1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 Does XF still uses xf_user cookie?

Discussion in 'XenForo Questions and Support' started by Nuno, Jun 27, 2015.

  1. Nuno

    Nuno Active Member


    I'm trying to configure nginx to cache pages for guest and in my readings I found a reference to xf_user cookie, but I don't see it in my headers, both as a guest or as a member.

    Where does Xf stores login session? How can I identify guests/members by they cookies?

  2. Mike

    Mike XenForo Developer Staff Member

    You can't truly identify a guest vs member via cookie. It's only stored in a session.

    The presence of the user cookie would tell you they're not a guest (but the lack of it doesn't tell you they're a guest).
  3. Nuno

    Nuno Active Member

    Thank Mike,

    Would be nice tho have a way to identify guests/members with a cookie, this way we would easily map a variable in nginx to cache guests pages :)
  4. RastaLulz

    RastaLulz Well-Known Member

    That's unfortunate, was hoping to use that to detect if a page should be cached or not with Varnish. I guess it's back to the drawing board.
  5. RoldanLT

    RoldanLT Well-Known Member

    AndyB and RastaLulz like this.
  6. Nuno

    Nuno Active Member

    Thanks RoldanLT

    Forcing stay connected is dangerous when the user shares his device with others, but will do.
    Last edited: Dec 27, 2015
  7. The Forum Heroes

    The Forum Heroes Well-Known Member

    You could add a "log out" to your member bar buttons.
  8. RastaLulz

    RastaLulz Well-Known Member

    While this does the job, after playing around with it a little, I noticed a user can delete the "xf_user" cookie (be it malicious or not) and still remain logged in, caching pages with their information.

    Therefore, I went ahead and created an add-on (Logged In Cookie) that would be better suited for this use case (caching), by creating a "xf_logged_in" cookie, that will display the page as a guest if not present to avoid what I mentioned above. It also gives users the added benefit of being able to chose if they want to stay logged in or not.
    eva2000, Nuno and RoldanLT like this.
  9. RoldanLT

    RoldanLT Well-Known Member

    Very impressive!
    Thanks a lot (y)
  10. Nuno

    Nuno Active Member

    Thanks @RastaLulz

Share This Page