Topic: 1.0a2 + 2.6x cookies: so close!

1.0a2 + 2.6x cookies: so close!

WebDev WaxLotus LLC
Member

@musnake

16 years, 1 month ago
It’s like trying to open the wrapper on a new CD you’re dying to listen to…if I can just get it open without using a hammer…

This is a thread. There are many threads like this thread. This thread is my thread.

Follow the cookie path please. Visit with the config file settings. See the pattern and you will bend the spoon. Then let me eat ice-cream with that spoon, please.
```
Paths:



WP: http://mydomain.org/

bbPress: http://mydomain.org/forum/



Apache version	1.3.41 (Unix)

PHP version	5.2.5

MySQL version	5.0.51a-community

Architecture	i686

Operating system	Linux



#########################################

bb-config.php:
```
// URI’s

$bb->wp_siteurl = ‘http://mydomain.org’; // No trailing slash

$bb->wp_home = ‘http://mydomain.org’;

// Cookie Scope

$bb->cookiedomain = ”;

$bb->cookiepath = ”;

$bb->sitecookiepath = ”;

$bb->admin_cookie_path = ‘/forum/bb-admin’;

$bb->core_plugins_cookie_path = ‘/forum/bb-plugins’;

$bb->user_plugins_cookie_path = ‘/forum/my-plugins’;

$bb->wp_admin_cookie_path = ‘/wp-admin’;

$bb->wp_plugins_cookie_path = ‘/wp-content/plugins’;

// The name of the cookies

$bb->authcookie = ‘wordpress_blah3_blah5_blah8’;

$bb->secure_auth_cookie = ‘wordpress_sec_blah3_blah5_blah8’;

$bb->logged_in_cookie = ‘wordpress_logged_in_blah3_blah5_blah8’;

define(‘BB_AUTH_KEY’, ‘ahhpushit’);

define(‘BB_SECURE_AUTH_KEY’, ‘pushpushit’);

define(‘BB_LOGGED_IN_KEY’, ‘realgood’);

define(‘BB_AUTH_SALT’, ‘andpepper’);

define(‘BB_LOGGED_IN_SALT’, ‘arehere’);
```
#########################################



wp-config.php:
```
define(‘AUTH_KEY’, ‘ahhpushit’);

define(‘SECURE_AUTH_KEY’, ‘pushpushit’);

define(‘LOGGED_IN_KEY’, ‘realgood’);

define(‘AUTH_SALT’, ‘andpepper’);

define(‘LOGGED_IN_SALT’, ‘arehere’);

$wp->authcookie = ‘wordpress_blah3_blah5_blah8’;

$wp->secure_auth_cookie = ‘wordpress_sec_blah3_blah5_blah8’;

$wp->logged_in_cookie = ‘wordpress_logged_in_blah3_blah5_blah8’;

// bbPress WP integration

define(‘COOKIE_DOMAIN’, ”);

define(‘COOKIEPATH’, ”);
```
#########################################



1)Clear all cookies



#########################################



2) Log into bbPress: (mydomain.org/forum/): role 'member':
```
wordpress_logged_in_URIHASH => /forum/

wordpress_URIHASH => /wp-content/plugins

wordpress_URIHASH => /wp-admin

wordpress_URIHASH => /forum/my-plugins

wordpress_URIHASH => /forum/bb-plugins

wordpress_URIHASH => /forum/bb-admin
```
#########################################



3) Visit WP site: (not logged in)
```
wordpress_logged_in_URIHASH => /forum/

wordpress_URIHASH => /wp-content/plugins

wordpress_URIHASH => /wp-admin

wordpress_URIHASH => /forum/my-plugins

wordpress_URIHASH => /forum/bb-plugins

wordpress_URIHASH => /forum/bb-admin

PHPSESSID => /
```
various 3rd party cookies from picasa etc



#########################################



4) Visit wp-login.php: (not logged in)
```
wordpress_logged_in_URIHASH => /forum/

wordpress_URIHASH => /wp-content/plugins

wordpress_URIHASH => /wp-admin

wordpress_URIHASH => /forum/my-plugins

wordpress_URIHASH => /forum/bb-plugins

wordpress_URIHASH => /forum/bb-admin

PHPSESSID => /

wordpress_test_cookie => /
```
#########################################



5) Log into wp-login.php as 'subscriber' user (same user as bbPress) which puts me /wp-admin/
```
wordpress_logged_in_URIHASH => /

wordpress_logged_in_URIHASH => /forum/

wordpress_URIHASH => /wp-content/plugins

wordpress_URIHASH => /wp-admin

wordpress_URIHASH => /forum/my-plugins

wordpress_URIHASH => /forum/bb-plugins

wordpress_URIHASH => /forum/bb-admin

PHPSESSID => /

wordpress_test_cookie => /
```
#########################################



6) 'Visit site' from wp-admin
```
wordpress_logged_in_URIHASH => /

