Jump to content
DevFuse Forums
Sign in to follow this  

Cookie Settings


Basic cookie settings, especially helpful for those who have upgraded from 2.x.x
I see a fair few topics where people are having issues staying logged into their board. I thought I would write a very quick tutorial explaining a few of the recommended settings.

Please note this is not a "one size fits all" tutorial, but I think the majority of boards will be OK with these settings, although there will always be exceptions.

Navigate here > ACP > System > Tools / Settings > "system" > System Settings > Cookies

[b]Cookie Domain[/b] ... Just put your URL into here with a . prefix, regardless of whether your board is at www.site.com or www.site.com/forum, it does not matter. Don't forget the leading [b].[/b] , Example:

[b]Cookie Name Prefix[/b] ... You can normally leave blank unless you have multiple IPB's installed on this domain. I would suggest you put in something to identify your board simply to help if you decide to install any other applications to your domain. Something like [code]-forum-[/code] is ideal to enter here.

[b]Cookie Path[/b] ... Typically you can leave this blank.

See how those cookie settings effect things to start with. I will list a few more things to look at if needed, but in most cases they are quite sufficient.

ACP > System > Tools / Settings > "system" > System Settings > Security and Privacy > "Security - High"

[b]Enable X_FORWARDED_FOR IP matching?[/b] ... Ideally this should stay off. I found in some cases (for me this was people in the UK using the AOL ISP and the AOL browser) it needed to be enabled.

[b]Member's log in key: Expiration[/b] ... Do not set this to "Do not expire" , set to a suitable setting for your board (Recommended setting "Expire after 3 days")

[b]Reset member's log in key upon each log in?[/b] ... The default for this is off already. You probably will be able to leave it at that in most cases.

[b]Match user's IP Address during session validation[/b] ... The default for this is no. This will probably suit most boards. If you have a lot of members who repeatedly get logged out (In my case AOL users, see my note above) , you may want to try switching it on.

[b]Match user's browser during session validation[/b] ... Again, the default for this is no. You can switch this on if you want to try to increase the security of your board a little further.

As above, not everything will work for everyone, but I hope this simple tutorial proves useful :)

Recommended Comments

There are no comments to display.