#415 (ok 3.0.0-beta2) SSO (Single Sign-on) cookie clearing
My apologies in advance if this is a duplicate bug or if this is not really a bug.
Basically, I have a Single Sign-On (SSO) page that redirects directly into https://mywebserver/phpMyAdmin/ once it's set the appropriate session variables.
With the latest 3.0.0-beta on PHP 5.2.6 and MySQL 5.0.67, I've run into the issue where the first time you visit the SSO page, you are logged out; the second time, it works.
I've found that the cookie clearing code in phpMyAdmin/libraries/common.inc.php beginning on line 240 and after around revision 11302 or so, seems to be a little agressive in that it'll clear all cookie variables (i.e. $_COOKIE = array()) if there is no pmaCookieVer cookie set.
If you are using a SSO page that redirects users directly into phpMyAdmin for the first time, obviously, pmaCookieVer will not be set.
If the $_COOKIE variable has been reset, isset($_COOKIE[$session_name]) will fail in libraries/auth/signon.auth.lib.php and phpMyAdmin will think SSO has failed.
Using the patch I've attached solves this issue for me. If this is reproducible, another solution might be to make it more clear you need to set pmaCookieVer in your SSO code.
Logged In: YES
user_id=210714
Originator: NO
Moved to patches.
Logged In: YES
user_id=210714
Originator: NO
I can reproduce your problem, however the comment in the original code says "clean cookies on new install or upgrade". Your patch only takes care of the "upgrade" case. I'm currently not sure why we would need to clear cookies on new install.
Logged In: YES
user_id=210714
Originator: NO
Merged in subversion, thanks.