wordpress_logged_in_URIHASH => /forum/

wordpress_URIHASH => /wp-content/plugins

wordpress_URIHASH => /wp-admin

wordpress_URIHASH => /forum/my-plugins

wordpress_URIHASH => /forum/bb-plugins

wordpress_URIHASH => /forum/bb-admin

PHPSESSID => /

wordpress_test_cookie => /
```
#########################################



7) Click on '//mySite.org/forum' link on main site (bbPress install dir)

Forum's first page displays: No extra cookies made.  These cookies are from WP in the previous step:
```
wordpress_logged_in_URIHASH => /

wordpress_logged_in_URIHASH => /forum/

wordpress_URIHASH => /wp-content/plugins

wordpress_URIHASH => /wp-admin

wordpress_URIHASH => /forum/my-plugins

wordpress_URIHASH => /forum/bb-plugins

wordpress_URIHASH => /forum/bb-admin

PHPSESSID => /

wordpress_test_cookie => /
```
#########################################



 Log out from bbPress:
```
wordpress_logged_in_URIHASH => /

wordpress_test_cookie => /

PHPSESSID => /
```
STILL LOGGED INTO bbPress!



#########################################



9) Visit wp site
```
wordpress_logged_in_URIHASH => /

wordpress_test_cookie => /

PHPSESSID => /
```
#########################################



10) Logout from WP site: (wp-login.php?loggedout=true)
```
wordpress_test_cookie => /

PHPSESSID => /
```
#########################################



11) Visit forum site.



logged out.



#########################################

12) Clear all cookies



#########################################



13) Log into bbPress:
```
wordpress_logged_in_URIHASH => /forum/

wordpress_URIHASH => /wp-content/plugins

wordpress_URIHASH => /wp-admin

wordpress_URIHASH => /forum/my-plugins

wordpress_URIHASH => /forum/bb-plugins

wordpress_URIHASH => /forum/bb-admin
```
#########################################



14)Log out of bbPress:



All cookies cleared.



#########################################



15) Visit WP site + clear cookies.



#########################################



16) Log into WP
```
wordpress_logged_in_URIHASH => /

wordpress_URIHASH => /wp-content/plugins

wordpress_URIHASH => /wp-admin

wordpress_test_cookie => /

PHPSESSID => /
```
#########################################



17) Visit bbPress site.



Already Logged in as wp user.
```
wordpress_logged_in_URIHASH => /

wordpress_URIHASH => /wp-content/plugins

wordpress_URIHASH => /wp-admin

wordpress_test_cookie => /

PHPSESSID => /
```
#########################################



18) Logout from bbPress:
```
wordpress_logged_in_URIHASH => /

wordpress_test_cookie => /

PHPSESSID => /
```
Still logged in to bbPress!



#########################################



19) Logout from main site:
```
wordpress_test_cookie => /

PHPSESSID => /
```
#########################################



20)  Eat stapler.
```

Viewing 20 replies - 1 through 20 (of 20 total)

WebDev WaxLotus LLC
Member

@musnake

16 years, 1 month ago

I guess I should also point out (in case!) that I used URIHASH to represent the gyug76tg9t780780yy870y8-yyg string…

Less cluttered…
WebDev WaxLotus LLC
Member

@musnake

16 years, 1 month ago
So I was thinking about this in the shower, if I can get bbPress to set a cookie for / instead of /forum I think my woes would be over (See Step 2 above…)

Now, before looking into it further, I don’t think this is how it works. If the script calling for a cookie to be set is in folder ‘/forum/’ then the domain scope for that cookie is going to be set to ‘/forum/’ by the webserver.

But to test the obvious, I rushed to bb-config and tried variations on
```
// Cookie Scope

$bb->cookiedomain = '';

$bb->cookiepath = '/';

$bb->sitecookiepath = '/';
```
No joy.

Maybe if I had the wp-login code on the forum site…with bb-admin cookies… let me try some things…

The ‘/’ cookie to rule them all is the way to go. If I can just get it to work…
Micheal Benedict Arul
Member

@rowoot

16 years, 1 month ago

I must appreciate your work. Although I have given up tryin to integrate them.

I have finally resorted to using the login system of bbpress rather than wordpress login system. Since the cookies generated by bbpress is accepted and recognized by wordpress while it doesn`t work vice versa.

(basically if I login into bbpress, wordpress automatically recognizes me and wordpress admin is accessible, but if I login via wordpress, bbpress recognizes that I have logged in, but I can`t access admin section of bbpress)

WebDev WaxLotus LLC
Member

@musnake

16 years, 1 month ago

Sounds familiar.

