?
Solved

Setting and sharing the same cookie

Posted on 2009-02-10
21
Medium Priority
?
413 Views
Last Modified: 2012-05-06
I have integrated WordPress and bbPress. They both share the same table for users. I can login in to a user in the database from both WordPress and bbPress. SO they are correctly sharing the same user table. However, when I login as a user for the blog and then click on the forum then click to post in the forum it asks me to log in. I imagine it has something to do with cookies. I have gone through the docs on integration and a forum post by _CK_ on the bbpress support forum but nothing has made it work yet.

When I view my cookies with Firefox it shows that they are setting the exact same cookie. They both set the cookie under the same site and even the same name. When I log in with bbPress it sets another cookie with the same name as the WordPress cookie. Firefox shows 6 things for each cookie. Name, Content, Domain, Path, Send For, and Expires.

The name is the same but Content and Path are a little different.

 I need help making them share the same cookie so that the session is shared :) thanks!

Here are my config files:
wp-config.php
 
<?php
// ** MySQL settings ** //
define('DB_NAME', 'fakedb');    // The name of the database
define('DB_USER', 'fakeuser');     // Your MySQL username
define('DB_PASSWORD', 'fakepass); // ...and password
define('DB_HOST', 'localhost');    // 99% chance you won't need to change this value
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
 
// Change each KEY to a different unique phrase.  You won't have to remember the phrases later,
// so make them long and complicated.  You can visit http://api.wordpress.org/secret-key/1.1/
// to get keys generated for you, or just make something up.  Each key should have a different phrase.
define('AUTH_KEY', 'fakekey1'); // Change this to a unique phrase.
define('SECURE_AUTH_KEY', 'fakekey2'); // Change this to a unique phrase.
define('LOGGED_IN_KEY', 'fakekey3'); // Change this to a unique phrase.
define('SECRET_KEY', 'fakekey4');
define('COOKIE_DOMAIN', '');
define('COOKIEPATH', '/starteconome/');
 
/* this is what I added for integration with bbpress
$wp->cookiepath = '/starteconome/';
$wp->sitecookiepath = '/starteconome/';
define('SITECOOKIEPATH', '/starteconome/');
/*End What I added*/
 
// You can have multiple installations in one database if you give each a unique prefix
$table_prefix  = 'wp_econome_';   // Only numbers, letters, and underscores please!
 
// Change this to localize WordPress.  A corresponding MO file for the
// chosen language must be installed to wp-content/languages.
// For example, install de.mo to wp-content/languages and set WPLANG to 'de'
// to enable German language support.
define ('WPLANG', '');
 
/* That's all, stop editing! Happy blogging. */
 
if ( !defined('ABSPATH') )
        define('ABSPATH', dirname(__FILE__) . '/');
require_once(ABSPATH . 'wp-settings.php');
?>
 
 
bb-config.php
 
<?php
 
// ** MySQL settings ** //
define('BBDB_NAME', 'fakedb');      // The name of the database
define('BBDB_USER', 'fakeuser');     // Your MySQL username
define('BBDB_PASSWORD', 'fakepass'); // ...and password
define('BBDB_HOST', '');    // 99% chance you won't need to change these last few
 
define('BBDB_CHARSET', '');      // If you are *upgrading*, and your old bb-config.php does
define('BBDB_COLLATE', '');          // not have these two contstants in them, DO NOT define them
                                     // If you are installing for the first time, leave them here
 
// Change BB_SECRET_KEY to a unique phrase.  You won't have to remember it later,
// so make it long and complicated.  You can visit https://www.grc.com/passwords.htm
// to get a phrase generated for you, or just make something up.
// If you are integrating logins with WordPress, you will need to match the value
// of the "SECRET_KEY" in the WordPress file wp-config.php
define('BB_AUTH_KEY', 'fakekey1'); // Change this to a unique phrase.
define('BB_SECURE_AUTH_KEY', 'fakekey2'); // Change this to a unique phrase.
define('BB_LOGGED_IN_KEY', 'fakekey3'); // Change this to a unique phrase.
define('BB_SECRET_KEY', 'fakekey4'); // Change this to a unique phrase.
 
// If you are running multiple bbPress installations in a single database,
// you will probably want to change this.
$bb_table_prefix = 'bb_'; // Only letters, numbers and underscores please!
 
