b2evolution b2evolution

  • Sign in
  • Sign up
  • About
  • Downloads
  • Hosting
  • Docs
  • Support
  • Sign in
  • Sign up
  • Manuals Home
  • Latest Updates
 
  1. b2evolution CMS User Manual
  2. Operations Reference
  3. Troubleshooting
  4. Troubleshooting Cookie Issues

Troubleshooting Cookie Issues

Troubleshooting Cookie Issues

Variants of the question:

  • I can’t log in…
  • My cookies don’t hold…
  • b2evolution asks for my password again and again…
  • b2evolution tells me "incorrect crumb received" again and again…

Short Answer

  • Either your $baseurl is not configured properly in _basic_config.php;
  • Or you are not using the same consistent URL / not the same consistent domain to connect to your site.

Did you clear your browser cookies since your last configuration changes? If not, please do! Old cookies still in your browser can have unpredictable effects!

Long Answer

In the file /conf/_basic_config.php, you have set an URL with a statement like this:

$baseurl = 'http://www.mysite.com/';

This will be used as the basis for setting cookies (see $cookie_domain and $cookie_path in _advanced.php; details below). Cookies will work for this URL and with this URL only (and everything that is below that URL).

If your site can be accessed through several URLs, you will have issues! For example:

  • if you try to access your site through http://www.mydomain.com/ or http://192.168.1.2/ and your $baseurl is set for http://subdomain.mydomain.com/, your cookies will not work and you will not be able to log in.
  • if you try to access your site through http://www.mydomain.com/ and your $baseurl is set for http://www.mydomain.com/blog/, your cookies will not work and you will not be able to log in.

So the rule of thumb is: use one single server name to access b2evolution, pick one specific folder (which can be /) and configure that exact URL name in your $baseurl!

Notes:

  • If it’s still not working, you may need to clear all the cookies from your browser before it will work properly. (You may have an old cookie that takes precedence over the new one.)
  • If you really need to use multiple domains, see: Multi-Domain Setup.
  • If you’re using a reverse-proxy in front of b2evolution and you translate to a different domain, pay attention to translating the cookie domain.
  • If you want to control your cookies more precisely, see below.

Why do we set such restrictive cookies?

Because in some situations (testing or otherwise) people are installing several instances of b2evolution (sometimes even different versions of b2evolution) on a single server. We have to restrict by folder and/or subdomain in order not to mix up the cookies.

By having narrow cookie scopes, it is possible to run several b2evolution instances concurrently without interference.

The tradeoff is that you cannot use different URLs to access your blog by default. This is a rare situation that is not recommended for best SEO practices anyways. (If you still want to do it no matter what, see below).

For local test setups

For local tests, we recommend you use this:

$baseurl = 'http://localhost/';

For multi-domain setups

See: Multi-Domain Setup.

Technical details & Full control

IN b2evolution 6.7.5+, many settings have been move to the back-office. See: Cookie Settings Panel.

In the file _advanced.php and unless you manually change it, we perform the following:

  • we will automatically extract $basehost from the $baseurl. For example, your $basehost could be extracted as www.mysite.com.
  • we will automatically set your $cookie_domain based on your $basehost. For example, your $cookie_domain could be set to mysite.com. Important: if your $basehost is something like subdomain.domain.com, your $cookie_domain will NOT be reduced to domain.com. It will stay as subdomain.domain.com.
  • we will automatically extract $cookie_path from your $baseurl. If you’re running in the root folder, the $cookie_path will be /.

Use your browser developer tools to inspect the cookies received and/or sent by your web browser. See the screenshot above.

In _advanced.php you will find all the following variables to further control your cookie name and scope. You may use this in special situations where you want a more laxist cookie policy than the default:

// ** Cookies **

/**
 * This is the path that will be associated to cookies.
 *
 * That means cookies set by this b2evo install won't be seen outside of this path on the domain below.
 *
 * @global string Default: preg_replace( '#https?://[^/]+#', '', $baseurl )
 */
$cookie_path = preg_replace( '#https?://[^/]+#', '', $baseurl );

