#1561 (ok 4.5) Being able to use multiple servers at the same time when using cookie auth
Setup:
- 1 phpMyAdmin installation (4.2.10.1), configured to use cookie auth.
- 3 different MySQL servers.
Problem:
Only one server is usable at the same time in the same browser.
How to reproduce:
- Open phpMyAdmin and log-in into a first MySQL server.
- Browse a few pages to ensure everything is working fine.
- Open a new tab in the same browser and open phpMyAdmin again.
- Log-in into a second server.
- Browse a few pages on said second server to ensure everything is working fine.
- Now go back to the first server and try to navigate to any page, like the database list.
The session on the first server is then closed, and the log-in form is displayed with error "Your session has expired. Please log in again.".
I dug into the source code to understand what was going on.
The PHP session identifier is stored into cookie "phpMyAdmin". Each time a user logs in, this cookie is overwritten.
Then, only the corresponding session can work, otherwise a token mismatch error is generated in libraries/common.inc.php (line 462, variable $token_mismatch).
Do you plan to make this work in the future?
PR: https://github.com/phpmyadmin/phpmyadmin/pull/1563
PR: https://github.com/phpmyadmin/phpmyadmin/pull/1762