Skip to:
Content
Pages
Categories
Search
Top
Bottom

Session Cookies

  • @gogarth

    Member

    BBPress seems to use the kind of cookie that resides on the user’s machine unless they actively log out.

    Can anyone help me modify/ add custom code (or point me to a useful plug-in :) ) so that its lifetime is limited to the session only?

    Also, should I be using something like session_cache_limiter(‘nocache’) for further privacy, or is this already taken care of?

    I have recently installed the excellent Private Forums plug-in as an alternative to using the more cumbersome HTTP authentication method, which has prompted me to think about this potential security issue. Private Forums is only truly secure if the user remembers to log out.

Viewing 4 replies - 1 through 4 (of 4 total)
  • @gogarth

    Member

    I think I have answered my own question.

    I modified the $expires value /bb-includes/pluggable.php from time() + 604800 to 0.

    This appears to have done the trick.

    I don’t know if this is technically correct way to do it, however, as I will now need to remember this modification if I overwrite the files with an update. Should I have written a little plug-in to achieve this?

    @trent

    Member

    A plugin would be the best way so that it doesn’t require a core change.

    Trent

    @ardentfrost

    Member

    I’m not sure, but looking at the pluggable code, you might be able to drop this into your my-plugins directory and it work without changing core files:

    function bb_cookie( $name, $value, $expires = 0 ) {

    global $bb;

    if ( !$expires )

    $expires = time() + 604800;

    if ( isset( $bb->cookiedomain ) )

    setcookie( $name, $value, $expires, $bb->cookiepath, $bb->cookiedomain );

    else

    setcookie( $name, $value, $expires, $bb->cookiepath );

    }

    Then make the same change you made last time (changing 604800 to 0 or something, whatever you did)

    @gogarth

    Member

    Yes – it did work!

    Thank you very much. It also helped me understand the plugin-friendly framework into the bargain.

    Julian

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.
Skip to toolbar