[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [bug #22763] strange domain set for session cooki
From: |
Olivier Berger |
Subject: |
[Phpgroupware-tracker] [bug #22763] strange domain set for session cookies |
Date: |
Fri, 28 Mar 2008 16:01:30 +0000 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.12) Gecko/20080129 Iceweasel/2.0.0.12 (Debian-2.0.0.12-1) |
URL:
<http://savannah.gnu.org/bugs/?22763>
Summary: strange domain set for session cookies
Project: phpGroupWare
Submitted by: olberger
Submitted on: vendredi 28.03.2008 à 17:01
Item Group: 0.9.16.012
Category: API - phpGWapi
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Component Version: DEB
Operating System: GNU/Linux - Debian
Reproducibility: Every Time
Planned Release: None
Fixed Release:
_______________________________________________________
Details:
FYI, this is a forward of bug #421580 tracked in Debian BTS, with Dave's
answer, about not using fqdn but parent domain in session cookies, which is a
bug in the most generic case.
If the only justification is sitemanager, better fix sitemanager, then ;)
----- Forwarded message from Dave Hall <address@hidden> -----
>
> On Mon, 2007-04-30 at 10:37 +0200, Olivier Berger wrote:
> > Package: phpgroupware
> > Version: 0.9.16.011-3
> > Severity: normal
> >
> > Phpgroupware session cookies seem to get their domain set to the domain
> > instead of the fqdn...
> >
> > On a server like phpgroupware.mydomain.com, the cookies domain will be
> > '.mydomain.com'.
> >
> > I thinks this is not a generic setup which would match most installation
> > where several phpgroupware servers could be installed on the same
> > network and be isolated session-wide.
> >
> > Correct me if I'm wrong as I'm no expert in cookie specification.
>
> phpGroupWare attempts to set the cookie to the parent of the phpgw
> domain (usually .domain.tld) so sitemgr can be used for sites running on
> sub (or super) doamins of the phpgw hostname. It is kinda buggy as
> running phpgw on domain.com.au sets the cookie to .com.au which is a
> real problem.
>
> It is something on my "i will get to it one day list". If someone wants
> to submit a patch, I would propose the following:
>
> * setup - add cookie domain which defaults the parent of the current
> phpgw domain
>
> * the session classes use this value when setting the domain of cookies
>
> * the patch to developed for HEAD :)
>
> Cheers
>
> Dave
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?22763>
_______________________________________________
Message posté via/par Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-tracker] [bug #22763] strange domain set for session cookies,
Olivier Berger <=