=================== BUG #1260: LATEST MODIFICATIONS ================== http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1260&group_id=11
Changes by: Yann Dirson <[EMAIL PROTECTED]> Date: 2002-Sep-24 10:23 (Europe/Paris) ------------------ Additional Follow-up Comments ---------------------------- Cool, that's great ! Now is there any means of sharing "cookie prefs" like the theme, between the 2 site ? =================== BUG #1260: FULL BUG SNAPSHOT =================== Submitted by: ydirson Project: Savannah Submitted on: 2002-Sep-23 10:25 Category: PHP Engine Severity: 5 - Average Priority: Normal Bug Group: None Resolution: Fixed Assigned to: yeupou Status: Closed Effort: 0.00 Summary: New "nongnu.org" site breaks sessions and prefs Original Submission: I just discovered that non-gnu projects appear to have been migrated to savannah.nongnu.org - maybe some announcement should be done so that people would know something changed. As a consequence of this change, when I login as usual in s.gnu.org, then follow an admin link to one of my projects, I reach an annoying "Insufficient Group Access". If I login there, I do not get my prefs. Follow-up Comments ******************* ------------------------------------------------------- Date: 2002-Sep-24 10:23 By: ydirson Cool, that's great ! Now is there any means of sharing "cookie prefs" like the theme, between the 2 site ? ------------------------------------------------------- Date: 2002-Sep-23 19:14 By: yeupou Now, you have an option that permits login directly to the two websites. Tell me if it does not work as expected. ------------------------------------------------------- Date: 2002-Sep-23 17:26 By: yeupou My test were done by using galeon. You latest idea seems fine to me. I'll test this. ------------------------------------------------------- Date: 2002-Sep-23 17:17 By: ydirson "Adding cookies from other sites means reading cookies from other sites" Why ? You can only read cookies if the browser sends them. That in itself does not prevent a server to issue a setcookie or whatever for another site. I understand it could be used by bad boys, and the netscape doc says "Only hosts within the specified domain can set a cookie for a domain". But well, it looks like a client-side issue whether to accept them, and eg. galeon seems to be configured to accept them by default. http://wp.netscape.com/newsref/std/cookie_spec.html We could maybe get the same functionality using reasonable technologies. Eg. have the page returned by the login form contain a simple form with just a submit button visible, to automatically log into the sibling site. Or a direct link to the sibling site, which would trigger login transparently, but that may not be feasilble, or even a good idea. ------------------------------------------------------- Date: 2002-Sep-23 17:04 By: yeupou "That sounds like a bug :) If browsers have support to filter out such things, I supposed it's allowed by the specs..." I do not think it's a bug. It would be weird if a website would be able to remove/change cookies from others sites. For instance, I run toto.po, I do not like the server adadadd.hi: I just have to put setcookie(blabadadad... "adadadd.hi"); to disturb each users from adadadd.hi... And no one will now. Worth, think about telerama.fr, which one have his users passwords stored non-crypted in cookies.... Adding cookies from other sites means reading cookies from other sites... ------------------------------------------------------- Date: 2002-Sep-23 16:52 By: ydirson "apparently the function setcookie is unable to set the cookie domain unless the domain choosed is the name of the server" That sounds like a bug :) If browsers have support to filter out such things, I supposed it's allowed by the specs... ------------------------------------------------------- Date: 2002-Sep-23 16:40 By: yeupou The interest is having prefs without being logged in. Anyway, apparently the function setcookie is unable to set the cookie domain unless the domain choosed is the name of the server. It means that savannah.gnu.org will probably not granted to set a cookie for savannah.nongnu.org. ------------------------------------------------------- Date: 2002-Sep-23 15:07 By: ydirson What are the reasons behind having some prefs depending on cookies ? Eg., I can't see why the selected theme is not in the db ? To share the sessions, what about setting cookies for both sites at once ? (hm, I currently block cookies not matching current website:) ------------------------------------------------------- Date: 2002-Sep-23 14:52 By: yeupou "Was such a mess worth the trouble ?" Yes. Having gnu.org in the url of non-GNU projects is highly misleading. "What about sharing at least prefs & such things ?" Prefs that depends on the database are already share. Prefs that depends on cookies not. ------------------------------------------------------- Date: 2002-Sep-23 14:40 By: ydirson Was such a mess worth the trouble ? What about sharing at least prefs & such things ? ------------------------------------------------------- Date: 2002-Sep-23 14:35 By: yeupou « just discovered that non-gnu projects appear to have been migrated to savannah.nongnu.org - maybe some announcement should be done so that people would know something changed » We wait for the mailing-list to works with the correct domain names. The problem is that savannah.gnu.org and savannah.nongnu.org are two virtuals hosts, understood as too differents servers. Session are stored via cookie for a particular server. So you need to be logged in the two separate servers. CC list is empty No files currently attached For detailed info, follow this link: http://savannah.gnu.org/bugs/?func=detailbug&bug_id=1260&group_id=11
