On Mon, 2007-04-30 at 10:37 +0200, Olivier Berger wrote:
> Package: phpgroupware
> Version: 0.9.16.011-3
> Severity: normal
>
> Phpgroupware session cookies seem to get their domain set to the domain
> instead of the fqdn...
>
> On a server like phpgroupware.mydomain.com, the cookies domain will be
> '.mydomain.com'.
>
> I thinks this is not a generic setup which would match most installation
> where several phpgroupware servers could be installed on the same
> network and be isolated session-wide.
>
> Correct me if I'm wrong as I'm no expert in cookie specification.
phpGroupWare attempts to set the cookie to the parent of the phpgw
domain (usually .domain.tld) so sitemgr can be used for sites running on
sub (or super) doamins of the phpgw hostname. It is kinda buggy as
running phpgw on domain.com.au sets the cookie to .com.au which is a
real problem.
It is something on my "i will get to it one day list". If someone wants
to submit a patch, I would propose the following:
* setup - add cookie domain which defaults the parent of the current
phpgw domain
* the session classes use this value when setting the domain of cookies
* the patch to developed for HEAD :)
Cheers
Dave
--
Dave Hall (aka skwashd)
API Coordinator
phpGroupWare
e [EMAIL PROTECTED]
w phpgroupware.org
j [EMAIL PROTECTED]
sip [EMAIL PROTECTED]
_ ____ __ __
_ __ | |__ _ __ / ___|_ __ ___ _ _ _ _\ \ / /_ _ _ __ ___
| '_ \| '_ \| '_ \| | _| '__/ _ \| | | | '_ \ \ /\ / / _` | '__/ _ \
| |_) | | | | |_) | |_| | | | (_) | |_| | |_) \ V V / (_| | | | __/
| .__/|_| |_| .__/ \____|_| \___/ \__,_| .__/ \_/\_/ \__,_|_| \___|
|_| |_| |_|Web based collaboration platform
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
