1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Why is the xf_session cookie not removed when a user logs in?

Discussion in 'XenForo Development Discussions' started by Marcus, Aug 3, 2014.

  1. Marcus

    Marcus Well-Known Member

    Each visitor gets a xf_session cookie. With the login you also get a xf_user cookie. When you disable the xf_session cookie after login, the xf_user cookie lets you still browsing the community as a logged in member. What are the purposes of the xf_session cookies? I found these:
    • guest personalized settings like "disable this information"
    • the login pages - I guess as well as the register pages - only work with this cookie
    The xf_session cookie is always used on all pages regardeless whether the user is logged in (uses the xf_user cookie) or even logged in within the admin area (the xf_admin cookie is used here).


    Why is the xf_session cookie not removed when a user logs in?


    As a sidenote: The xf_user cookie lets you browse the community pages without the xf_session cookie. The xf_admin cookie only works with the xf_session cookie.
     
    Last edited: Aug 3, 2014

Share This Page