tags 421580 + pending
tags 421580 + patch
thanks
Hi.
[Responding to myself (for the records) and to notify upstream (Dave)]
First, note that this issue is only met if cookies are used for storing
session, and that default setting for "Use cookies to pass
sessionid:" (Admin / Site configuration) should be "no". So that
shouldn't bother with default setup.
Anyway, I don't like the idea to mess around with session cookies of
other phpgroupware installations on the same networks, in a Debian
package, should the user activate this config.
So, FYI, I plan to change this for the Debian package so that the
cookies domain is set with the fqdn.
As sitemanager is no longer packaged in 0.9.16 for debian in epoch 1, I
think it won't cause any problems, btw.
Attached patch should get rid of that issue.
Best regards,
--
Olivier BERGER <[EMAIL PROTECTED]> (*NEW ADDRESS*)
http://www-inf.it-sudparis.eu/~olberger/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM / TELECOM & Management SudParis (http://www.it-sudparis.eu/),
Evry
--- phpgroupware-0.9.16-phpgwapi/usr/share/phpgroupware/phpgwapi/inc/class.sessions.inc.php.orig 2008-03-28 15:48:11.000000000 +0100
+++ phpgroupware-0.9.16-phpgwapi/usr/share/phpgroupware/phpgwapi/inc/class.sessions.inc.php 2008-03-28 16:06:00.000000000 +0100
@@ -425,10 +425,12 @@
{
if (!ereg('[0-9]+',$parts[1]))
{
- for($i=1;$i<count($parts);$i++)
- {
- $this->cookie_domain .= '.'.$parts[$i];
- }
+# Debian specific patch : don't set cookie domain to anything else than fqdn (see #421580)
+# for($i=1;$i<count($parts);$i++)
+# {
+# $this->cookie_domain .= '.'.$parts[$i];
+# }
+ $this->cookie_domain = $dom;
}
else
{
