XF 1.4 Does XF still uses xf_user cookie?

Nuno

Nuno

Well-known member
Hello,

I'm trying to configure nginx to cache pages for guest and in my readings I found a reference to xf_user cookie, but I don't see it in my headers, both as a guest or as a member.

Where does Xf stores login session? How can I identify guests/members by they cookies?

Thanks
 
Sort by date Sort by votes
You can't truly identify a guest vs member via cookie. It's only stored in a session.

The presence of the user cookie would tell you they're not a guest (but the lack of it doesn't tell you they're a guest).
 
Upvote 0 Downvote
Thank Mike,

Would be nice tho have a way to identify guests/members with a cookie, this way we would easily map a variable in nginx to cache guests pages :)
 
Upvote 0 Downvote
Thanks RoldanLT

Forcing stay connected is dangerous when the user shares his device with others, but will do.
 
Last edited:
Upvote 0 Downvote
RoldanLT said:
You can use this addon: https://xenforo.com/community/resources/remove-stay-logged-in.2444/
Or do it manually on templates.

Then you can now identify guest vs login user ;).
I have this implementation for more than a year now with nginx fastcgi_cache.
Click to expand...
While this does the job, after playing around with it a little, I noticed a user can delete the "xf_user" cookie (be it malicious or not) and still remain logged in, caching pages with their information.

Therefore, I went ahead and created an add-on (Logged In Cookie) that would be better suited for this use case (caching), by creating a "xf_logged_in" cookie, that will display the page as a guest if not present to avoid what I mentioned above. It also gives users the added benefit of being able to chose if they want to stay logged in or not.
 
Upvote 0 Downvote
RastaLulz said:
Therefore, I went ahead and created an add-on (Logged In Cookie) that would be better suited for this use case (caching), by creating a "xf_logged_in" cookie, that will display the page as a guest if not present to avoid what I mentioned above. It also gives users the added benefit of being able to chose if they want to stay logged in or not.
Click to expand...
Very impressive!
Thanks a lot (y)
 
Upvote 0 Downvote
RastaLulz said:
While this does the job, after playing around with it a little, I noticed a user can delete the "xf_user" cookie (be it malicious or not) and still remain logged in, caching pages with their information.

Therefore, I went ahead and created an add-on (Logged In Cookie) that would be better suited for this use case (caching), by creating a "xf_logged_in" cookie, that will display the page as a guest if not present to avoid what I mentioned above. It also gives users the added benefit of being able to chose if they want to stay logged in or not.
Click to expand...

Thanks @RastaLulz
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

tristan9
Xenforo and edge caches
Replies
5
Views
1K
motowebmaster
motowebmaster
Elizabeth
  • Question Question
XF 2.1 Marked as crashed and should be repaired in src/XF/Db/AbstractStatement.php on line 217
Replies
4
Views
767
Elizabeth
Elizabeth
trigatch4
  • Question Question
XF 2.2 Login Broken: Redirects User to Register after XF 1.5 to 2.2
Replies
3
Views
674
TPerry
TPerry
M
  • Question Question
XF 2.2 Disable automatic link shortening with ellipsis/periods/dots? URLs displayed with dots will be broken when copy-pasted.
Replies
0
Views
463
MaximilianKohler
M
DKGE
  • Solved
XF 2.2 Where to find XF.php Documentation?
Replies
1
Views
923
Kirby
K
Top Bottom