/**
 * Cookie domain.
 *
 * That means cookies set by this b2evo install won't be seen outside of this domain.
 *
 * We'll take {@link $basehost} by default (the leading dot includes subdomains), but
 * when there's no dot in it, at least Firefox will not set the cookie. The best
 * example for having no dot in the host name is 'localhost', but it's the case for
 * host names in an intranet also.
 *
 * Note: ".domain.com" cookies will be sent to sub.domain.com too.
 * But, see http://www.faqs.org/rfcs/rfc2965:
 *	"If multiple cookies satisfy the criteria above, they are ordered in
 *	the Cookie header such that those with more specific Path attributes
 *	precede those with less specific.  Ordering with respect to other
 *	attributes (e.g., Domain) is unspecified."
 *
 * @global string Default: ( strpos($basehost, '.') ) ? '.'. $basehost : '';
 */
if( strpos($basehost, '.') === false )
{	// localhost or windows machine name:
	$cookie_domain = '';
}
elseif( preg_match( '~^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$~i', $basehost ) )
{	// The basehost is an IP address, use the basehost as it is:
	$cookie_domain = $basehost;
}
else
{	// Keep the part of the basehost after the www. :
	$cookie_domain = preg_replace( '/^(www\. )? (.+)$/xi', '.$2', $basehost );

	// When hosting multiple domains (not just subdomains) on a single instance of b2evo,
	// you may want to try this:
	// $cookie_domain = '.'.$_SERVER['HTTP_HOST'];
	// or this: -- Have a cookie domain of 2 levels only, base on current basehost.
	// $cookie_domain = preg_replace( '/^( .* \. )? (.+? \. .+? )$/xi', '.$2', $basehost );
	// fp> pb with domains like .co.uk !?
}

/**
 * Name used for session cookies.
 */
$cookie_session = str_replace( '.', '_', 'session_'.$instance_name.'_'.$cookie_domain );

/**
 * Names used for other cookies.
 *
 * The following remember the comment meta data for non registered users:
 */
$cookie_name    = 'cookie'.$instance_name.'name';
$cookie_email   = 'cookie'.$instance_name.'email';
$cookie_url     = 'cookie'.$instance_name.'url';

/**
 * Expiration for comment meta data cookies.
 *
 * Note: user sessions use different settings (config in admin)
 *
 * Value in seconds, set this to 0 if you wish to use non permanent cookies (erased when browser is closed).
 * Default: time() + 31536000 (one year from now)
 *
 * @global int $cookie_expires
 */
$cookie_expires = time() + 31536000;

/**
 * Expired-time used to erase comment meta data cookies.
 *
 * Note: user sessions use different settings (config in admin)
 *
 * Default: time() - 86400 (24 hours ago)
 *
 * @global int $cookie_expired
 */
$cookie_expired = time() - 86400;

/**
 * Crumb expiration time
 *
 * Default: 2 hours
 *
 * @global int $crumb_expires
 */
$crumb_expires = 7200;

Created by fplanque • Last edit by fplanque on 2016-08-08 15:27 • •

No feedback yet

On this page

  • Short Answer
  • Long Answer
  • Why do we set such restrictive cookies?
  • For local test setups
  • For multi-domain setups
  • Technical details & Full control

Search the Manual

Content Hierarchy

  • b2evolution CMS User Manual
  • User's Guide
  • Installation / Upgrade
  • Front-office Reference
  • Back-office Reference
  • Developer Reference
  • Operations Reference
    • Security
    • Fighting Spam
    • Performance
    • Using Multiple Domains
    • Intranet setup
    • LDAP Integration
    • Troubleshooting
      • My users do not have access to the files section / upload
      • I made a change but my blog is not updated
      • Troubleshooting Cookie Issues
      • I get file permission errors. How do I fix them?
      • When I do X I get a blank page or only a half page
      • "Warning: Cannot modify header information"
      • Emails don't arrive / Email notifications don't work
      • I have a MySQL error
      • Illegal mix of collations
      • phpMyAdmin
      • Http Post Data Too Large
      • Email Deliverability
      • I'm having weird redirect issues
      • Dev Menu
      • Error message not by b2evolution
    • Bundled Plugins
  • Advanced Topics
  • Glossary
  • Archives
Website engine

This online manual is powered by b2evolution CMS – A complete engine for your website.

About b2evolution

  • What is it?
  • Features
  • Getting Started
  • Screenshots
  • Online demo
  • Testimonials
  • Design philosophy
  • Free & open source
  • Terms of service

Downloads

  • Latest releases
  • Skins
  • Plugins
  • Language packs

About us

  • About us
  • Contact

Webhosting Guide

  • Web hosting blog
  • Best web hosting
  • Cheap web hosting
  • Green web hosting
  • Hosting with SSH
  • VPS hosting
  • Dedicated servers
  • Reseller hosting
  • Int'l: UK / France

Docs & Support

  • Online manual
  • Forums
  • Hire a pro !

Other

  • Adsense
  • Press room
  • Privacy policy

Stay in touch

  • GitHub
  • Twitter
  • Facebook
  • LinkedIn
  • News blog
  • RSS feed
  • Atom feed

Founded & Maintained by François Planque