phpgroupware-developers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-developers] Re: phpgw's handling of cookies

From: Patrick Walsh (mr_e)
Subject: Re: [Phpgroupware-developers] Re: phpgw's handling of cookies
Date: Sun, 08 Dec 2002 11:32:26 -0800
User-agent: Microsoft-Entourage/10.1.1.2418 
> This means that this was introduced for sitemgr, if I understand
> right. Wouldn't it be possible to proceed differently so that when a
> user goes from phpgroupware to sitemgr we set the same cookie a second
> time, with the path set for the sitemgr installation, and if we want
> to go from sitemgr to phpgroupware we do the same thing? There might
> me two other advantages to this approach:
> - You could even configure the sitemgr-site with a virtual host that
> is in another domain than sitemgr.
> - You could enforce that all switches between phpgroupware to sitemgr-site
> are either by design (and than we share the same session) or
> accidental (and than we create different sessions). What I mean is
> that you might want to browse the public site as an anonymous user,
> and in the same time be logged in as a user. And you might prefer to
> prevent completely that anonymous visitors to the public website log
> into phpgroupware.

    This does make a certain amount of sense.  It means that two session
cookies would be set everytime there is a new session.  It also means
fundamental changes to the sessions class in the API specifically for one
app.  I'll defer to the phpgw leaders who work actively on the API.

>>     Suppose each site on your machine could have a unique identifier.
>> Suppose all of the cookies specific to a given install were named
>> name-identifier, such as session-0, session-1, etc.  You would still share
>> the PHP4 session, but the phpgw session info, credentials, etc., would be
>> separated.  Does that sound like it could work?
> 
> This makes sense to me. Would it mean that in header.inc.php we add a
> field domain_identifier to $GLOBALS['phpgw_domain']['default'] and use
> this in the session classes when constructing the cookies?

    Yes, something like that is exactly what I mean.  The info is probably
better kept in the db instead of header.inc.php so that it can be changed
from the setup screens.  Otherwise, this is what I was suggesting.

    Again, those that are playing with the API: ralfbecker, seek3r, ceb, and
I'm not sure who else right now, should have some input on this.

..Patrick
reply via email to
[Prev in Thread] Current Thread [Next in Thread]