[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [Bug #1785] Wrong path specification in cookies
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [Bug #1785] Wrong path specification in cookies |
Date: |
Sat, 23 Nov 2002 17:33:43 -0500 |
=================== BUG #1785: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1785&group_id=509
Changes by: Anonymous user Date: 2002-Nov-23 17:33
------------------ Additional Follow-up Comments ----------------------------
Exactly, earlier it was OK with cookies. They were defined for
"host.domain.com" path "/phpgw", but now it is ".domain.com" path "/"
* I didn't investigate which cooikes assigned by mailman, but in my particular
case problem was with cookie named "domain". It just complained that this is
not acceptable. If phpgw cookie path was set correct (i.e. "/phpgw"), then it
wouldn't interact with directory "/mailman".
* It is just historical, because earlier there were problems with idsociety
theme and use of cookies was forced.
* It's latest: $Id: class.sessions_db.inc.php,v 1.2.2.9 2002/10/14 13:30:27
$Id: class.sessions_php4.inc.php,v 1.6.2.8 2002/10/14,
so these files weren't touched for a month.
I saw the logic, path '/' is hardcoded in function phpgw_setcookie() which is
used from create() in both files.
=================== BUG #1785: FULL BUG SNAPSHOT ===================
Submitted by: None Project: phpGroupWare
Submitted on: 2002-Nov-22 20:25
Category: API - phpGWapi Bug Group: 0.9.14 release
Severity: 5 - Major Priority: High
Resolution: None Assigned to: skwashd
Status: Open Component Version: CVS
Platform Version: BSD Reproducibility: Every Time
Summary: Wrong path specification in cookies
Original Submission: phpgw sets cookies after user login. But all cookies are
set to path '/' which may differ from actual installation.
This path is hardcoded in phpgwapi/inc/class.sessions_*.inc.php in function
phpgw_setcookie(). The correct behaviour should be extracting path from
$GLOBALS['phpgw_info']['server']['webserver_url'].
In my particular case phpgw installation interfered with mailman installation
on the same server. Mailman does not allow setting of cookie `domain', but as
phpgw set it with path '/', mailman received it and signalled an error.
Follow-up Comments
*******************
-------------------------------------------------------
Date: 2002-Nov-23 17:33 By: None
Exactly, earlier it was OK with cookies. They were defined for
"host.domain.com" path "/phpgw", but now it is ".domain.com" path "/"
* I didn't investigate which cooikes assigned by mailman, but in my particular
case problem was with cookie named "domain". It just complained that this is
not acceptable. If phpgw cookie path was set correct (i.e. "/phpgw"), then it
wouldn't interact with directory "/mailman".
* It is just historical, because earlier there were problems with idsociety
theme and use of cookies was forced.
* It's latest: $Id: class.sessions_db.inc.php,v 1.2.2.9 2002/10/14 13:30:27
$Id: class.sessions_php4.inc.php,v 1.6.2.8 2002/10/14,
so these files weren't touched for a month.
I saw the logic, path '/' is hardcoded in function phpgw_setcookie() which is
used from create() in both files.
-------------------------------------------------------
Date: 2002-Nov-23 05:09 By: skwashd
Work was done sometime ago on refining phpgw's implementation of cookies. The
cookies set by phpgw are now domain cookies. Can you please answer the
following questions to assist us in further refinement:
* what cookies are set/read by mailman?
* is there a compelling reason why you need to use cookies for passing phpgw
session data?
* when did you last run a cvs update?
Cheers
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1785&group_id=509