Emiliano <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]
...
> > Sounds even better to me, unless there are users that actually see the
> > current behaviour as a 'feature'.
>
> It's a trivial fix, so I'd check it in, but...
>
<snip>
> This in fact creates the same problem. Mixing hosts/subhosts or
> prefix/subprefixes in different sitegroups is not likely to work very
> intuitively with cookie authentication.
>
OUCH. I think you are very right here. I think I should have given it some
more thought before even mentioning this.
> > with the URL request. The path "/foo" would match "/foobar" and
> > "/foo/bar.html". The path "/" is the most general path.
> > If the path is not specified, it as assumed to be the same path as the
> > document being described by the header which contains the cookie.
>
> And the same problem again.
>
> Deleting the cookie is simple, and I'd check it in, but I want more
> discussion on the above topics before changing the path in the cookie.
> Agreed?
Yes, I do. On first glance it appeared to be easy to avoid clashes, and I
figured sending you the info would be enough, but now that I reread that
page I rather feel that the path/domain thingie is not well thought out when
it comes to this. Looks like our best option is to add some warnings about
this to the mgd_auth_midgard documentation.
Clashes would seem unlikely in 'normal' (what is that) situations, but if
one would offer test-accounts like test.midgard-project.org/testuser1 etc,
the problem would become very real.
A possible work-around would be to include the host-id that send the cookie
in the cookie-value, together with the user/pass info, and then have
mgd_auth_mgd("","",1) refuse to delete the cookie if the existing cookie
doesn't originate from the same host. Ugly, admitted.
Armand.
--
This is The Midgard Project's mailing list. For more information,
please visit the project's web site at http://www.midgard-project.org
To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