I have been brute-forcing it (after reading the cookie-related code to see where it’s getting what) and have discovered that if I strip ALL of the integration code, I can still get the correct wp cookies to be generated which sounds like a cache issue…

I’m going to flush cache now… and if it still works, I’m going to try and turn water into a nice Shiraz.
WebDev WaxLotus LLC
Member

@musnake

16 years, 1 month ago
Hmm,

With all the path and cookie info stripped out of bb-config and wp-config, cache and cookies cleared, the logging into bbPress:
```
wordpress_logged_in_URIHASH => /forum/

wordpress_URIHASH => /wp-content/plugins

wordpress_URIHASH => /wp-admin

wordpress_URIHASH => /forum/my-plugins

wordpress_URIHASH => /forum/bb-plugins

wordpress_URIHASH => /forum/bb-admin
```
Note the trailing slash on the /forum/ path.

The only ‘integration’ info in the bb-config.php is the db connection stuff. That’s it.

Now, this may be/probably is totally natural, that `wordpress_URIHASH => /wp-content/plugins

wordpress_URIHASH => /wp-admin` cookies are set, and this goes to highlight how wrong my perspective is! Here I was thinking that I had configured at least part of it correctly, the auth cookie stuff, but it was doing it all along, haha.

I wonder if one of the WP user permissions plugins (WP-Sentry comes to mind) is affecting this -nah! Cookies are set before output is sent.

Time to back off of this.

Users will just have to log in twice (between the blog and the fora).

Thanks rowoot.
Deadpan110
Member

@deadpan110

16 years ago
Im not sure if I have set my bbPress 1.0.alpha2 to work with WordPress MU 2.6.3 correctly, but its working.

http://domain.com = my WordPress MU

http://forums.domain.com = bbPress sub domain

As you can probably see, there are things within the config files that might not be needed.

WordPress/wp-config.php
```
define('AUTH_KEY', 'authkey');

define('SECURE_AUTH_KEY', 'secureauthkey');

define('SECURE_AUTH_SALT', 'secureauthsalt');

define('LOGGED_IN_KEY', 'loggedinkey');

define('SECRET_KEY', 'secretkey');

define('SECRET_SALT', 'secretsalt');

define('LOGGED_IN_SALT', 'loggedinsalt');
```
I copied and pasted the existing lines straight into bb-config.php replacing what was already there and then added the BB_ to each.

bbPress/bb-config.php
```
define('BB_AUTH_KEY', 'authkey');

define('BB_SECURE_AUTH_KEY', 'secureauthkey');

define('BB_SECURE_AUTH_SALT', 'secureauthsalt');

define('BB_LOGGED_IN_KEY', 'loggedinkey');

define('BB_SECRET_KEY', 'secretkey');

define('BB_SECRET_SALT', 'secretsalt');

define('BB_LOGGED_IN_SALT', 'loggedinsalt');
```
In BOTH bb-config.php AND wp-config I added:
```
define('COOKIE_DOMAIN', '.domain.com'); // remember the '.' prefix

define('COOKIEPATH', ''); // this is empty
```
Then I visited http://forums.domain.com/bb-admin/options-wordpress.php (Settings > WordPress Integration) and scrolled down to ‘Manual bbPress config file settings’ and copied all the text below ‘WordPress cookie integration speedup’ and pasted into bbPress/bb-config.php.
```
$bb->wp_siteurl = 'http://domain.com';

$bb->wp_home = 'http://domain.com';

$bb->cookiedomain = '.domain.com';

$bb->cookiepath = '';

$bb->authcookie = 'wordpress_LEFT_THIS_ALONE';

$bb->secure_auth_cookie = 'wordpress_sec_LEFT_THIS_ALONE';

$bb->logged_in_cookie = 'wordpress_logged_in_'; // DELETE the hash part

$bb->admin_cookie_path = '/bb-admin';

$bb->core_plugins_cookie_path = '/bb-plugins';

$bb->user_plugins_cookie_path = '/my-plugins';

$bb->sitecookiepath = '';

$bb->wp_admin_cookie_path = '/wp-admin';

$bb->wp_plugins_cookie_path = '/wp-content/plugins';
```
Oh, and I added the$bb->wp_table_prefix = 'wp_'; too.

NOTE

$bb->logged_in_cookie = 'wordpress_logged_in_';

The hash was removed and the line reads EXACTLY as above.

To test, just make sure you are logged out of both and then log in and visit your other site.

Final Note, as stated above – there is probably a lot of unneeded clutter in the bb-press config, but all works for me – no matter which domain I log into!