// Change this to localize bbPress.  A corresponding MO file for the
// chosen language must be installed to bb-includes/languages.
// For example, install de.mo to bb-includes/languages and set BB_LANG to 'de'
// to enable German language support.
define('BB_LANG', '');
 
/* Stop editing */
 
if ( !defined('BB_PATH') )
        define('BB_PATH', dirname(__FILE__) . '/' );
require_once( BB_PATH . 'bb-settings.php' );
?>

Open in new window

0
Comment
Question by:Shaye Larsen
  • 9
  • 8
  • 2
  • +1
20 Comments
 
LVL 2

Assisted Solution

by:jonasp
jonasp earned 1200 total points
ID: 23603841
I think you should set the cookie domain and path in the bbPress config as well.

Have a look at this thread.

http://bbpress.org/forums/topic/wordpressbbpress-single-sign-on
0
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 800 total points
ID: 23604186

<?php // RAY_session_cookie_domain.php
// DEMONSTRATE HOW TO START SESSIONS THAT WORK IN DIFFERENT SUBDOMAINS
error_reporting(E_ALL);
 
 
// GET DOMAIN WITHOUT WWW
$host = eregi_replace('^WWW', '', "$_SERVER[HTTP_HOST]");
 
// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
$sess_name = session_name();
if (session_start())
{
	setcookie($sess_name, session_id(), NULL, '/', $host, FALSE, TRUE);
}
 
 
// LOAD UP SOME INFORMATION TO SHOW SESSION CONTENTS
$_SESSION["cheese"] = "Cheddar";
if (!isset($_SESSION["count"])) $_SESSION["count"] = 0;
$_SESSION["count"] ++;
 
 
// PUT UP TWO LINKS WITH DIFFERENT SUBDOMAINS
$gost = substr($host,1); // STRIP OFF THE DOT THAT WAS NEEDED FOR SETCOOKIE
$dmn_link = 'http://'    . $gost . '/RAY_dump_session.php';
$www_link = 'http://www' . $host . '/RAY_dump_session.php';
 
echo "<br/><a target=\"_blank\" href=\"$www_link\">$www_link</a>\n";
echo "<br/><a target=\"_blank\" href=\"$dmn_link\">$dmn_link</a>\n";
 
 
// SHOW WHAT IS IN COOKIE AND IN $_SESSION
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo "\n\n";
echo "SESSION ";
var_dump($_SESSION);
 
echo "</pre>\n";
 
 
 
?>
<form method="post">
<input type="submit" value="CLICK ME" />
</form>

Open in new window

0
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 800 total points
ID: 23604201
Try these two scripts and see if that helps sort it out.  Best, ~Ray
<?php // RAY_dump_session.php
error_reporting(E_ALL);
 
// START THE SESSION
session_start();
 
// DISPLAY THE VARS
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo "\n\n";
echo "SESSION ";
var_dump($_SESSION);
 
 
 
echo "</pre>\n";

Open in new window

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:Shaye Larsen
ID: 23612732
Thanks Ray, I'm not sure however exactly what to do with your scripts? Where to put them and interact with them I mean.

jonasp, I'm still looking and working in that thread you gave me, a lot to read, thanks.

Will get back as soon as I can.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 23612835
@the_hero: You should try putting the scripts on your server and running them.  The first script will set cookies.  The second script will display the cookies.  They teach the way to set the cookies and set the session cookies so that the cookies (and by implication the session values) will be available across subdomains.  I understand that this is not a simple subject, and it may take a while to get intellectual control of all the "moving parts" -- please try the scripts and if you have any questions, post their output when you run them, and I will try to explain what you're looking at.
0
 
LVL 2

Assisted Solution

by:jonasp
jonasp earned 1200 total points
ID: 23620247
No disrespect to Ray in any way since he's got everything regarding cookies nailed but I think that when you are using two large frameworks like bbPress and WordPress and they both have support for sharing the cookie I would have gone with that support instead of rolling my own.

If you have a look at the forum thread I posted you can se that there are some options in both config files that need to match up. There are the options like:

$wp->cookiepath = '/';
$wp->sitecookiepath = '/';

and

$bb->usercookie = '';
$bb->passcookie = ''';
$bb->cookiedomain = 'domain.com';
$bb->cookiepath = '/';

that you can use to make sure the cookies match. And then you have to work with the MD5 hash from WordPress that you have to make sure matches the one bbPress generates. These can differ if you put bbPress or wordpress in a separate paths.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 23622290
@jonasp: I agree that when there is a tool in the framework, it's probably the best way to go... If you understand what you're doing.  Frankly, most people do not "really understand" cookies, and IMHO the  learning curve needed to implement and debug a cookie issue inside a framework may be harder than understanding a succinct, plain text example.  So I opt for some "baby steps" to build the understanding.  Then when something is not immediately clear in the bigger picture of the framework, there may be some foundation of understanding from the simple example.  

