[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] Re: [Bug #1260] New "nongnu.org" site breaks sessions
Jaime E. Villate
[Savannah-hackers] Re: [Bug #1260] New "nongnu.org" site breaks sessions and prefs
Wed, 25 Sep 2002 10:35:24 +0100
On Wed, Sep 25, 2002 at 11:19:24AM +0200, Mathieu Roy wrote:
> "Jaime E. Villate" <address@hidden> said:
> > Savannah could set cookies for both savannah.gnu.org and
> > savannah.non-gnu.org. That can be done with a few changes in the php
> > scripts.
> No, it requires several changes. Apparently, normally a server can set cookies
> only for his domain.
It's as simple as writing the following header for the HTML page:
Set-Cookie: NAME=whatever; expires=some-date; path=/; domain=non-gnu.org
They do it all the time in our school's server.
> their browser set up like this, they probably can use only website
> without dynamic content. That would mean no /. , no freshmeat, no
> linuxfr.org, no gnu-friends.org ...
Allowing cookies and accepting cookies only from the same domain are two
separate features. I know it because my school's pages did not work, even
though I accepted cookies, until I found out how to let the browser accept
cookies set by a different domain.
> Originally in SF, cookies was required to log in.
> The theme preference is set by cookies and store in the database. But
> cookies can be access while user is not logged in, while database is
> not. Also, it avoids adding one more query to the database.
We can use both, as suggested by Yann. And one more query to the database
would be simpler than lots of bug reports and support tasks complaining about
> The high priority is surely to make life easier for users, but
> removing cookies is not really making the life easier for users (how
> it would be ?) but is definitely complicating our life.
> Making the life easier for users would surely be changing many things
> in the interface (screenshots of the proprietary SF.net are
I did not propose the removal of cookies; I said that they could be used for
the log-in and then get the users prefs. from the database.