2007-03-15
wongyb
For server that runs PHP scripts using suPHP under Apache, all files created by that PHP script will be owned by the script file owner (but not the owner running Apache). The use of suPHP is for security reason. It is to prevent users of the same server to read sensitive files of another user.
Session file created in /tmp, /var/run, or /var/lib/php5 depending on the server setting will also be owned by the script owner. Dokuwiki set session in inc/init.php. The session name is "Dokuwiki". Problem occurs in when accessing wikis owned by two different users using the same web browser. Since the session name is "Dokuwiki" for these two Dokuwiki installations, the same cookie is going to be retrieved, and hence the same session file stored in the server. Upon accessing the second user wiki, session_start() complains "Permission denied".
To cater for this problem, I tried to patch inc/init.php as illustrated below. This modification relies on setting $conf['basedir'] in conf/local.php.
I hope this (or any fix to cater for this problem) could be included in the future Dokuwiki release.
--- /public/wongyb/dokuwiki-2006-11-06/inc/init.php 2006-11-07 03:32:07.000000000 +0800
+++ inc/init.php 2007-03-15 13:34:36.013737000 +0800
@@ -85,7 +85,9 @@
// init session
if (!headers_sent() && !defined('NOSESSION')){
- session_name("DokuWiki");
+ $cookie_path = (isset($conf['basedir'])&&!empty($conf['basedir'])) ? $conf['basedir'] ."/" : dirname($_SERVER[PHP_SELF])."/";
+ session_name("DokuWiki".$cookie_path);
+ session_set_cookie_params( 0, $cookie_path );
session_start();
}