Re: [WebERP-developers] Differentiating between cookie path

[Alastair K. <kn...@gm...>]

Included bellow are 2 different options.
The first is for if you wish to replace $SessionSavePath with my new 
$SessionCookiePath process (as I have now just dubbed it). The second is 
if you'd like to keep both the older $SessionSavePath and the newer 
$SessionCookiePath processes. Because $SessionCookiePath achieves the 
same end result as $SessionSavePath, I'm of the opinion that it would be 
a good idea to remove $SessionSavePath to reduce feature duplication.

If either of you have a fairly strong preference of one over the other, 
I can prepare a change.log and submit the diff through to 
sub...@we.... On the other hand, if it makes it easier for you 
to play with, I can send both of them through to sub...@we... 
and you can pick which one you want to push to the svn codebase.

Also note that you'll need to delete your current cookies for changes to 
take effect.

##### Both $SessionCookiePath and $SessionSavePath #####

Index: includes/session.inc
===================================================================
--- includes/session.inc    (revision 7325)
+++ includes/session.inc    (working copy)
@@ -25,6 +25,10 @@
      session_save_path($SessionSavePath);
  }

+if (!isset($SessionCookiePath)){
+    $SessionCookiePath=$RootPath;
+}
+
  if (!isset($SysAdminEmail)) {
      $SysAdminEmail='';
  }
@@ -35,6 +39,8 @@
      set_time_limit($MaximumExecutionTime);
      ini_set('max_execution_time',$MaximumExecutionTime);
  }
+
+session_set_cookie_params( 0, $SessionCookiePath );
  session_write_close(); //in case a previous session is not closed
  session_start();

########### Only $SessionCookiePath ###########

Index: includes/session.inc
===================================================================
--- includes/session.inc    (revision 7325)
+++ includes/session.inc    (working copy)
@@ -21,8 +21,8 @@
      $DBType=$dbType;
  }

-if (isset($SessionSavePath)){
-    session_save_path($SessionSavePath);
+if (!isset($SessionCookiePath)){
+    $SessionCookiePath=$RootPath;
  }

  if (!isset($SysAdminEmail)) {
@@ -35,6 +35,8 @@
      set_time_limit($MaximumExecutionTime);
      ini_set('max_execution_time',$MaximumExecutionTime);
  }
+
+session_set_cookie_params( 0, $SessionCookiePath );
  session_write_close(); //in case a previous session is not closed
  session_start();

My Regards,
Alastair Knowles

On 27/06/15 06:45, phil wrote:
> Hi Alistair
> If there are just a few lines to your solution which requires no 
> manual editing, then perhaps you would send me the duffs so I could 
> study. As Tim points out it is quite easy to use the config.php 
> sessionssavepath to explicitly set where the server should save the 
> session to. Some documentation as you say might be all we really need
>
> Alastair <kn...@gm...> wrote:
>
> Hi Tim,
>
> I've just looked into this a little deeper and it appears you're 
> referring to $SessionSavePath. After a while of fiddling around with 
> this variable and manually creating folders for each isolated install, 
> I was able to get this to work. Unfortunately this process isn't well 
> documented and requires manual configuration on the server for this to 
> work (not horrible, I'd prefer to keep manual config to a minimum).
>
> Perhaps, this could be simplified by setting the "Path" value in the 
> session cookies instead. This removes the need to create folders and 
> specify locations in the config file, and it can be easily automated too.
>
> On a side note, the session.inc script should probably be setting the 
> session cookie name with session_name() as PHPSESSID is very generic 
> and doesn't help with debugging at all.
>
> My Regards,
> Alastair Knowles.