I hope this helps someone
Deadpan110
Member

@deadpan110

16 years ago

@musnake – as you are not using sub domains, the only thing i can see wrong with your setup is the:

$bb->logged_in_cookie = 'wordpress_logged_in_blah3_blah5_blah8';

Try changing to:

$bb->logged_in_cookie = 'wordpress_logged_in_';
WebDev WaxLotus LLC
Member

@musnake

16 years ago
Thanks Deadpan11,

The core behavior of bb-settings.php is to append BB_HASH to the cookie name on line 638:

$bb->logged_in_cookie = ($bb->wp_cookies_integrated ? 'wordpress_logged_in_' : 'bbpress_logged_in_') . BB_HASH;

Even in a non-WPMU installation such as this one, I would agree that this is a good coding protocol to follow. I did try your suggestion though, because I do want to understand, but the cookie was still created as wordpress_logged_in_blah3_blah5_blah8.

This caught my eye over the weekend…

In bb-settings.php line 592:
```
$bb->wp_cookies_integrated = false;

$bb->cookiedomain = bb_get_option('cookiedomain');

if ( $bb->wp_siteurl && $bb->wp_home ) {

if ( $bb->cookiedomain ) {

$bb->wp_cookies_integrated = true;
```
I even tried setting $bb->cookiedomain=” to allow the code to construct the value… no joy. No problems logging into bbPress, which is just fine for the moment.

The code is alpha! Since others had had success I was trying to nail down my server environment deltas…

I’ll push on with other projects for now
WebDev WaxLotus LLC
Member

@musnake

16 years ago

So the web-consensus is that

$bb->cookiedomain = '.domain.com';

specifically the leading dot before the domain.com, is key to permitting cookies created in one subdomain to be useful in other related domains.

Darn. I thought I found my magic bullet.

jonkristian
Member

@jonkristian

16 years ago

Deadpan11 , I followed your guide and it worked excellent, however I had to keep the hash on:

$bb->logged_in_cookie = ‘wordpress_logged_in_’;

Setup, http://forums.domain.com & http://domain.com

I can now log in via the forums, and access both admin panels, and via wp, and still access both. If I log out of either, I am logged out of both.

Klark0
Member

@klark0

16 years ago

Thank you very much, Deadpan.

I’m integrated with cookies now ..but

When I click the Admin link in bbpress it just reloads the page. It doesn’t take me to the admin area.

Edit: Seems to be happening both ways. If i log into WPMU first and go the bbpress, the admin link just reloads the page. If login to bbpress first, the admin link works but I’m forced to login again if I try to access wp-admin

WebDev WaxLotus LLC
Member

@musnake

16 years ago

@jonkristian and klarko:

Are you using bbPress 1.0.2a?

Jon, are you using WP2.6x? I see that klarko is using wpmu.

jonkristian
Member

@jonkristian

16 years ago

Yeah, 2.6.3 and 1.0.2a

Klark0
Member

@klark0

16 years ago

yeah mu2.6.3 and 1.0.2a here too.

WebDev WaxLotus LLC
Member

@musnake

16 years ago

@Jon: Curious. There is a difference between my setup and yours.

I have bbPress in a separate db but share the wp user tables…you?

jonkristian
Member

@jonkristian

16 years ago

Hm, turns out I still have trouble accessing admin panel in bbpress. Straange, I tested it with login via both bbpress and wp the last time, however now, it doesn’t seem to work.

Regarding the setup, i followed Deadpan’s setup down to the very last line, except that i kept the hash in

$bb->logged_in_cookie = ‘wordpress_logged_in_ikeptthishashin’;

nekita
Member

@nekita

16 years ago

Just tried it and, yes, I have the same issues with 2.6.3 and 1.0.2a . Well was worth a try anyways.

WebDev WaxLotus LLC
Member

@musnake

16 years ago

All fixed. This post by deadmedic fixed all my issues! It explains why all the ‘worked for me!’ posts seemed like nonsense to me.

The fix:

Change line 673 in bb-settings.php from:

$bb->sitecookiepath = rtrim($bb->sitecookiepath, '/');

to:

$bb->sitecookiepath = '/' . trim($bb->sitecookiepath, '/');

Thank you deadmedic!

hotforwords
Member

@hotforwords

15 years, 11 months ago

Deadpan110, your procedure worked perfectly for me. I have WordPress 2.6.5 and bbpress 1 alpha 2.

I didn’t know what to put into Secret_Key and Secret_Salt.. I assumed they referred to: Secret and Auth_Salt in WP 2.6.5

And it works great! Now let’s see what happens with 2.7!

Sam Bauers
Participant

@sambauers

15 years, 11 months ago

Changes are in trunk of WPMU to help sort out the cookie sharing problem there.

https://trac.mu.wordpress.org/ticket/809

A lot of the use of config settings in all these solutions are a bit heavy handed, most of these settings are done automatically and you only need to copy them to your bb-config file once you are happy with them.