As you might guess from looking at our forums (http://www.overgrow.com/edge/index.php), we have some security-minded users. Quite a few will never accept cookies and never register-- our guest vs. member ratio online is usually 3:1.

Some users will register but still not accept cookies, even though we have online tutorials on how to destroy them after every session. As they are, vB and the PM hack both really want the user to have cookies enabled. We're now suggesting for those registered users who have a fear of cookies to only allow "Temporary" or "Session" Cookies. These are never written to the hard drive and are erased from memory when you close the browser.

vB required one small edit to global.php to allow the users to have session instead of permanent cookies. Of course the permanent ones still work.


in global.php find:



setcookie("bbuserid",$userinfo[userid],mktime(0,0,0,0,0,2020),$cookiepath);
setcookie("bbpassword",substr(md5($userinfo[password]),0,strlen($userinfo[password])),mktime(0,0,0,0,0,2020),$cookiepath);


and change that to:


setcookie("bbuserid",$userinfo[userid],0,$cookiepath);
setcookie("bbpassword",substr(md5($userinfo[password]),0,strlen($userinfo[password])),0,$cookiepath);

setcookie("bbuserid",$userinfo[userid],mktime(0,0,0,0,0,2020),$cookiepath);
setcookie("bbpassword",substr(md5($userinfo[password]),0,strlen($userinfo[password])),mktime(0,0,0,0,0,2020),$cookiepath);


It will first write a temporary cookie and then if allowed, overwrite it with a permanent one. This allows temp-cookie browsers to use Private Messaging and even stay logged in while they surf during that session.


[Edited by Overgrow on 09-28-2000 at 11:50 AM]