PHP-Nuke/PHPbb Cookie Settings - The DEFINITIVE ANSWER There have been multiple posts about problems people have been having with cookies not being properly set or working properly from within PHP-Nuke, especially in relation to the PHPbb forums. Symptoms of cookie problems within the PHPbb module of PHP-Nuke include: 1) Users unable to login or remain logged in during their session 2) Users being forced to login ever time they visit the site 3) New PHPbb forum messages being highlighted the first time a visitor enters the forums, but then all new message indicators disappear as soon as the user reads or creates a single post, refreshes the browser, hits the browser back button, or leaves the forum and reenters without logging out of the forum or website. The goal of this post is to demystify the meaning of these configuration settings in PHPbb, and also to dispel some misinformation that has been spread as "solutions" to this issue. Within the PHPbb Forum Administration (not to be confused with the PHP-Nuke admininstration area!), go to: GENERAL ADMIN > CONFIGURATION Value: DOMAIN NAME -- Generally this will be www.yoursite.com -- If you installed PHP-Nuke (aka Raven) into a subfolder within your wwwroot, then you may want to consider setting this to the full path to the PHP-Nuke root. For example, it may need to read www.yoursite.com/phpnuke -- In general, you should never have a trailing slash (/) at the end of the Domain Name. -- NOTE: This setting has NOTHING to do with the cookies, however, it DOES affect all of the path settings for the other forum configuration sections, since the DOMAIN NAME will be automatically prepended to the beginning of all of the paths you define. Value: COOKIE DOMAIN -- Generally it is best to leave this field BLANK! -- This is the "domain" that will be set and used for the cookies. -- The "cookie domain" must match exactly the URL domain that the user's browser is using to access your website. -- It is important to understand that if your webserver is configured to respond to requests at multiple URL domains (such as yoursite.com, www.yoursite.com, and also forum.yoursite.com) then each URL domain will create and look for their own separate set of cookies on the user's browser. In other words, a cookie that was set by yoursite.com will NOT work if the user returns to your site by visiting www.yoursite.com. Therefore, if you define a value for COOKIE DOMAIN, then PHPbb will ONLY set cookies for that URL domain, hence they will only work if the user's browser is visiting your site by using that exact URL. By leaving the COOKIE DOMAIN value blank, your webserver will automatically create cookies for whatever domain URL the browser used to access your site. This will not fix the issue of cookies from one URL not being usable by another URL, but it will eliminate the likelihood of a user's cookies not working properly within the session or on future visits. Value: COOKIE NAME: -- Generally you can leave this at its default setting. -- There should NEVER be a space, a period (.), or a slash (/) in a cookie name! Only use basic latin letters and numbers, avoid all punctuation. -- It should NOT be left blank. PHP-Nuke creates its own set of cookies, so to avoid conflict you should define a value here. -- The COOKIE NAME value will automatically be prepended to the name of all cookies set by PHPbb. -- If you are running more than one forum on your webserver it would be wise to change it to keep the cookies from each forum from overwriting or interfering with one another. -- I would recommend naming it "phpbbyoursite" (without the quotes), but you can make it anything you want as long as you use valid characters. Value: COOKIE PATH: -- This is where most people get messed up! -- The magic bullet is that the COOKIE PATH must fill in any gap between the end of the URL domain, and where the PHP-Nuke file "modules.php" exists! See the examples below. -- Generally you can leave this at its default setting of a single slash (/). -- It should NOT be left blank, and should NOT contain any spaces. -- The last character in the COOKIE PATH should ALWAYS be a slash (/). -- PHPbb will automatically assemble cookies in the following manner: COOKIE DOMAIN + COOKIE PATH + COOKIE NAME) It is therefore imperative that your combined settings will result in a valid constructed URL path. -- It is important to understand that the slashes (/) are critical since this is what divides the cookie domain, path, and name values from one another. If there are no slashes, then the values will run into one another without any separation, resulting in an invalid URL. Value: COOKIE SECURE -- Generally you should leave this at its default value of "Disabled". -- If you don't know what SSL is or what this means, then don't mess with it! Value: SESSION LENGTH [ SECONDS ] -- Generally you should leave this at its default value of "3600". -- This is how long a session cookie will last before it auto expires on the user's browser. -- Again, if you don't know what this means, or a specific reason of why you should change it, then don't mess with it! Some Practical Examples: Example #1: You access PHP-Nuke (aka Raven) at http://www.yoursite.com/ --or-- http://yoursite.com --or-- http://1.2.3.4/ COOKIE DOMAIN = (blank) COOKIE NAME = phpbbyoursite COOKIE PATH = / COOKIE SECURE = Disabled SESSION LENGTH = 3600 Example #2: You access PHP-Nuke (aka Raven) at http://www.yoursite.com/phpnuke/ COOKIE DOMAIN = (blank) COOKIE NAME = phpbbyoursite COOKIE PATH = /phpnuke/ COOKIE SECURE = Disabled SESSION LENGTH = 3600 Example #3: You access PHP-Nuke (aka Raven) at http://www.yoursite.com/members/phpnuke/ COOKIE DOMAIN = (blank) COOKIE NAME = phpbbyoursite COOKIE PATH = /members/phpnuke/ COOKIE SECURE = Disabled SESSION LENGTH = 3600 Troubleshooting method: By default, most browsers will accept all cookies automatically. For temporary troubleshooting, in your browser's settings, modify your privacy or security settings regarding cookies, and set your browser to Prompt you before accepting for ALL cookies. This way, your browser will pop up a dialog box which will enable you to view the cookie contents in detail. Be sure to accept them, but this way you can see what the actual cookie values are to ensure that the domain, path, and name are being defined properly. The actual value of the cookies is less important. What's important are the domain and path. After enabling prompt for cookies, clear your browsers cache and cookies, then close all browser sessions. Once that's done, open a browser and start to test your PHP-Nuke installation to ensure the cookies are being set properly. That should do it! You're on your own from here on, I'm not able to handle support requests or follow-up questions. I'm just a community member and putting this out there for the community's benefit. Enjoy!

Source: by AudieMurphy on Wed Sep 20, 2006 8:58 am; http://ravenphpscripts.com/posts11296.html