[pmwiki-users] using authuser in wiki farms
Patrick R. Michaud
pmichaud at pobox.com
Thu Mar 9 14:17:12 CST 2006
On Thu, Mar 09, 2006 at 12:50:09PM -0700, H. Fox wrote:
> On 3/9/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> > One thing that might work would be to give every field a unique
> > session name -- at the top of each field's local/config.php
> > file, put a line like:
> >
> > session_name('FieldID');
> >
> > where FieldID is a unique and descriptive name (letters + numbers only)
> > for each field. This should tell PHP to keep the sessions separate for
> > each field.
>
> In your field.php you can use
>
> $CookiePrefix = substr($tmp = md5(__FILE__), 0, 5).'_';
>
> It's not "automatic", but is it reliable?
Not for this particular scenario -- PHP's sessions don't
make use of PmWiki's $CookiePrefix, they use session_name().
(PmWiki could potentially automatically change the
session name to be based on $CookiePrefix... but I fear
there are too many ways to get this wrong or get
even more unwanted surprises.)
In a more general sense, PHP requires that the session_name
contain at least one alphabetic character, which md5()
doesn't guarantee, so we would probably want to force one in
there.
Also, I think that the identifier needs to be based on
the runtime directory, not __FILE__, since some sites
use symlinks, aliases, and other tricks to make both
"index.php" and "pmwiki.php" work (as well as other
things); in such cases one field could easily end up
with different values for __FILE__ and thus
different cookies.
Pm
More information about the pmwiki-users
mailing list