Best to all, ~Ray
0
 
LVL 1

Author Comment

by:Shaye Larsen
ID: 23624844
thank you for all your help and comments. I have fully reinstalled bbpress and started all over. When I started all over I set up cookie integration in the setup for bbpress. It still didn't work. So then I got the plugin referred to me. That didn't do the trick either. I don't know enough about cookies to say what is going on exactly but here is a bit of info, hope it isn't too much to gulp.

Here are the cookies I get when I log in with WordPress as shown with Firefox 3:

Cookies:

Cookie Name: wordpress_logged_in_a201d25c0ab0c5e330586ef4c9a01046
Content: admin%7C1234633855%7Cds11e43e74f2cde03ada9b1937ae52b92a
Domain: .fakedomain.com
Path: /starteconome/blog/

Cookie Name: wordpress_logged_in_a201d25c0ab0c5e330586ef4c9a01046
Content: admin%7C1234633855%7Cd11e43e74f2cde03ada9b1937ae52b92a
Domain: .fakedomain.com
Path: /starteconome/

Cookie Name: wordpress_a201d25c0ab0c5e330586ef4c9a01046
Content: admin%7C1234s633855%7Cc627aca2fs6d7c1860bf5a78651519843
Domain: .fakedomain.com
Path: /

Cookie Name: wordpress_a201d25c0ab0c5e330586ef4c9a01046
Content: admin%7C12346s33855%7Cc627aca2f6d7sc1860bf5a78651519843
Domain: .fakedomain.com
Path: /starteconome/blog/wp-content/plugins

Cookie Name: wordpress_a201d25c0ab0c5e330586ef4c9a01046
Content: admin%7C123463s3855%7Cc627aca2fs6d7c1860bf5a78651519843
Domain: www.fakedomain.com
Path: /starteconome/forum/my-plugins

Cookie Name: wordpress_a201d25c0ab0c5e330586ef4c9a01046
Content: admin%7C123463385s5%7Cc627aca2f6d7dc1860bf5a78651519843
Domain: www.fakedomain.com
Path: /starteconome/forum/bb-plugins

Cookie Name: wordpress_a201d25c0ab0c5e330586ef4c9a01046
Content: admin%7C1234633855d%7Cc627aca2fd6d7c1860bf5a78651519843
Domain: www.fakedomain.com
Path: /starteconome/forum/bb-admin


Then I go to the forum and it is on the main page showing the forum, I cannot post until I log in. So I log in using the same username and password. I go back and check my cookies and nothing has changed. All the cookie are still that same.

I don't get it?
0
 
LVL 1

Author Comment

by:Shaye Larsen
ID: 23624894
Oh there is the PHPSESSID cookie as well. When I log in with word press it is:

Name: PHPSESSID
Content: bjgl36vhsq5ul7irj9sn4ehoi1
Host: www.fakedomain.com
Path: /

Then when I log in to bbpress this same cookie stays the same also::

Name: PHPSESSID
Content: brjgl6vhsq5uld7irj9sn4sehoi1
Host: www.fakedomain.com
Path: /
0
 
LVL 1

Author Comment

by:Shaye Larsen
ID: 23624922
Here are the config files that are producing the above cookies:

wp-config.php
 
<?php
// ** MySQL settings ** //
 
 
// Change each KEY to a different unique phrase.  You won't have to remember the phrases later,
// so make them long and complicated.  You can visit http://api.wordpress.org/secret-key/1.1/
// to get keys generated for you, or just make something up.  Each key should have a different phrase.
define('AUTH_KEY', '7k67sk67k76'); // Change this to a unique phrase.
define('SECURE_AUTH_KEY', '67k6d7k76k67k76'); // Change this to a unique phrase.
define('LOGGED_IN_KEY', '67k7s6'); // Change this to a unique phrase.
define('SECRET_KEY', 'i7ldofvbeymuyds4cmh6enlbl7asr4sdebndfg7x8dvsv');
define('COOKIE_DOMAIN', '.fakedomain.com');
define('COOKIEPATH', '/startecnome/');
@define('ADMIN_COOKIE_PATH', '/');
 
/* commented out right now
$wp->cookiepath = '/';
$wp->sitecookiepath = '/';
define('SITECOOKIEPATH', '/');
*/
 
// You can have multiple installations in one database if you give each a unique prefix
$table_prefix  = 'wp_econome_';   // Only numbers, letters, and underscores please!
 
