Keep having to log in

From: Matt 4 Jun 2013 12:48
To: JonCooper 8 of 17
This getting logged out problem is very difficult to diagnose, mostly because I'm not suffering from it! Doesn't matter if I switch browser, use my phone, my Transformer Prime, once they're logged in they stay logged in.

Jon: That definitely sounds like your Chrome is buggered. If Teh / Beehive was crashing everyone's Chrome, someone else would surely have said something.
From: Queeg 500 (JESUSONEEZ) 4 Jun 2013 12:53
To: Kenny J (WINGNUTKJ) 9 of 17
Me too, pretty much every other time. Using FireFox 21.0 on Mac OS 10.6.8. Always this computer, but then I only look at Teh on this computer.
From: ANT_THOMAS 4 Jun 2013 13:00
To: ALL10 of 17
Just noticed it's happening quite a bit on my phone.
From: Kenny J (WINGNUTKJ) 4 Jun 2013 13:17
To: Matt 11 of 17
If it's any help, I'm currently on my work PC. In IE9, if I log in with "remember me" set, close the browser and re-open, I'm logged out. If I do the same in Firefox, I'm still logged in.
Previously, I cleared the cookies in Firefox, and attempted to do it in IE using the F12 menu, but it doesn't seem to be playing.

Looking at the cookies in IE using the F12 menu, I've got multiple instances of the cookie set, with a variety of expiry dates:

Cookie Information - http://www.tehforum.co.uk/forum/lpost.php?webtag=DEFAULT&replyto=40507.8
NAME forum_style
VALUE tehforum
DOMAIN www.tehforum.co.uk
PATH /forum/
EXPIRES 12/10/2013 16:53:48

NAME user_logon
VALUE wingnutkj
DOMAIN www.tehforum.co.uk
PATH /forum/
EXPIRES 12/10/2013 15:25:28

NAME user_token
VALUE a token
DOMAIN www.tehforum.co.uk
PATH /forum/
EXPIRES 12/10/2013 15:25:28

NAME forum_style
VALUE tehforum
DOMAIN www.tehforum.co.uk
PATH /forum
EXPIRES 24/08/2013 12:44:26

NAME user_logon
VALUE wingnutkj
DOMAIN www.tehforum.co.uk
PATH /forum
EXPIRES 24/08/2013 12:44:26

NAME user_token
VALUE the same token
DOMAIN www.tehforum.co.uk
PATH /forum
EXPIRES 24/08/2013 12:44:26

NAME forum_style
VALUE tehforum
DOMAIN www.tehforum.co.uk
PATH /
EXPIRES 27/12/2013 19:41:23

NAME user_logon
VALUE wingnutkj
DOMAIN www.tehforum.co.uk
PATH /
EXPIRES 04/06/2014 14:11:52

NAME user_token
VALUE a different token
DOMAIN www.tehforum.co.uk
PATH /
EXPIRES 04/06/2014 14:11:52

NAME sess_hash
VALUE a hash
DOMAIN tehforum.co.uk
PATH /
EXPIRES At the end of the Session


Any use to you?
From: Kenny J (WINGNUTKJ) 4 Jun 2013 13:30
To: Kenny J (WINGNUTKJ) 12 of 17
Tried clearing cookies using the link on the login screen - works on FF, according to Cookie Monster, but not on IE, according to the F12 menu (and using it to clear cookies doesn't seem to be working). Could be two issues - one with IE not deleting cookies when asked, the other with Beehive having written multiple login cookies at some point, then not clearing them properly (but when cleared using Cookie Monster, goes back to working fine).

I'm loathe to do a full clear-out of my IE cookies right now - sorry!
From: Matt 4 Jun 2013 17:25
To: Kenny J (WINGNUTKJ) 13 of 17
You should be able to use the developer tools in IE to delete the cookies just for tehforum.co.uk.
From: Kenny J (WINGNUTKJ) 4 Jun 2013 18:55
To: Matt 14 of 17
Yeah, that didn't seem to want to happen - they weren't being deleted no matter how hard I pushed the button. I've now exported all cookies to a text file, edited out the forum ones, cleared IE's cookies fully, and re-imported the text file, and everything seems to be working. Does the multiple-sets-of-cookies-causing-repeated-logging-in theory sound plausible?
From: Matt 4 Jun 2013 20:08
To: Kenny J (WINGNUTKJ) 15 of 17
Yes.

The HTTP specification allows for cookies with the same name, but different paths. Unfortunately as far as I know PHP doesn't account for this, instead all it does is add all the cookies to a simple single-dimension key-value-pair array (named $_COOKIES) and makes them all available to the script regardless of whether the path matches or not.

And because it's perfectly possible for the browser to format the cookie header so as to send the valid cookie before the invalid one, when PHP processes the header, it simply overwrites any existing entry in the array resulting in the valid cookie never being available to the script.

Which is a bit shit.
EDITED: 4 Jun 2013 20:09 by MATT
From: Kenny J (WINGNUTKJ) 4 Jun 2013 21:23
To: Matt 16 of 17
Thanks for the explanation!  (Although it's reminded me of just how much I've forgotten about this kind of thing. I'm sure I used to be able to do websites...)
From: JonCooper 9 Jun 2013 19:28
To: ALL17 of 17
FWIW - I didn't fix my chrome since it wasn't happening anywhere else, it isn't happening here any more - odd