[dokuwiki] Re: Why is the auth system cookie-based?

[Jason Keltz <jas@xxxxxxxxxxxx>]

On 12/05/07 10:01, Gabriel Birke wrote:
> Hello,
>
> today I figured out why users are logged out when you have two wikis on the
> smae server that share their session cookie: It was because the salt for
> encrypting the password was different in the two wiki instances. After
> copying data/meta_htcookiesalt from one instance to the other, everything
> works fine now. 
>
> However, I can't figure out why the code in auth_login is implemented the
> way it is implemented. As far as I understand, the cookie data (username and
> password) is "cached" in the session, after the cache expires (the cache
> lifetime is stored in $conf['auth_security_timeout']) the cookie data is
> sent to the auth class. But why store the data in the cookie at all?
> Wouldn't a session suffice? The code is very clever, I understand what it
> does, but I don't understand the reason behind it. Can anyone explain?
Is it really that easy for single sign on?

I was under the impression that in addition to _htcookiesalt, there 
needed to be some adjustment of the setcookie calls since they use 
DOKU_REL where init.php defines DOKU_REL using getBaseURL().  I had 
wanted to use single sign on, but didn't want to modify the DW code to 
do it.
jason.
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

• Follow-Ups:
  • [dokuwiki] AW: Re: Why is the auth system cookie-based?
    • From: Gabriel Birke
  • [dokuwiki] Single-sign on for one server WAS: Re: Why is the auth system cookie-based?
    • From: Gabriel Birke

• References:
  • [dokuwiki] Why is the auth system cookie-based?
    • From: Gabriel Birke

Other related posts:

[dokuwiki] Why is the auth system cookie-based?

[dokuwiki] Re: Why is the auth system cookie-based?

[dokuwiki] Re: Why is the auth system cookie-based?

[dokuwiki] Re: Why is the auth system cookie-based?