This getting logged out problem is very difficult to diagnose, mostly because I'm not suffering from it! Doesn't matter if I switch browser, use my phone, my Transformer Prime, once they're logged in they stay logged in.
Jon: That definitely sounds like your Chrome is buggered. If Teh / Beehive was crashing everyone's Chrome, someone else would surely have said something.
If it's any help, I'm currently on my work PC. In IE9, if I log in with "remember me" set, close the browser and re-open, I'm logged out. If I do the same in Firefox, I'm still logged in.
Previously, I cleared the cookies in Firefox, and attempted to do it in IE using the F12 menu, but it doesn't seem to be playing.
Looking at the cookies in IE using the F12 menu, I've got multiple instances of the cookie set, with a variety of expiry dates:
Tried clearing cookies using the link on the login screen - works on FF, according to Cookie Monster, but not on IE, according to the F12 menu (and using it to clear cookies doesn't seem to be working). Could be two issues - one with IE not deleting cookies when asked, the other with Beehive having written multiple login cookies at some point, then not clearing them properly (but when cleared using Cookie Monster, goes back to working fine).
I'm loathe to do a full clear-out of my IE cookies right now - sorry!
Yeah, that didn't seem to want to happen - they weren't being deleted no matter how hard I pushed the button. I've now exported all cookies to a text file, edited out the forum ones, cleared IE's cookies fully, and re-imported the text file, and everything seems to be working. Does the multiple-sets-of-cookies-causing-repeated-logging-in theory sound plausible?
The HTTP specification allows for cookies with the same name, but different paths. Unfortunately as far as I know PHP doesn't account for this, instead all it does is add all the cookies to a simple single-dimension key-value-pair array (named $_COOKIES) and makes them all available to the script regardless of whether the path matches or not.
And because it's perfectly possible for the browser to format the cookie header so as to send the valid cookie before the invalid one, when PHP processes the header, it simply overwrites any existing entry in the array resulting in the valid cookie never being available to the script.
Thanks for the explanation! (Although it's reminded me of just how much I've forgotten about this kind of thing. I'm sure I used to be able to do websites...)