XF 1.5 Cookies not working

[Phaze]

Hello,
I am currently running xF on a VPS, I have it all configured no issues.
xF is running under HTTPS

Only issue i am currently experiencing is this, if i login everything works fine and dandy. If i click logout on my account all it does is reload the page, I stay logged in.

If i login and select "remember me" it doesn't.
If i login and close the page then reopen the page, I have to login again, Same issue with "remember me"

if i leave the page and open the site again, I have to login again.

What's going on? I can't figure it out, I've tried non-https and it does the exact same thing. I've also tried changing the cookie settings with the $config cookie settings after doing some googling and same issue, Doesn't change anything.

Would really love to know how to fix this issue...

Thanks
- Phaze

Edit;
I also just tested this issue with internet explorer and it works fine in internet explorer but Google Chrome isn't working at all with it.

 

[Mike]

Have you changed cookie settings in config.php prior to this? If so, I'd recommend resetting all of those changes BUT changing the cookie prefix. This should ensure that there's no conflict from existing cookies.

If that doesn't resolve the issue, are you using CloudFlare or another reverse proxy?

 

[Phaze]

Have you changed cookie settings in config.php prior to this? If so, I'd recommend resetting all of those changes BUT changing the cookie prefix. This should ensure that there's no conflict from existing cookies.

If that doesn't resolve the issue, are you using CloudFlare or another reverse proxy?

No, I changed them based on a few xenforo threads related to this issue with the following code

$config['cookie'] = array(
    'prefix' => 'xf_',
    'path' => '/',
    'domain' => ''
);

(changed the cookie name, added .mydomain.pw)

and the issue is the same, Just attempted it again and still the same issue.

I am not using CloudFlare or anything like that, It's just a direct connection from Browser to Server (with HTTPS from Let's Encrypt in there as well, but it has the same issue on http so i doubt it's let's encrypt)

Edit: I also just reset the cookie prefix back to xf_ and then removed it from the code and i still have the same issue (while its now only defining the path & domain)

 

[Mike]

If you submit a ticket with login details so we can test, but we can attempt to reproduce it. I expect we'll have difficulty reproducing it, which could point to a client side issue unfortunately.

 

[Phaze]

If you submit a ticket with login details so we can test, but we can attempt to reproduce it. I expect we'll have difficulty reproducing it, which could point to a client side issue unfortunately.

Ok, I created the ticket.

 

[Paul B]

I have replied to your ticket.

Log in and out works fine for me so I suspect it's a local/browser issue.

 

[Phaze]

I have replied to your ticket.

Log in and out works fine for me so I suspect it's a local/browser issue.

Nono, I forgot to update.
The login & logout works flawless for me now (after clearing my browser)

What's not working is the "Remember Me" cookie, If i check "Remember Me" then login, Close the tab and reopen it, I have to login again even though i logged in under "Remember Me"

 

[Phaze]

the other thing is though is i literally just installed Firefox to see if that had any other changes and it didn't.

Logging in under remember me, close tab, reopen tab, Forces you to login again. Regardless if you chose to say logged in or not.
I seriously can't figure this out.. I'm really confused at this point.

 

[AA_]

XenForo_Helper_Cookie:

        if ($secure === null)
        {
            $secure = XenForo_Application::$secure;
        }

The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a the cookie in clear text.

To accomplish this goal, browsers which support the secure flag will only send cookies with the secure flag when the request is going to a HTTPS page. Said in another way, the browser will not send a cookie with the secure flag set over an unencrypted HTTP request.

By setting the secure flag, the browser will prevent the transmission of a cookie over an unencrypted channel.

"bugfix":
search in library/XenForo/Helper/Cookie.php:

return self::_setCookieInternal($name, $value, $expiration, $httpOnly, $secure);

change to:

return self::_setCookieInternal($name, $value, $expiration, $httpOnly, false);