[dokuwiki] Why is the auth system cookie-based?

• From: "Gabriel Birke" <Gabriel.Birke@xxxxxxxxx>
• To: <dokuwiki@xxxxxxxxxxxxx>
• Date: Wed, 5 Dec 2007 16:01:59 +0100

Hello,

today I figured out why users are logged out when you have two wikis on the
smae server that share their session cookie: It was because the salt for
encrypting the password was different in the two wiki instances. After
copying data/meta_htcookiesalt from one instance to the other, everything
works fine now. 

However, I can't figure out why the code in auth_login is implemented the
way it is implemented. As far as I understand, the cookie data (username and
password) is "cached" in the session, after the cache expires (the cache
lifetime is stored in $conf['auth_security_timeout']) the cookie data is
sent to the auth class. But why store the data in the cookie at all?
Wouldn't a session suffice? The code is very clever, I understand what it
does, but I don't understand the reason behind it. Can anyone explain?

Greetings,

Gabriel

-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

• Follow-Ups:
  • [dokuwiki] Re: Why is the auth system cookie-based?
    • From: Kite
  • [dokuwiki] Re: Why is the auth system cookie-based?
    • From: Jason Keltz

Other related posts:

• » [dokuwiki] Why is the auth system cookie-based?
• » [dokuwiki] Re: Why is the auth system cookie-based?
• » [dokuwiki] Re: Why is the auth system cookie-based?
• » [dokuwiki] Re: Why is the auth system cookie-based?

1. Home
2. dokuwiki
3. Archive
4. 12-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---