BUG report! PhPBB / Photopost session handling
 

Photopost has a definite bug in the cookie based session handling.
Photopost 5.5
PhP 4.3
PhPBB v unknown
Apache webserver
IE 7.0
FireFox

Fresh install of Photopost with PhPBB integration

Symtoms:
Users log into PhPBB interface script and maintain login status upon redirect.
When user clicks the Photopost section (Using FireFox), the user looses their login status. IE 7.0 works just fine.

Cookie Path = /
Cookie Prefix = phpbb2mysql
Cookie domain = "blank"

When cookie path is changed to .domain.com

Neither IE 7.0 or FireFox work!

Packet captures shows browser side is working correctly with session id handling with "blank domain"

Using IE 7.0

GET /phpbb/index.php?tab=photo_gallery&sid=1a567b967e64b25c99e5be7570404504 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.colormegorgeous.com/
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 1.1.4322)
Host: www.colormegorgeous.com
Connection: Keep-Alive
Cookie: PHPSESSID=108c923e1870129da4f82ad32f84e75c; phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22user

Here is Firefox

DATA:
GET /images/home_b_n.jpg HTTP/1.1
Host: www.colormegorgeous.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Accept: image/png,*/*;q=0.5
Accept-Language: en-us
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.colormegorgeous.com/photopost2/index.php
Cookie: PHPSESSID=61644db36c21926a6717b203deb050f8; __utma=13750821.1729382399.1177171796.1177171796.1177171796.1; __utmb=13750821; __utmc=13750821; __utmz=13750821.1177171796.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A2%3A%2259%22%3B%7D; phpbb2mysql_sid=fb60bd562db0ddc83560a174

Kindly fix your software and get back to us with the patch!

A step by step integration instead of a fresh install to allow users to maintain session handling would be very much appreciated!

We are paid and registered customers!

Brad
bcddd214@yahoo.com

There is no bug in the software.

You need to properly set cookies to match hense your forum and photopost need to be set both to these settings

cookie path /

cookie prefix phpbb2mysql

cookie domain .colormegorgeous.com

Then neither IE 7.0 or Firefox work at all.
Everything is included in my Bug report.
If you read it, you would see I already answered that.

Brad

PhPBB is initiating the session controls properly and to RFC standards
RFC 2109 and RFC 2965
Photopost is not digesting them properly.

Brad

I guess you have not understanding what I wrote both here and in your support email

Photopost does not use any session period. We use cookies and your login is carried through the phpbb data and sid cookies. As I posted in your support email you must allow and use cookies.

Furthermore I went as far as to register a username on your forum and test the login. I use Mozilla exclusively by the way and it works fine. However as I noted to you in my email you do not have your cookies aligned properly. You must set both Photopost and phpBB cookies as noted below to allow a cookie to be created site wide

cookie path /

cookie prefix phpbb2mysql

cookie domain .colormegorgeous.com

and, I had the domain set to "blank"
Now try!
I just added .colormegorgeous.com

and, it does not work in IE 7.0 or FireFox.

Notice in my packet capture
Cookie: PHPSESSID=61644db36c21926a6717b203deb050f8; __utma=13750821.1729382399.1177171796.1177171796.1177171796.1; __utmb=13750821;

I am using cookies!
Your software is not digesting properly!

Brad

Your site works fine that I see

We do not use sessions in any manner as stated in Photopost in conjunction with phpbb

So, you are saying it is impossible to maintain a user login status with your software using phpbb?

As you can see on the website, .colormegorgeous.com
Is not working!

Brad

It is working fine as long as you use cookies. As I previously stated I log into your site using Mozilla and IE with the user I registered and I am logged in fine

We read the phpbb2mysql_sid and phpbb2mysql_data cookies that phpbb makes and we make the same cookies. This is why I stated to make sure both apps are set to the same cookies to make the same cookies.

There are tons of users using PHP with phpBB2 for years and it does work fine. I logged in went back and forth from forum photopost many times and even uploaded a photo

http://www.colormegorgeous.com/photo...to=193&cat=500

I can see that you posted a picture.

Did you try logging in at the main page and then click on the photo gallery page?
Did you notice the "YOU NEEDED TO LOGIN AGAIN?

Brad

For the first time though, you are providing a clue.
Other than in the photopost control panel, what other control panel do you mean?

Please clarify "both apps"?

What 2 (two) places should this setting be placed?

Brad

It looks like that was the missing trick.
Firefox is carring the login now.

Thank you!

I am talking about your phpBB forum or your photopost. I can login at either of those applications fine. I think your issue is a bug with your special front page login script which has nothing really to do with our application.

I think if you login at your forum or the gallery and go back and forth between those products things work fine.