Cookie Config And Fix For Invalid Session. Please resubmit the form

Description: Ever got the "Invalid Session. Please resubmit the form" well this quick tutorial will show you how to set-up your forums configuration the correct way !

Version: 1.0

Added on: 27 July 2009

Author: AudieMurphy

Difficulty Level: Very Easy

Views: 8668

Detailed Profile •

I think firstly people might get confused, please remember there are 2 admin areas in PHPNuke,

1) One for the site at yoursite.com/admin.php and
2) The forums admin at yoursite.com/admin.php?op=forums (found in the admin area by hitting the "Forum" icon.

Symptoms of cookie problems within the PHPbb module of PHP-Nuke include:
1) Users unable to login or remain logged in during their session
2) Users being forced to login ever time they visit the site
3) New PHPbb forum messages being highlighted the first time a visitor enters the forums, but then all new message indicators disappear as soon as the user reads or creates a single post, refreshes the browser, hits the browser back button, or leaves the forum and re-enters without logging out of the forum or website.

The goal of this post is to demystify the meaning of these configuration settings in PHPbb, and also to dispel some misinformation that has been spread as "solutions" to this issue.

As an admin you need to be familiar with both admin areas found within your site and will need to set-up both before your site goes live.

All we are going to address is the issue when users post in the forums and it returns the error "Invalid Session. Please resubmit the form"

Okay so how do we edit the cookie settings !

Login to your admin panel and browse to your forums configuration (yoursite.com/admin.php?op=forums) once there on the left hand side you will see the GENERAL ADMIN menu and then CONFIGURATION as a sub menu, The direct link is yoursite.com/modules/Forums/admin/admin_board.php click that to enter the forums configuration !

There are 6 main areas that you should pay attention too, these are listed below.

Value: DOMAIN NAME
-- Generally http://www.yoursite.com should be .yoursite.com Please take note of the starting . as the domain requires 2 dots. If your site is http://nuke.yoursite.com the domain would be nuke.yoursite.com
-- If you installed PHP-Nuke (aka Raven) into a subfolder within your wwwroot, then you may want to consider setting this to the full path to the PHP-Nuke root. For example, it may need to read www.yoursite.com/phpnuke
-- In general, you should never have a trailing slash (/) at the end of the Domain Name.
-- NOTE: This setting has NOTHING to do with the cookies, however, it DOES affect all of the path settings for the other forum configuration sections, since the DOMAIN NAME will be automatically prepended to the beginning of all of the paths you define.
-- Some people say that you can leave this field blank, well yes you can but it can be bad for the users browsing experience, I would suggest trying to find the correct path to your site like above first before leaving it blank as a last resort !


Value: COOKIE DOMAIN
-- Generally the cookie name can be left blank, it will not hurt anything, but that is not recommend. You should be naming it something that makes sense. I tell everyone you should name it your domain name. The reason being is that if you need to delete a cookie its much easier to find when it has a name that makes sense. So using the previous example of http://www.yoursite.com I would suggest making the cookie name yoursite
-- This is the "domain" that will be set and used for the cookies.
-- The "cookie domain" must match exactly the URL domain that the user's browser is using to access your website.
-- It is important to understand that if your webserver is configured to respond to requests at multiple URL domains (such as yoursite.com, www.yoursite.com, and also forum.yoursite.com) then each URL domain will create and look for their own separate set of cookies on the user's browser. In other words, a cookie that was set by yoursite.com will NOT work if the user returns to your site by visiting www.yoursite.com. Therefore, if you define a value for COOKIE DOMAIN, then PHPbb will ONLY set cookies for that URL domain, hence they will only work if the user's browser is visiting your site by using that exact URL. By leaving the COOKIE DOMAIN value blank, your webserver will automatically create cookies for whatever domain URL the browser used to access your site. This will not fix the issue of cookies from one URL not being usable by another URL, but it will eliminate the likelihood of a user's cookies not working properly within the session or on future visits.


Value: COOKIE NAME
-- Generally you can leave this at its default setting.
-- There should NEVER be a space, a period (.), or a slash (/) in a cookie name! Only use basic latin letters and numbers, avoid all punctuation.
-- It should NOT be left blank. PHP-Nuke creates its own set of cookies, so to avoid conflict you should define a value here.
-- The COOKIE NAME value will automatically be prepended to the name of all cookies set by PHPbb.
-- If you are running more than one forum on your webserver it would be wise to change it to keep the cookies from each forum from overwriting or interfering with one another.
-- I would recommend naming it "phpbbyoursite" (without the quotes), but you can make it anything you want as long as you use valid characters.



Value: COOKIE PATH
-- This is where most people get messed up!
-- The magic bullet is that the COOKIE PATH must fill in any gap between the end of the URL domain, and where the PHP-Nuke file "modules.php" exists! See the examples below.
-- Generally you can leave this at its default setting of a single slash (/).
-- It should NOT be left blank, and should NOT contain any spaces.
-- The last character in the COOKIE PATH should ALWAYS be a slash (/).
-- PHPbb will automatically assemble cookies in the following manner: COOKIE DOMAIN + COOKIE PATH + COOKIE NAME) It is therefore imperative that your combined settings will result in a valid constructed URL path.
-- It is important to understand that the slashes (/) are critical since this is what divides the cookie domain, path, and name values from one another. If there are no slashes, then the values will run into one another without any separation, resulting in an invalid URL.


Value: COOKIE SECURE
-- Generally you should leave this at its default value of "Disabled".
-- If you don't know what SSL is or what this means, then don't mess with it!


Value: SESSION LENGTH [ SECONDS ]
-- Generally you should leave this at its default value of "3600".
-- This is how long a session cookie will last before it auto expires on the user's browser.
-- Again, if you don't know what this means, or a specific reason of why you should change it, then don't mess with it!


Some Practical Examples
Example #1: You access PHP-Nuke (aka Raven) at http://www.yoursite.com/ --or-- http://yoursite.com --or-- http://1.2.3.4/
COOKIE DOMAIN = .yoursite.com
COOKIE NAME = phpbbyoursite
COOKIE PATH = /
COOKIE SECURE = Disabled
SESSION LENGTH = 3600

Example #2: You access PHP-Nuke (aka Raven) at http://www.yoursite.com/phpnuke/
COOKIE DOMAIN = .yoursite.com/phpnuke
COOKIE NAME = phpbbyoursite
COOKIE PATH = /phpnuke/
COOKIE SECURE = Disabled
SESSION LENGTH = 3600

Example #3: You access PHP-Nuke (aka Raven) at http://www.yoursite.com/members/phpnuke/
COOKIE DOMAIN = .yoursite.com/members/phpnuke
COOKIE NAME = phpbbyoursite
COOKIE PATH = /members/phpnuke/
COOKIE SECURE = Disabled
SESSION LENGTH = 3600


Troubleshooting method:
By default, most browsers will accept all cookies automatically. For temporary troubleshooting, in your browser's settings, modify your privacy or security settings regarding cookies, and set your browser to Prompt you before accepting for ALL cookies. This way, your browser will pop up a dialogue box which will enable you to view the cookie contents in detail. Be sure to accept them, but this way you can see what the actual cookie values are to ensure that the domain, path, and name are being defined properly. The actual value of the cookies is less important. What's important are the domain and path. After enabling prompt for cookies, clear your browsers cache and cookies, then close all browser sessions. Once that's done, open a browser and start to test your PHP-Nuke installation to ensure the cookies are being set properly.

That's it, any problems please don't hesitate to ask in the forums