Thread: IPB Cookies SSL fix: Cookies are actually sending over HTTP instead!

Results 1 to 2 of 2
  1. #1 IPB Cookies SSL fix: Cookies are actually sending over HTTP instead! 
    Registered Member

    Join Date
    Jan 2013
    Posts
    485
    Thanks given
    58
    Thanks received
    132
    Rep Power
    248
    You have an Invision Power Board forum, don't you? You also have SSL enabled on the whole board don't you?

    I've just tested it with my mate on my own project, I am also using IPB, unfortunately IPB did not enable auto-security or setting new cookies.
    That means, that when a new session cookie is created, it will be sent through HTTP instead of HTTPS if it's transmitted in HTTP, but there is a very easy fix for this.


    admin/sources/base/core.php

    Find:

    Code:
    @setcookie( $_name, $value, $expires, $_path, $_domain, NULL, TRUE );
    Change with:

    Code:
    @setcookie( $_name, $value, $expires, $_path, $_domain, TRUE, TRUE );
    Or if it's a clean IPB installation (3.x) this is the line:

    Code:
     Line 4236
    PHP DOCUMENTATIONS:

    Code:
    bool setcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] )
    PHP: setcookie - Manual


    However, if you don't want to make these simple modifications to your IPB copy, you can simply do the following thing:

    PHP.INI config file

    Add OR Change to:

    Code:
    session.cookie_httponly = On
    session.cookie_secure = On
    Reply With Quote  
     

  2. Thankful user:


  3. #2  
    Registered Member
    Anthony`'s Avatar
    Join Date
    Sep 2008
    Age
    29
    Posts
    763
    Thanks given
    75
    Thanks received
    164
    Rep Power
    204
    IPB doesn't have this as a control in the ACP? Wow.
    Reply With Quote  
     

  4. Thankful user:



Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Replies: 9
    Last Post: 11-22-2012, 12:26 AM
  2. Replies: 8
    Last Post: 07-02-2012, 11:17 PM
  3. Replies: 2
    Last Post: 03-20-2012, 04:32 PM
  4. Replies: 1
    Last Post: 10-18-2009, 04:13 AM
  5. Replies: 14
    Last Post: 01-20-2009, 03:48 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •