diff MoinMoin/config/multiconfig.py @ 5408:4226fde63931

generate session cookie names to fix some issues (details see below) New setting cfg.cookie_name (default None). Please do not use cfg.cookie_path any more (usually should not be needed any more, we now always put path=/ into the cookie except if you explicitly configure something else). Problems addressed by this changeset: - cookies do not store the port (thus running different wikis, with different user sessions on same host, but different ports did not work) - (old) cookies with path=/ interfered with (new) cookies with path=/wiki1 To fix, we now use different cookie names (before it was MOIN_SESSION ever). Added MoinMoin.web.session.get_cookie_name() to determine the full cookie name for some software (usually 'MOIN') using it for some usage (e.g. 'SESSION') for some wiki (or group of wikis) determined by some name. We do not use the path=... information in the cookie any more, but use path=/ ever. Instead of using the cookie path, we use differently named cookies, so we get the right cookie no matter at what URL the wiki currently is "mounted". If name is None, we just use cfg.siteid, which is unique within a wiki farm created by a single farmconfig. If you only run ONE(!) wikiconfig wiki, it is also unique, of course, but not if you run multiple wikiconfig wikis under same domain. If name is not None (and not 'urlmagic'), we just use the given name (you want to use that to share stuff between several wikis - just give same name and it will use the same cookie. same thing if you don't want to share, just give a different name then [e.g. if cfg.siteid or 'urlmagic' doesn't work for you]). If name is 'urlmagic', we use some URL components to make up some name. Moving a wiki to a different URL will break all sessions. Exchanging URLs of wikis might lead to confusion (requiring the client to purge the cookies).
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 10 Jan 2010 00:17:16 +0100
parents 942766fe487d
children b0c8c2f225f3
line wrap: on
line diff
--- a/MoinMoin/config/multiconfig.py	Sat Jan 09 02:41:22 2010 +0100
+++ b/MoinMoin/config/multiconfig.py	Sun Jan 10 00:17:16 2010 +0100
@@ -717,6 +717,8 @@
   'session': ('Session settings', "Session-related settings, see HelpOnSessions.", (
     ('session_service', DefaultExpression('web.session.FileSessionService()'),
      "The session service."),
+    ('cookie_name', None,
+     'The variable part of the session cookie name. (None = use siteid, "urlmagic" = determine from URL, any other string = use that)'),
     ('cookie_secure', None,
      'Use secure cookie. (None = auto-enable secure cookie for https, True = ever use secure cookie, False = never use secure cookie).'),
     ('cookie_httponly', False,
@@ -724,7 +726,7 @@
     ('cookie_domain', None,
      'Domain used in the session cookie. (None = do not specify domain).'),
     ('cookie_path', None,
-     'Path used in the session cookie (None = auto-detect).'),
+     'Path used in the session cookie (None = auto-detect). Please only set if you know exactly what you are doing.'),
     ('cookie_lifetime', (0, 12),
      'Session lifetime [h] of (anonymous, logged-in) users (see HelpOnSessions for details).'),