// Change this to localize WordPress.  A corresponding MO file for the
// chosen language must be installed to wp-content/languages.
// For example, install de.mo to wp-content/languages and set WPLANG to 'de'
// to enable German language support.
define ('WPLANG', '');
 
/* That's all, stop editing! Happy blogging. */
 
if ( !defined('ABSPATH') )
        define('ABSPATH', dirname(__FILE__) . '/');
require_once(ABSPATH . 'wp-settings.php');
?>
 
bb-config.php
 
<?php
 
// ** MySQL settings ** //
 
 
define('BBDB_CHARSET', '');      // If you are *upgrading*, and your old bb-config.php does
define('BBDB_COLLATE', '');          // not have these two contstants in them, DO NOT define them
                                     // If you are installing for the first time, leave them here
 
// Change BB_SECRET_KEY to a unique phrase.  You won't have to remember it later,
// so make it long and complicated.  You can visit https://www.grc.com/passwords.htm
// to get a phrase generated for you, or just make something up.
// If you are integrating logins with WordPress, you will need to match the value
// of the "SECRET_KEY" in the WordPress file wp-config.php
define('BB_SECRET_KEY', 'i7ldofvsbeymuy4cmh6enlsbl7asr4sdebndfg7x8dvs4v'); // Change this to a unique phrase.
 
// If you are running multiple bbPress installations in a single database,
// you will probably want to change this.
$bb_table_prefix = 'bb_'; // Only letters, numbers and underscores please!
 
// Change this to localize bbPress.  A corresponding MO file for the
// chosen language must be installed to bb-includes/languages.
// For example, install de.mo to bb-includes/languages and set BB_LANG to 'de'
// to enable German language support.
define('BB_LANG', '');
 
/* Stop editing */
 
if ( !defined('BB_PATH') )
        define('BB_PATH', dirname(__FILE__) . '/' );
require_once( BB_PATH . 'bb-settings.php' );
 
?>

Open in new window

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 23624990
From a quick glance, it looks like the PHP Sessions should be the same on both systems.  You can use var_dump($_SESSION) to check this.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 23625021
And from looking at the other cookies, it looks like there is still some isolation.  I think you need to get the host, path and domain to be the same if you're going to share the cookies.  The content might matter, too, since it looks like it is a dynamically generated hash.  Not sure about that, tho.
0
 
LVL 1

Author Comment

by:Shaye Larsen
ID: 23626550
Thank you. I tried var_dump($_SESSION) but it returns NULL.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 23626612
OK, well that is to be expected if you have not put anything into the $_SESSION array.  Try putting something in the session and checking it from both sides.
0
 
LVL 1

Accepted Solution

by:
Shaye Larsen earned 0 total points
ID: 23694940
Well, nothing is working. I appreciate your help. I'm switching to a different forum software which already handles this problem.

It is http://simplepressforum.com/

Thank you.
0
 
LVL 1

Author Comment

by:Shaye Larsen
ID: 23694955
In proper EE etiquette am I supposed to delete this question or award points anyway?
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 23695438
Suggest you click the "request attention" button and ask a moderator for guidance.  They're usually pretty helpful.  Best regards, ~Ray
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 23721251
">> They're usually pretty helpful" - heck, sometimes even I'm pretty helpful!

In the instant case, the Asker needs to have identical cookies across two applications.  We showed how that is done, including advice and examples.  Can't really reach out and integrate the code for our Asker, but the advice was sound and the examples work.  Sometimes it just takes time and practice to get from the question to the answer!

;-)

Cheers, ~Ray
0
 
LVL 1

Author Comment

by:Shaye Larsen
ID: 24721992
Please replace the above code with the corresponding files below.
New-Code.txt
New-Code-2.txt
New-Code-3.txt
New-Code-4.txt
0
 

Expert Comment

by:ModernMatt
ID: 24722324
At the Author's request, I replaced code with sanitised versions in the code snippet in the original question, and in the following comments: http:#a23624844, http:#a23624894 and http:#a23624922.

Thanks for using Experts Exchange!

ModernMatt
EE Moderator
http://www.experts-exchange.com/Q_24525476.html
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Suggested Courses
Course of the Month17 days, 8 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question