phpgroupware-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [Bug #1785] Wrong path specification in cookies

From: nobody
Subject: [Phpgroupware-tracker] [Bug #1785] Wrong path specification in cookies
Date: Thu, 20 Mar 2003 20:34:07 -0500 
=================== BUG #1785: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1785&group_id=509

Changes by: Dave Hall <address@hidden>
Date: Fri 03/21/03 at 12:34 (Australia/Melbourne)

            What     | Removed                   | Added
---------------------------------------------------------------------------
          Resolution | None                      | Wont Fix
              Status | Open                      | Closed


------------------ Additional Follow-up Comments ----------------------------
After further discussion, this is not possible to change as it has too many 
negative impacts on phpgroupware.  Also the information was not provided 
regarding which cookies are set by mailman.



=================== BUG #1785: FULL BUG SNAPSHOT ===================


Submitted by: None                    Project: phpGroupWare                 
Submitted on: Sat 11/23/02 at 12:25
Category:  API - phpGWapi             Bug Group:  0.9.14 release            
Severity:  5 - Major                  Priority:  High                       
Resolution:  Wont Fix                 Assigned to:  skeeter                 
Status:  Closed                       Component Version:  CVS               
Platform Version:  BSD                Reproducibility:  Every Time          

Summary:  Wrong path specification in cookies

Original Submission:  phpgw sets cookies after user login. But all cookies are 
set to path '/' which may differ from actual installation.

This path is hardcoded in phpgwapi/inc/class.sessions_*.inc.php in function 
phpgw_setcookie(). The correct behaviour should be extracting path from 
$GLOBALS['phpgw_info']['server']['webserver_url'].

In my particular case phpgw installation interfered with mailman installation 
on the same server. Mailman does not allow setting of cookie `domain', but as 
phpgw set it with path '/', mailman received it and signalled an error.

Follow-up Comments
*******************

-------------------------------------------------------
Date: Fri 03/21/03 at 12:34         By: skwashd
After further discussion, this is not possible to change as it has too many 
negative impacts on phpgroupware.  Also the information was not provided 
regarding which cookies are set by mailman.

-------------------------------------------------------
Date: Sun 11/24/02 at 12:53         By: skwashd
I did some more thinking about this one.  It was changed to accomodate the 
sitemgr app.  I have reassigned it to someone who better understands the change 
and reason for it.

Cheers

-------------------------------------------------------
Date: Sun 11/24/02 at 09:39         By: sev_
It was submitted by me

-------------------------------------------------------
Date: Sun 11/24/02 at 09:33         By: None
Exactly, earlier it was OK with cookies. They were defined for 
"host.domain.com" path "/phpgw", but now it is ".domain.com" path "/"

* I didn't investigate which cooikes assigned by mailman, but in my particular 
case problem was with cookie named "domain". It just complained that this is 
not acceptable. If phpgw cookie path was set correct (i.e. "/phpgw"), then it 
wouldn't interact with directory "/mailman".

* It is just historical, because earlier there were problems with idsociety 
theme and use of cookies was forced.

* It's latest: $Id: class.sessions_db.inc.php,v 1.2.2.9 2002/10/14 13:30:27
  $Id: class.sessions_php4.inc.php,v 1.6.2.8 2002/10/14,
so these files weren't touched for a month.

I saw the logic, path '/' is hardcoded in function phpgw_setcookie() which is 
used from create() in both files.

-------------------------------------------------------
Date: Sat 11/23/02 at 21:09         By: skwashd
Work was done sometime ago on refining phpgw's implementation of cookies.  The 
cookies set by phpgw are now domain cookies.  Can you please answer the 
following questions to assist us in further refinement:

* what cookies are set/read by mailman?

* is there a compelling reason why you need to use cookies for passing phpgw 
session data?

* when did you last run a cvs update?

Cheers


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1785&group_id=509
reply via email to
[Prev in Thread] Current Thread [Next in Thread]