[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-developers] Re: phpgw's handling of cookies
From: |
Patrick Walsh (mr_e) |
Subject: |
Re: [Phpgroupware-developers] Re: phpgw's handling of cookies |
Date: |
Sun, 08 Dec 2002 11:32:26 -0800 |
User-agent: |
Microsoft-Entourage/10.1.1.2418 |
> This means that this was introduced for sitemgr, if I understand
> right. Wouldn't it be possible to proceed differently so that when a
> user goes from phpgroupware to sitemgr we set the same cookie a second
> time, with the path set for the sitemgr installation, and if we want
> to go from sitemgr to phpgroupware we do the same thing? There might
> me two other advantages to this approach:
> - You could even configure the sitemgr-site with a virtual host that
> is in another domain than sitemgr.
> - You could enforce that all switches between phpgroupware to sitemgr-site
> are either by design (and than we share the same session) or
> accidental (and than we create different sessions). What I mean is
> that you might want to browse the public site as an anonymous user,
> and in the same time be logged in as a user. And you might prefer to
> prevent completely that anonymous visitors to the public website log
> into phpgroupware.
This does make a certain amount of sense. It means that two session
cookies would be set everytime there is a new session. It also means
fundamental changes to the sessions class in the API specifically for one
app. I'll defer to the phpgw leaders who work actively on the API.
>> Suppose each site on your machine could have a unique identifier.
>> Suppose all of the cookies specific to a given install were named
>> name-identifier, such as session-0, session-1, etc. You would still share
>> the PHP4 session, but the phpgw session info, credentials, etc., would be
>> separated. Does that sound like it could work?
>
> This makes sense to me. Would it mean that in header.inc.php we add a
> field domain_identifier to $GLOBALS['phpgw_domain']['default'] and use
> this in the session classes when constructing the cookies?
Yes, something like that is exactly what I mean. The info is probably
better kept in the db instead of header.inc.php so that it can be changed
from the setup screens. Otherwise, this is what I was suggesting.
Again, those that are playing with the API: ralfbecker, seek3r, ceb, and
I'm not sure who else right now, should have some input on this.
..Patrick