[Phpgroupware-developers] phpgw's handling of cookies

[totschnig . michael]

Hello,

I have several installations of phpgroupware on the same machine. They
all have their own physical files, instead of using phpgw's support
for virtual domains.
In the beginning, they were served from the same host name, with
different paths, as in
www.mydomain.com/group1
www.mydomain.com/group2
This works fine, with the exeption of the case where a user is part of
two groups and wants to login to both at the same time, or when using
sitemgr, user of group1 browses the public website of group2
(i.e. becomes user anonymous of group2).

I thought that using separate domain names with full virtual hosts
would resolve the problem, so now I have
group1.www.mydomain.com
group2.www.mydomain.com
But the problem rests the same or seems even bigger.

So I tried to understand how the session cookies are handled, and
found two strange things:

1) phpgroupware always calls setcookie with a path of '/'. This seems
to explain, why my first approach does not work. Is there a reason why
the cookie is not sent with the path of the installation URL, i.e
'/group1' and '/group2'?

2) phpgroupware calls setcookie with a domain that gets constructed by
function phpgw_set_cookiedomain. This function seems to strip the
first part of the HTTP_HOST. So in my second approach, both for
installation group1.www.mydomain.com and group2.www.mydomain.com the
cookie domain is set to www.mydomain.com, and this explains why a user
cannot be logged in to both at the same time. What is the reaon for
manipulating HTTP_HOST instead of using it as the cookie domain?

Thanks in advance?

Michael