Login cookie change from 1.3.3 to 1.4.10 Login cookie change from 1.3.3 to 1.4.10
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Login cookie change from 1.3.3 to 1.4.10

Started by outdoorresearch, May 16, 2007, 09:37:51 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

outdoorresearch

May 16, 2007, 09:37:51 PM
We recently upgraded from 1.3.3 to 1.4.10. It appears that the method of knowing whether a user is logged in or not has changed. In 1.3.3, there were two cookies set (cpg133_uid and cpg133_pass) when a user logged in. By setting these cookies, I could basically "force" a specific user to be "logged in" without having to go through the Coppermine login screen. In 1.4.10, this does not seem to work anymore.

Does anyone know how Coppermine maintains user login status in 1.4? Is it done through a PHP session now rather than cookies?

Nibbler

#1
May 16, 2007, 09:58:10 PM
It's done using a single session (not php sessions) cookie. See bridge/coppermine.inc.php

outdoorresearch

#2
May 17, 2007, 01:27:21 AM
Thanks for the reply. It appears that the way 1.4.10 handles logins is quite a bit differently than 1.3.3 . It was nice in 1.3.3 to be able to just set two cookies and be logged in. Now there is interaction with a record in the session table which requires a bit more manuvering to get around.
Print
Go Up Pages1
User actions