1.9.9 to 2.0 patches logs and bugs report

[axew3]

It seem to me (but not sure) and i'm sorry to not have remember this before 1.9.9 release, that the remember me login if done into phpBB side, is inconsistent and when session on wp side expire, then the user logout in some circumstances.
I will check and fix this aspect as soon releasing patch if necessary.

Please report any bug you may found, here or at wp.org plugin forum.

[axew3]

I'm sorry, think the bug come out - Despite the remember me option selected into wordpress, when wp cookie released, it is released to expire within few hours.
I will check well the bug, because even if it was, the code should have re-login due to phpBB remember me cookie (as 1.9.8 code):
in the while it should be temporary resolved just hooking into wp filter auth_cookie_expiration

PLEASE download wp_w3all.php file here:
https://plugins.trac.wordpress.org/expo ... _w3all.php

AND REPLACE into folder

/wp-content/plugins/wp-w3all-phpbb-integration/

I'm not totally sure this will resolve the issue, so i'm sorry to inform you that may another fix will be released in short time to definitively fix

[axew3]

Tested and fixed all over three different hooks and functions.
All the session db/cookie logic have been rewrite to fix some aspect, so after some little test more, a new important patch will be released to fix definitively this aspect.

[axew3]

at date of this post:
Patch wp_w3all.php and class.wp.w3all-phpbb.php
for correct remember me sessions setup

Please download and replace both patched wp_w3all.php and class.wp.w3all-phpbb.php files:

wp_w3all.php:
https://plugins.trac.wordpress.org/expo ... _w3all.php

class.wp.w3all-phpbb.php
https://plugins.trac.wordpress.org/expo ... -phpbb.php

and substitute/replace both files into folder:
/wp-content/plugins/wp-w3all-phpbb-integration/

[axew3]

At date of this post:

i've been around to check some time now, and after fixed several old sessions problems,
the new code do the follow:

fix an old bug, that was setting the expiration time of phpBB cookie wrong in some circumstances
correctly remove sessions on logout
avoid duplicated sessions setup onlogin
increase security checking for session_k and sid at same time for remember me logins

Actually, if login done in wordpress side, the wordpress cookie will be released as long time cookie, valid for one year.
If login done into phpBB, then the cookie will be released by phpBB (and will not be overwrite by plugin code) with value you have setup into
ACP -> Security settings -> "Remember Me" login key expiration length (in days):

finally all should work fine

To apply all the above,
download and replace both patched wp_w3all.php and class.wp.w3all-phpbb.php files:

wp_w3all.php:
https://plugins.trac.wordpress.org/expo ... _w3all.php

class.wp.w3all-phpbb.php
https://plugins.trac.wordpress.org/expo ... -phpbb.php

and substitute/replace both files into folder:
/wp-content/plugins/wp-w3all-phpbb-integration/

[axew3]

In the hope that all has been fixed, after some little test more may the new 2.0.0 version will be released.

My hope was to increase security by adding a double check into main query, but it after, depending on phpBB ACP session settings, may result inconsistent.

So, at date of this post, 1.9.9 has been patched again and you should download now both wp_w3all.php and class.wp.w3all-phpbb.php files
to resolve the remember me issue (and also for the not remember me login)

wp_w3all.php:
https://plugins.trac.wordpress.org/expo ... _w3all.php

class.wp.w3all-phpbb.php
https://plugins.trac.wordpress.org/expo ... -phpbb.php

and substitute/replace both files into folder:
/wp-content/plugins/wp-w3all-phpbb-integration/

sorry guys, it has been an hard work to understand why the code was failing, and rebuild sessions logic, i just hope that all has been considered this time and will be no further more surprise (logged out next time i will return back online later!)