Serendipity 1.1: Login/Session Cookie Bug in Windows IIS

Thursday, January 4. 2007
Posted by Garvin Hicking in Development

Comments (7)
Trackbacks (0)

Some users have reported on the forums that they had login problems to their Serendipity Admin suite since the upgrade to version 1.1.

Thanks to the help of Shadowin it was discovered that a problematic $_SERVER['HTTPS'] variable setting by the Windows IIS Server caused this. According to the PHP documentation, $_SERVER['HTTPS'] should only contain a non-empty value in case of enabled SSL/HTTPS connections, in which case Serendipity would issue a "secure" cookie.

To fix this odd behaviour in Serendipity 1.1 you need to open the file include/functions_config.inc.php and replace the line

$secure = !empty($_SERVER['HTTPS']) ? true : false;

with

$secure = (strtolower($_SERVER['HTTPS']) == 'on') ? true : false;. Also replace this line in the file serendipity_config.inc.php:

if ($_SERVER['HTTPS'])) {
  @ini_set('session.name', 'SSLSID');
  @ini_set('session.cookie_secure', '1');
}

with

if (strtolower($_SERVER['HTTPS']) == 'on') {
  @ini_set('session.name', 'SSLSID');
  @ini_set('session.cookie_secure', '1');
}

This will use a more stricter check. For people who are afraid to edit that file, simply download this file and replace it with your current include/functions_config.inc.php file. Also please download this file and replace it with the 'serendiptiy_config.inc.php' file.

A fully patched 1.1.1 version will be made available later, when we have made sure that there are no other bugs left. So far, the 1.1 version has been received very stable by the public! Thanks for improving Serendipity through your reports and help!


Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

That does not function
#1 Laura on 2007-01-16 15:10 (Reply)
I changed the functions_config.inc.php but I can't find the section I'm supposed to change in serendipity_config.inc.php?
#2 Dag Ole on 2007-01-30 01:31 (Reply)
If you go to http://board.s9y.org/viewtopic.php?t=8205 the last post on the page explains everything needed.
#3 Kevin (Homepage) on 2007-01-31 07:41 (Reply)
I have a development server currently Powered by Serendipity 1.1.2, PHP 5.2.1, IIS and Windows Server 2000 SP4, and I am having the same problem. I thought this problem was fix in version 1.1.1, I have reviewed all the fixes recommended here and on the forum http://board.s9y.org/viewtopic.php?t=8205, so far no success. Guys let us join hands togather. Please let me have your comments or suggestions. Much appretiated
#4 Leroy Tomlin (Homepage) on 2007-03-13 12:22 (Reply)
Hi Leroy!

Please come to the forums, where we will try to help you.

Do PHP sessions generally work on your server, have you made sure of that with another application that requires cookies? Like phpMyAdmin with "cookie" authentication? Please reply on the forums.

To be it sounds as if it's a server issue, not with S9y - the bug that had been there should really be fixed. :)

Best regards,
Garvin
#4.1 Garvin on 2007-03-13 12:52 (Reply)
In my humblest of opinion is think it may definately a problem with Serendipity, simply because I am using another PHP Application (Powered by phpBB 2.0.22 © 2001 phpBB Group) on the same machine and it is working fine (I can login their admin system and use it without any problems)

Thanks for your response it was very quick!
#5 Leroy Tomlin (Homepage) on 2007-03-13 13:39 (Reply)
Hi!

Replying here: http://board.s9y.org/viewtopic.php?t=9235
#5.1 Garvin on 2007-03-13 14:10 (Reply)

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed
 
 
 
 

Frontpage - Top level

 

Quicksearch


Categories


All categories

Archives

October 2008
September 2008
August 2008
Recent...
Older...

SVN/CVS state

The current nightly/SVN trunk state is: testing 1.4

News: Performance of entryproperties-plugin

Recommendation(s): Use 1.3 release

Please report issues and bugs on our Bugtracker. Your help is very much appreciated.


Syndicate This Blog


More RSS Feeds

Event Plugins
Sidebar Plugins
SVN/CVS commits
Serendipity around the world

Handbuch für Serendipity


Das offizielle, umfassende Serendipity-Handbuch für Einsteiger und Profis ist nun im Handel und kann online bei Amazon oder Open Source Press bestellt werden, oder auch bei jedem Buchhändler.