superMicro CMS sets 3 cookies, all set or deleted in /admin/top.php.
(1) test_cookie with the value of installed_sec (secure) or installed_ins (insecure).
(2) loggedin_rwxyz with the value of the unique site ID rwxyz.
(3) adminlink_rwxyz with the value of the unique site ID rwxyz.
Usually the cookies are secure. rwxyz is an example of the unique site ID (created per site) for additional security and to distinguish one site from another if more than one site is installed on the same domain.
The test cookie tests whether cookies are enabled and working. It is set each time an admin page is viewed and lasts for an hour.
The login cookie is set only if the test cookie exists and login is valid. It is not required to log in to admin. It lets a logged-in user stay logged in to view a succession of admin pages without having to continually log in for each page or each time something is updated. Sessions are not used, therefore without a login cookie the system will not work.
The adminlink cookie is set when a user logs in to admin. It results in an 'Edit' link on the public navigation bar but only for a logged-in user. The link is never visible to anyone else and lasts for an hour.
Regardless of the set duration of the three cookies, the login and adminlink cookies are deleted on logout. Only the test cookie then exists, and only for one hour maximum. They are all set in admin, therefore no cookies are sent to normal visitors and nothing is stored for subsequent visits. That is why there is no "approve" or "reject" cookies routine.
- 1. PREPARATORY
- Get the variables required for login.
- Set and test existence of test cookie.
- 2. IF LOGIN FORM NOT SUBMITTED, NORMAL RUNNING
- Check login status.
- Set login to true or false as appropriate.
- 3. IF LOGIN FORM SUBMITTED
- Check test cookie then set login cookie to avoid repeated logins
- Set adminlink cookie.
- 4. IF LOGOUT SUBMITTED
- Set login to false.
- Delete login and adminlink cookies.
- 5. TESTS
- // Uncomment for tests output (after all cookies set or deleted).