|
[dokuwiki]
||
[Date Prev]
[12-2007 Date Index]
[Date Next]
||
[Thread Prev]
[12-2007 Thread Index]
[Thread Next]
[dokuwiki] Why is the auth system cookie-based?
- From: "Gabriel Birke" <Gabriel.Birke@xxxxxxxxx>
- To: <dokuwiki@xxxxxxxxxxxxx>
- Date: Wed, 5 Dec 2007 16:01:59 +0100
Hello,
today I figured out why users are logged out when you have two wikis on the
smae server that share their session cookie: It was because the salt for
encrypting the password was different in the two wiki instances. After
copying data/meta_htcookiesalt from one instance to the other, everything
works fine now.
However, I can't figure out why the code in auth_login is implemented the
way it is implemented. As far as I understand, the cookie data (username and
password) is "cached" in the session, after the cache expires (the cache
lifetime is stored in $conf['auth_security_timeout']) the cookie data is
sent to the auth class. But why store the data in the cookie at all?
Wouldn't a session suffice? The code is very clever, I understand what it
does, but I don't understand the reason behind it. Can anyone explain?
Greetings,
Gabriel
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
|
|
