[Pmwiki-users] sessionauth

Patrick R. Michaud pmichaud at pobox.com
Sat Jul 12 07:11:35 CDT 2003 

On Sat, Jul 12, 2003 at 01:43:03PM +0200, Ruediger Marwein wrote:
> 
> So I took a look at the code and implemented several changes which would be 
> nice to have. In detail:
> 
> 1. ability to set session name via variable ($SessionName)

Does this need to be done by a separate variable?  In local.php, instead 
of doing

    $SessionName = 'my_session_name';

couldn't the administrator instead just do

    session_name('my_session_name');

and get the same result?  I.e., does session_name *have* to go in upload.php?

> 2. use of a seperate hash key for the session entry to not accidently 
> overwrite something elsewhere. (['PmWiki']['authpw'])

Would it be okay to do ['PmWiki-authpw'] instead of ['PmWiki']['authpw']?
Somehow creating the separate hash key seems overkill to me.  I could even
make the 'authpw' string a configuration variable.

> 3. include posted stuff in the form as hidden fields for the case to have an 
> unexcpected end of session after writing lots of text.

I agree this could be a problem--I'll have to look at this patch a bit.
Usually hidden fields in forms have to be managed with stripslashes()
by the PHP code, in case any of the fields contain slashes or 
quotation marks.

> Another thing: 
> I see the $HTTP_*-vars everywhere... since php 4 those variables are there 
> for backward compatibility. But as PmWiki does not run with earlier versions 
> those should be replaced by the new $_GET,$_POST etc. to be up to date.

Actually, the $_GET, $_POST etc. variables weren't available until PHP 4.1.0.
Since (as far as I know) PmWiki still runs with PHP 4.0.x, I've stuck with
the $HTTP_* vars to maintain compatibility with those installations that
happen to have PHP 4.0.x (yes, I think some still exist).  At some point 
I'll switch over to the $_GET,$_POST,etc. vars, but don't see a need to 
change before I'm forced to do it, such as when PHP comes out with a new
version that no longer supports the $HTTP_* vars.

Thanks for the excellent suggestions!

Pm

More information about the pmwiki-users mailing list