[pmwiki-users] using authuser in wiki farms

Patrick R. Michaud pmichaud at pobox.com
Thu Mar 9 14:17:12 CST 2006


On Thu, Mar 09, 2006 at 12:50:09PM -0700, H. Fox wrote:
> On 3/9/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> > One thing that might work would be to give every field a unique
> > session name -- at the top of each field's local/config.php
> > file, put a line like:
> >
> >     session_name('FieldID');
> >
> > where FieldID is a unique and descriptive name (letters + numbers only)
> > for each field.  This should tell PHP to keep the sessions separate for
> > each field.
> 
> In your field.php you can use
> 
>    $CookiePrefix = substr($tmp = md5(__FILE__), 0, 5).'_';
> 
> It's not "automatic", but is it reliable?

Not for this particular scenario -- PHP's sessions don't
make use of PmWiki's $CookiePrefix, they use session_name().
(PmWiki could potentially automatically change the
session name to be based on $CookiePrefix... but I fear
there are too many ways to get this wrong or get
even more unwanted surprises.)

In a more general sense, PHP requires that the session_name
contain at least one alphabetic character, which md5()
doesn't guarantee, so we would probably want to force one in
there.

Also, I think that the identifier needs to be based on
the runtime directory, not __FILE__, since some sites
use symlinks, aliases, and other tricks to make both
"index.php" and "pmwiki.php" work (as well as other
things); in such cases one field could easily end up 
with different values for __FILE__ and thus
different cookies.

Pm




More information about the pmwiki-users mailing list