this to the FAQ, YMMV so please do try this on your own subdomains first to confirm it works for you. It could just be my own weird setup issues or something :)

Edit by Leng: This thread has been FAQ'd:

How can I make cookies work for both www.mydomain.com and mydomain.com?
ftruscot
Nucleus Guru
Nucleus Guru
Posts: 7430
Joined: Wed Feb 22, 2006 6:19 pm
Location: Massachusetts
Contact:

Postby ftruscot » Thu Jan 28, 2010 3:08 am

That FAQ is for the case where you have multiple hostnames/subdomains pointing to the same nucleus installation.

You are correct that in that if you have multiple installations in different subdomains of a single domain, then you need to set the cookie prefix as described.
Is your question not solved yet?
Search our FAQ,
read the Documentation, or
browse the list of available plugins.

Check out my plugins
User avatar
dis
Posts: 209
Joined: Mon Aug 19, 2002 3:56 am

Postby dis » Thu Jan 28, 2010 4:21 am

oh, i see. that accounts for the difference then. so it's nothing to do with different usernames. my blogs are all different installs on different subdomains. thanks for the clarification, ftruscot!
User avatar
dis
Posts: 209
Joined: Mon Aug 19, 2002 3:56 am

Postby dis » Sun Jan 31, 2010 4:59 am

argh. I take back my original post. It was working fine until I shut down my computer for the night. The next day when I started up the computer again, all the blogs were asking me to login again, even though the cookies were still there.

It was fine as long as I had the computer on in the same session, even when I shut down and restarted the browser several times to check, but as soon as the computer itself was shut down... :(

Maybe it's a browser thing :(
ftruscot
Nucleus Guru
Nucleus Guru
Posts: 7430
Joined: Wed Feb 22, 2006 6:19 pm
Location: Massachusetts
Contact:

Postby ftruscot » Sun Jan 31, 2010 5:27 am

Maybe. Clear out all the cookies and start fresh. Or try a different browser and see if you get similar results.

Be sure the login cookie lifetime is set to a month in the nucleus configuration settings.

In your browser check to be sure you aren't deleting your history/cookies after a day or whatever.
Is your question not solved yet?

Search our FAQ,

read the Documentation, or

browse the list of available plugins.



Check out my plugins
User avatar
dis
Posts: 209
Joined: Mon Aug 19, 2002 3:56 am

Postby dis » Mon Mar 15, 2010 9:37 pm

Thanks again ftruscot!

Tried flushing the cookies, no diff. Cookie lifetime is a month.

I do set my browser to empty out after every session, but it does not remove cookies for sites that I specifically tell it to keep. The cookies remain cached, and I can see them, but they don't seem to be recognized or used by the browser.

I think you are probably correct and this may be a browser-specific issue. Probably if I switched to IE it would work fine. However, I don't want to change browsers, and it would be a pain to have to load up a different browser every time I want to work on my blogs, so I've been trying to find solutions specific to my browser. No luck so far :( but if I come up with anything I'll update here :)
ftruscot
Nucleus Guru
Nucleus Guru
Posts: 7430
Joined: Wed Feb 22, 2006 6:19 pm
Location: Massachusetts
Contact:

Postby ftruscot » Mon Mar 15, 2010 10:11 pm

People successfully manage nucleus blogs using all types of browsers, so you should be able to find a way to make the preferred browser work.

If you have access to the mysql tables, you can check the key stored in the nucleus_member table for your member and compare it to the loginkey cookie value. It's not a straight-forward comparison. Unless you have set some special config settings on your config file, the key in the nucleus_member table should equal the md5 hash of the loginkey concatenated with the first 3 octets of your IP address.

So if your IP address is 10.123.234.5 and the loginkey cookie value is 3c97ea3b06630ee8c1a205c78ad223d6, then you would want to find an md5 hash generator and check the hash of this string:

3c97ea3b06630ee8c1a205c78ad223d610.123.234

Note that anytime you login from a different machine, or browser, your old key becomes invalid and you'll need to login again.
Is your question not solved yet?

Search our FAQ,

read the Documentation, or

browse the list of available plugins.



Check out my plugins
User avatar
dis
Posts: 209
Joined: Mon Aug 19, 2002 3:56 am

Postby dis » Tue Mar 16, 2010 11:33 pm

ftruscot wrote:Note that anytime you login from a different machine, or browser, your old key becomes invalid and you'll need to login again.


If I understand you correctly, you might just have solved my several-years-old mystery!

I do log in to the same blogs from different machines quite often. If I understand you correctly, every time I do this the login cookies on whichever machines I previously used would now become invalid. Is that right?

I was only having this problem on Nucleus blogs previously, but in the last week or so I've suddenly begun having the problem on other sites too, which have nothing to do with Nucleus. Maybe the same invalidation problem is happening for all these sites.

Just to keep this thread from being totally irrelevant to this forum, I'll add a suggestion here to update the FAQ with all the incredibly helpful information ftruscot has provided here. I never knew about the invalidation thing and I bet lots of other average non-programmer users don't know about it either - might help them solve some questions too!

I'm going to check on my cookie values and see what I find.

Once again, thanks so much for all your invaluable help & advice, ftruscot!
User avatar
dis
Posts: 209
Joined: Mon Aug 19, 2002 3:56 am

Postby dis » Sat May 29, 2010 12:17 am

Small update to this issue. I think I can confirm this now. I've been keeping an eye on logins to see what happens and whenever I log in from a different computer, I lose my saved login on the previous computer.

If I don't log in to Nucleus from another computer, the cookie DOES get read and recognized and my login remains active even through shutdowns and reboots.

I am currently using a cookie domain of the style ".subdomain.domain.com" for my subdomain installs of nucleus, and they seem to work perfectly as long as I don't log in from multiple computers.

As a side note, I've defaulted to a small workaround for this problem by using the built-in password manager in my browser. Whenever I "lose" the saved login by logging in on another PC, I now use the password manager in the browser to automatically log back in to the previous PC for me. Still an extra click or two, but at least it saves on typing. (How lazy can one get, I know :))
User avatar
Leng
Nucleus Guru
Nucleus Guru
Posts: 2827
Joined: Sun Sep 19, 2004 2:34 am
Location: Australia
Contact:

Postby Leng » Tue Jun 01, 2010 3:37 pm

Thanks for posting the suggestion. I have updated How can I make cookies work for both www.mydomain.com and mydomain.com? as well as added more links to that FAQ from Why does Nucleus keep asking me to login? in the "Further Reading" section.
Image
deborahlau.com | To-Do List
Questions? See the FAQ, read the docs, or browse our plugins!!

Return to “Documentation”