[pmwiki-users] using authuser in wiki farms

H. Fox haganfox at users.sourceforge.net
Thu Mar 9 14:43:26 CST 2006


On 3/9/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Thu, Mar 09, 2006 at 12:50:09PM -0700, H. Fox wrote:
> > On 3/9/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> > > One thing that might work would be to give every field a unique
> > > session name -- at the top of each field's local/config.php
> > > file, put a line like:
> > >
> > >     session_name('FieldID');
> > >
> > > where FieldID is a unique and descriptive name (letters + numbers only)
> > > for each field.  This should tell PHP to keep the sessions separate for
> > > each field.
> >
> > In your field.php you can use
> >
> >    $CookiePrefix = substr($tmp = md5(__FILE__), 0, 5).'_';
> >
> > It's not "automatic", but is it reliable?
>
> Not for this particular scenario -- PHP's sessions don't
> make use of PmWiki's $CookiePrefix, they use session_name().
> (PmWiki could potentially automatically change the
> session name to be based on $CookiePrefix... but I fear
> there are too many ways to get this wrong or get
> even more unwanted surprises.)
>
> In a more general sense, PHP requires that the session_name
> contain at least one alphabetic character, which md5()
> doesn't guarantee, so we would probably want to force one in
> there.
>
> Also, I think that the identifier needs to be based on
> the runtime directory, not __FILE__, since some sites
> use symlinks, aliases, and other tricks to make both
> "index.php" and "pmwiki.php" work (as well as other
> things); in such cases one field could easily end up
> with different values for __FILE__ and thus
> different cookies.

__FILE__ is the field's local/config.php, not pmwiki.php, etc. so I
don't think there's much risk of that (unless I'm missing something).

Hagan




More information about the pmwiki-users mailing list