1.0.9 and cookies with Safari (Windows version)

Submitted by Anonymous on Fri, 05/08/2009 - 12:15
Written by

Hi and first thank's for the Great software.

I'm setting up a new forum which is based on 1.0.9 code. While testing it using different browsers I noticed that Safari doest not get cookies even if setting is "Accept cookies: Only from sites I visit" or "... Always". This same happens with www.usebbzone.com, it shows that "remember me" is disabled. It clearly uses cookies in the similar way than 1.0.9 does.

However, with Safari cookies work with this site (usebb.net). Cookies are something __utm* and look similar than for example Google uses and different than UseBB 1.0.9.

Can you show what kind is a new cookie handling system (in usebb.net), or give some hints / links / keywords to get this issue resolved?

Hmm, haven't tried in Safari for windows, but with Safari on my Mac, it works as normal. Maybe Dietrich will have some ideas on it.

UseBB.net has the same cookies as any regular UseBB setup. "__utm*" are cookies from Urchin tracker, also known as Google Analytics. :)

Ok, my guess about new cookie system was wrong... :(

I also tried my site with real Mac and everything worked fine. :)

There is something wrong in the Windows version of Safari browser. It does not accept cookie created by PHP itself. The cookie is in the http headers, but this browser only accepts cookies created by the UseBB function call. Strange, but Google Chrome which is based on Safari code, works correctly.

If I load (with Safari) usebb.net/community/ directly, remember me is disabled because there are no cookies at all. If I first load usebb.net/, browser gets those __utm* cookies and after this remember me is enabled. However, there still is no usebb_sid cookie because it's not accepted. I can login, and after I'm logged in I have a newly created sid and cookie which is accepted by Safari. So this is not a major problem, but as long as Safari user is just browsing the forum (not logged in), every page load will create a new session_id which is appended to the session table.

My simple (and dirty) fix is this: $functions->setcookie($functions->get_config('session_name').'_sid', session_id()); to the end of $session->start(). This seems to work but is it safe when there is now two cookies in the header using same name?

I haven't had the possibility yet of testing it in Safari for Windows. Perhaps it's the HttpOnly flag that is causing troubles.