From e71ce681bdae620477f46591279412a0143b6b0e Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Tue, 3 Oct 2006 14:15:46 +0200
Subject: use DOKU_URL as key for sessions and auth cookie #896 #581 #884

This patch changes the DOKU_COOKIE define to be based on the DOKU_URL define.
DOKU_COOKIE is now used as session key as well, making sessions no longer
dependend on the title option. This should fix problems with multiple
wikis on the same host (using the same title) and wikis accessed through
different URLs.

darcs-hash:20061003121546-7ad00-aea4c256b7752815ed422ce74a659152a601d267.gz
---
 inc/auth.php | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

(limited to 'inc/auth.php')

diff --git a/inc/auth.php b/inc/auth.php
index 987de8595..29f57b29e 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -53,8 +53,6 @@
     }
   }
 
-  if (!defined('DOKU_COOKIE')) define('DOKU_COOKIE', 'DW'.md5($conf['title']));
-
   // do the login either by cookie or provided credentials
   if($conf['useacl']){
     if (!isset($_REQUEST['u'])) $_REQUEST['u'] = '';
@@ -131,10 +129,10 @@ function auth_login($user,$pass,$sticky=false){
       setcookie(DOKU_COOKIE,$cookie,$time,'/');
 
       // set session
-      $_SESSION[$conf['title']]['auth']['user'] = $user;
-      $_SESSION[$conf['title']]['auth']['pass'] = $pass;
-      $_SESSION[$conf['title']]['auth']['buid'] = auth_browseruid();
-      $_SESSION[$conf['title']]['auth']['info'] = $USERINFO;
+      $_SESSION[DOKU_COOKIE]['auth']['user'] = $user;
+      $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass;
+      $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid();
+      $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
       return true;
     }else{
       //invalid credentials - log off
@@ -147,7 +145,7 @@ function auth_login($user,$pass,$sticky=false){
     $cookie = base64_decode($_COOKIE[DOKU_COOKIE]);
     list($user,$sticky,$pass) = split('\|',$cookie,3);
     // get session info
-    $session = $_SESSION[$conf['title']]['auth'];
+    $session = $_SESSION[DOKU_COOKIE]['auth'];
 
     if($user && $pass){
       // we got a cookie - see if we can trust it
@@ -226,12 +224,12 @@ function auth_logoff(){
   global $INFO, $ID;
   global $auth;
 
-  if(isset($_SESSION[$conf['title']]['auth']['user']))
-    unset($_SESSION[$conf['title']]['auth']['user']);
-  if(isset($_SESSION[$conf['title']]['auth']['pass']))
-    unset($_SESSION[$conf['title']]['auth']['pass']);
-  if(isset($_SESSION[$conf['title']]['auth']['info']))
-    unset($_SESSION[$conf['title']]['auth']['info']);
+  if(isset($_SESSION[DOKU_COOKIE]['auth']['user']))
+    unset($_SESSION[DOKU_COOKIE]['auth']['user']);
+  if(isset($_SESSION[DOKU_COOKIE]['auth']['pass']))
+    unset($_SESSION[DOKU_COOKIE]['auth']['pass']);
+  if(isset($_SESSION[DOKU_COOKIE]['auth']['info']))
+    unset($_SESSION[DOKU_COOKIE]['auth']['info']);
   if(isset($_SERVER['REMOTE_USER']))
     unset($_SERVER['REMOTE_USER']);
   $USERINFO=null; //FIXME
-- 
cgit v1.2.3