[CreedFeed]

Quote:

=============================================
Limitations:
=============================================
- The "Remember username/password?" options only remember sessions for forum. You dont have to login to forum again, when you go to album from forum, you dont have to login again, but if you go directly to your album, you still have to login. Cookie problem!

Ok I believe I have discovered why this limitation is occuring. Assuming you have installed the hack to integrate the 4images gallery and it works fine except for this limitation, here is the problem:

When you visit the 4images gallery the first thing that happens is the sessions.php script is run. First it looks to see if an existing session is found. If no session is found, it returns false. The exact function calls are as follows:

Code:

$site_sess = new Session();

The session is initiated

Code:

$this->demand_session();

The session tried to grab existing session info

Code:

$this->get_session_id();

In demand_session() the above code is first run. The class searches for a cookie "sessionhash" which won't be found the first time you visit the gallery, so this function fails.

Code:

if (!$this->load_session_info()) {

Next, the code loads all session info, based upon the value set in $this->get_session_id ... since that function failed the rest of the session script fails. No session is found.

=======================================

The basic problem:

First the function "get_session_id()" is called. Currently the function first checks for an existing cookie "sessionhash." Again, when you visit the gallery the very first time, no existing session will be there (sessions are deleted when you close your browser). Next the function checks to see if "sessionhash" exists in the query string (HTTP_GET_VARS) or from a submitted form (HTTP_POST_VARS). Again, on your very first visit to the gallery, neither of these will exist. Finally the function returns "false" which in essence says there is no session so the user is not logged in.

The basic fix:

We need to edit "get_session_id()" to include some code that will, after not finding an existing session, check to see if the user has cookies on their computer that identify them as a valid forum user. If the user's cookies (userid and password) match the info in the vbulletin user database table, then the user should be automatically logged in - we need to create the seession for them here.

=======================================

I am not super familiar with vB session code. I would have to sit down and spend some time to determine how the vB sessions are handled. If anyone is more familiar with this you can expand on the following basic pseudocode and make this fix so the discussed limitation is fixed. THE FOLLOWING IS NOT A FIX, BUT IS PSEUDOCODE FOR WHAT SHOULD HAPPEN.

Code:

// in the Session class, get_session_id() function
// after the check for a cookie, HTTP_POST_VARS
// or HTTP_GET_VARS named "sessionhash" fails...

if (COOKIE[userid] AND COOKIE[password]) {
  { select the password from vb user table for COOKIE[userid] }
  if (password == COOKIE[password]) {
    { user is valid, create new sessionhash now }
  }
}

That is just the basic idea. If someone can code this up and make it work, that would be great! I'll try to figure out the coding for this myself, but it may take awhile.