[dokuwiki] Why is the auth system cookie-based?
- From: "Gabriel Birke" <Gabriel.Birke@xxxxxxxxx>
- To: <dokuwiki@xxxxxxxxxxxxx>
- Date: Wed, 5 Dec 2007 16:01:59 +0100
Hello,
today I figured out why users are logged out when you have two wikis on the
smae server that share their session cookie: It was because the salt for
encrypting the password was different in the two wiki instances. After
copying data/meta_htcookiesalt from one instance to the other, everything
works fine now.
However, I can't figure out why the code in auth_login is implemented the
way it is implemented. As far as I understand, the cookie data (username and
password) is "cached" in the session, after the cache expires (the cache
lifetime is stored in $conf['auth_security_timeout']) the cookie data is
sent to the auth class. But why store the data in the cookie at all?
Wouldn't a session suffice? The code is very clever, I understand what it
does, but I don't understand the reason behind it. Can anyone explain?
Greetings,
Gabriel
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
- Follow-Ups:
- [dokuwiki] Re: Why is the auth system cookie-based?
- From: Kite
- [dokuwiki] Re: Why is the auth system cookie-based?
- From: Jason Keltz
Other related posts:
- » [dokuwiki] Why is the auth system cookie-based?
- » [dokuwiki] Re: Why is the auth system cookie-based?
- » [dokuwiki] Re: Why is the auth system cookie-based?
- » [dokuwiki] Re: Why is the auth system cookie-based?
- [dokuwiki] Re: Why is the auth system cookie-based?
- From: Kite
- [dokuwiki] Re: Why is the auth system cookie-based?
- From: Jason Keltz