phpgroupware-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [Bug #1785] Wrong path specification in cookies


From: nobody
Subject: [Phpgroupware-tracker] [Bug #1785] Wrong path specification in cookies
Date: Sat, 23 Nov 2002 20:53:51 -0500

=================== BUG #1785: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1785&group_id=509

Changes by: Dave Hall <address@hidden>
Date: 2002-Nov-24 12:53 (Australia/Melbourne)

            What     | Removed                   | Added
---------------------------------------------------------------------------
         Assigned to | skwashd                   | skeeter


------------------ Additional Follow-up Comments ----------------------------
I did some more thinking about this one.  It was changed to accomodate the 
sitemgr app.  I have reassigned it to someone who better understands the change 
and reason for it.

Cheers



=================== BUG #1785: FULL BUG SNAPSHOT ===================


Submitted by: None                      Project: phpGroupWare                   
Submitted on: 2002-Nov-23 12:25
Category:  API - phpGWapi               Bug Group:  0.9.14 release              
Severity:  5 - Major                    Priority:  High                         
Resolution:  None                       Assigned to:  skeeter                   
Status:  Open                           Component Version:  CVS                 
Platform Version:  BSD                  Reproducibility:  Every Time            

Summary:  Wrong path specification in cookies

Original Submission:  phpgw sets cookies after user login. But all cookies are 
set to path '/' which may differ from actual installation.

This path is hardcoded in phpgwapi/inc/class.sessions_*.inc.php in function 
phpgw_setcookie(). The correct behaviour should be extracting path from 
$GLOBALS['phpgw_info']['server']['webserver_url'].

In my particular case phpgw installation interfered with mailman installation 
on the same server. Mailman does not allow setting of cookie `domain', but as 
phpgw set it with path '/', mailman received it and signalled an error.

Follow-up Comments
*******************

-------------------------------------------------------
Date: 2002-Nov-24 12:53             By: skwashd
I did some more thinking about this one.  It was changed to accomodate the 
sitemgr app.  I have reassigned it to someone who better understands the change 
and reason for it.

Cheers

-------------------------------------------------------
Date: 2002-Nov-24 09:39             By: sev_
It was submitted by me

-------------------------------------------------------
Date: 2002-Nov-24 09:33             By: None
Exactly, earlier it was OK with cookies. They were defined for 
"host.domain.com" path "/phpgw", but now it is ".domain.com" path "/"

* I didn't investigate which cooikes assigned by mailman, but in my particular 
case problem was with cookie named "domain". It just complained that this is 
not acceptable. If phpgw cookie path was set correct (i.e. "/phpgw"), then it 
wouldn't interact with directory "/mailman".

* It is just historical, because earlier there were problems with idsociety 
theme and use of cookies was forced.

* It's latest: $Id: class.sessions_db.inc.php,v 1.2.2.9 2002/10/14 13:30:27
  $Id: class.sessions_php4.inc.php,v 1.6.2.8 2002/10/14,
so these files weren't touched for a month.

I saw the logic, path '/' is hardcoded in function phpgw_setcookie() which is 
used from create() in both files.

-------------------------------------------------------
Date: 2002-Nov-23 21:09             By: skwashd
Work was done sometime ago on refining phpgw's implementation of cookies.  The 
cookies set by phpgw are now domain cookies.  Can you please answer the 
following questions to assist us in further refinement:

* what cookies are set/read by mailman?

* is there a compelling reason why you need to use cookies for passing phpgw 
session data?

* when did you last run a cvs update?

Cheers


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1785&group_id=509




reply via email to

[Prev in Thread] Current Thread [Next in Thread]