#379 configurable session name

[Scott]

You have hard-coded the session name MRBS_SESSID into init.inc. This conflicts with my custom session handler that needs to set a different session name before MRBS is initialized. A simple fix is to put the session name into the config.inc so it can be configured.

[Campbell Morrison]

Would a better fix to be to check the result of session_id() at the beginning of session_init() and only do something if it's equal to the empty string?

[Anonymous]

In an older version, I had multiple sites setup and the cookie wasn't set strictly enough. Logging into one was good enough to already be logged into another, even if the login requirements were different. I solved this by having each install have a unique session name. It appears the current version sets the cookie to be specific to server and directory, so having the same session name shouldn't hurt anything. But being able to change it is only like three lines of code. Considering all of the new features in these more recent releases, seems like an easy change.

[Steve Cleveland]

Oops, I accidentally posted without logging in. I'll rewrite, though more brief.

In old versions, if you logged into an MRBS install, then went to another MRBS install on the same server, it would keep you logged in, even if the login requirements were different. The cookie setting wasn't strict enough. I solved this by having a unique session name for each install.

The current version appears to set the cookie correctly, so shouldn't be a problem. But making the session name customizable is only a few lines of code. Considering all of the new options that have been added, this seems like a pretty simple one to implement.

[Campbell Morrison]

I've now made the PHP session name configurable in f3379f.

[Steve Cleveland]

Thank you! I appreciate that this project continues to be maintained!