[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-developers] phpgw's handling of cookies
From: |
Patrick Walsh (mr_e) |
Subject: |
Re: [Phpgroupware-developers] phpgw's handling of cookies |
Date: |
Fri, 06 Dec 2002 12:52:35 -0800 |
User-agent: |
Microsoft-Entourage/10.1.1.2418 |
> 1) phpgroupware always calls setcookie with a path of '/'. This seems
> to explain, why my first approach does not work. Is there a reason why
> the cookie is not sent with the path of the installation URL, i.e
> '/group1' and '/group2'?
I can answer this question as it relates to sitemgr. If phpgroupware
were located in a /group1 subdirectory, but sitemgr were located in the root
directory or in a /group1web subdirectory or something, then the cookies
wouldn't persist between the two directories. To resolve this, the cookie
is put at the root of the directory tree so that a person can switch from
sitemgr's site to phpgroupware without losing their session information.
> 2) phpgroupware calls setcookie with a domain that gets constructed by
> function phpgw_set_cookiedomain. This function seems to strip the
> first part of the HTTP_HOST. So in my second approach, both for
> installation group1.www.mydomain.com and group2.www.mydomain.com the
> cookie domain is set to www.mydomain.com, and this explains why a user
> cannot be logged in to both at the same time. What is the reaon for
> manipulating HTTP_HOST instead of using it as the cookie domain?
Indeed the cookies are set for the whole domain instead of the specific
host. I can't remember what the reason is for this, but I know it was to
fix a bug. I think it had something to do with using PHP4 sessions where
the PHP4 cookies were being set differently or something. Skeeter probably
would remember the issue better than I do. This was definitely a solution
to a series of cookie-related bugs though.
So the question becomes how to accommodate a setup like yours, where
people concurrently use different phpgw installs on the same server, but
with separate credentials and sessions.
Suppose each site on your machine could have a unique identifier.
Suppose all of the cookies specific to a given install were named
name-identifier, such as session-0, session-1, etc. You would still share
the PHP4 session, but the phpgw session info, credentials, etc., would be
separated. Does that sound like it could work?
..Patrick
- [Phpgroupware-developers] phpgw's handling of cookies, totschnig . michael, 2002/12/06
- Re: [Phpgroupware-developers] phpgw's handling of cookies,
Patrick Walsh (mr_e) <=
- [Phpgroupware-developers] Re: phpgw's handling of cookies, totschnig . michael, 2002/12/07
- Re: [Phpgroupware-developers] Re: phpgw's handling of cookies, Patrick Walsh (mr_e), 2002/12/08
- [Phpgroupware-developers] Re: phpgw's handling of cookies, totschnig . michael, 2002/12/08
- Re: [Phpgroupware-developers] Re: phpgw's handling of cookies, Patrick Walsh (mr_e), 2002/12/08
- [Phpgroupware-developers] Re: phpgw's handling of cookies, totschnig . michael, 2002/12/08
- [Phpgroupware-developers] Re: phpgw's handling of cookies, totschnig . michael, 2002/12/09