Opened 15 years ago
Closed 15 years ago
#1117 closed defect (bug) (fixed)
bb-settings.php does not preserve $bb->sitecookiepath
Reported by: | junsuijin | Owned by: | junsuijin |
---|---|---|---|
Milestone: | 1.0 | Priority: | high |
Severity: | major | Version: | 1.0-rc-2 |
Component: | General - Integration | Keywords: | has-patch |
Cc: | junsuijin@… |
Description
The problem here is that when the sitecookiepath and cookiepath are the same, there should not be 2 logged_in cookies set (looking at the code in bb-settings.php this seems the intention). However, $bb->sitecookiepath always gets the trailing / removed from it before setting the cookie, so this in practice does not happen, and causes WordPress integration to somewhat fail (unable to log in from bbPress and then out from WordPress in a situation where these two cookies should both be the same). In effect this means users logging in from bbP may think they've logged out if they do so from WP, because they are redirected to the logout page, and in some cases even logged out from WP, but never from bbP as well, thus posing a security risk for public kiosks.
Attachments (1)
Change History (5)
#2
@
15 years ago
As I just mentioned on the bbPress.org forum:
I tested a site with WP in the base folder and bbP in a subfolder of WP, and a site with WP in a subfolder of the base folder with bbP in a subfolder of WP. Neither site needs anything added to either config file (in terms of the suggestions from the admin pages), except that the 3 secret keys match between them (my nonce keys also match but that shouldn't matter). It is also necessary to fill in the wp-admin's bbPress Integration Plugin settings, and the bb-admin's WordPress Integration settings.
On any sites I've tested where I have WP in a subfolder of the base folder, and bbP in a subfolder of the WP folder, bbP sets 2 logged_in cookies, one with a trailing / and one without, which poses a problem since WP doesn't get rid of the one without a trailing / and thus WP cannot logout from bbP if the user logs in from bbP. After patching bb-settings.php with 1117.patch and testing it on both sites mentioned, and an additional site with WP in a subfolder of the base folder and bbP in a subfolder of WP, I found all sites integrating as expected and bbP would only set one logged_in cookie in all cases, as expected.
very simple and tested with no problems