I'd like to not serve cookies to guests. How would I go about implementing it?

NOCOOKIES can be defined to stop cookies from being created, but the problem is that some cookie values are set before you know if you have a guest or a logged in user. But I think you might be able to remove cookies from the headers before they're sent, so maybe something like:


if ($vbulletin->userinfo['userid'] == 0)
{
define('NOCOOKIES', 1);
header_remove('Set-Cookie');
}



in a plugin using hook global_bootstrap_init_start global_start.

Hi kh99,

Thanks very much for that. For some reason, my vBulletin (3.8.x) doesn't seem to have the global_bootstrap_init_start hook though.

Hi kh99,

Thanks very much for that. For some reason, my vBulletin (3.8.x) doesn't seem to have the global_bootstrap_init_start hook though.

Oops - that's only in vb4 :o. Use global_start.

Kevin, when the header_remove('Set-Cookie'); is present in the plug in, a guest sees a white page with the following error:

Fatal error: Call to undefined function header_remove() in /home/xxxxxx/public_html/test/global.php(400) : eval()'d code on line 48

The define('NOCOOKIES', 1); alone doesn't prevent cookies from being sent.

I very much appreciate your help, as I have absolutely no clue how to implement this.

Kevin, when the header_remove('Set-Cookie'); is present in the plug in, a guest sees a white page with the following error:

Fatal error: Call to undefined function header_remove() in /home/hlavac/public_html/test/global.php(400) : eval()'d code on line 48

The define('NOCOOKIES', 1); alone doesn't prevent cookies from being sent.

I very much appreciate your help, as I have absolutely no clue how to implement this.

You need to be using PHP 5.3.0 to use that function.

Hi Exide,

I may be out of luck then, as I'm currently using PHP 5.2.17. But I will consider upgrading.

Thanks to both for help. If/when I upgrade, I will post how the plug-in works.

Yeah, sorry, I never thought to check that. But something else I discovered the hard way - if you never serve cookies to guests, no one can ever stay logged in. (...or more precisely, everything will work OK for logged in users with "Remember Me" checked, but no one else will be able to log in).

So that code will need to check THIS_SCRIPT or something to make sure if a user is in the process of logging in, cookies are sent.

Thanks, Kevin. Yeah, I was afraid this could cause issues with logging in :-(