Yes, there is a hash. It works like that:
In SystemGlobals.properties, you have a property named
user.hash.sequence, that is used to scramble user's cookie when he choose to automatically log in.
JForum has 3 cookies for this situation:
jforumUserId - stores the user id
jforumAutoLogin - auto login or not
jforumUserHash - the trick: a md5 hash, calculated upon "user.hash.sequence" and the user's id.
When the user comes back, JForum gets your private hash (user.hash.sequence), the user id from the cookie, calculates the hash and matches it against the value of "jforumUserHash" cookie. If it get a match, the user is "logged in"
So, in order to happen this issue you related,
you should be using a relatively old JForum release, or having the same user.sequence.hash in both installations.
Rafael
[originally posted on jforum.net by Rafael Steil]