This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.
Closed
Works for me
FS#2254 random deletion of authentication cookie
ACL & Authentication
2011-05-10Gazelle
I recognized that although it was still valid the authentication cookie has been deleted by the wiki. The time till its deletion varies and is not bound to the client OS (WinXP, Ubuntu, Sun Solaris) or the used browser (tested under IE 8, FF 3.6, FF 4, Chrome 10 and Chromium 10).
The only fix I've found was a self written workaround in inc/auth.php on line :
<code>
function auth_login($user,$pass,$sticky=false,$silent=false){
..........
if(!empty($user)){
.........
}else{
...............
}
//workaround starts here
if(isset($_SESSION[DOKU_COOKIE]['auth']['user'])){
//var_dump($_SERVER["REQUEST_URI"]);
auth_setCookie($_SESSION[DOKU_COOKIE]['auth']['user'], $_SESSION[DOKU_COOKIE]['auth']['pass'],auth_cookiesalt(), $sticky);
header("Location:".$_SERVER['REQUEST_URI']);
return true;
}
else{
//end of workaround
//just to be sure
auth_logoff();
return false;}
}
</code>
Mir ist aufgefallen, dass das auth cookie vom System gelöscht wird, obwohl es eigentlich noch Gültigkeit besaß. Die Zeit bis zum Löschvorgang war hierbei unabhängig vom Hostsystem und dem Browser jeweils verschieden.
Einzig mein selbstgeschriebener Workaround brachte bis jetzt Abhilfe:
.....
2011-09-19BurninLeo
I had such a problem for a completely different PHP program.
PHP purges SESSIONs using a random method: With a chance of (e.g.) 1/1000 old (!) sessions are deleted when a new session is started. But why are sessions deleted that are not old? The PHP purging mechanism does not only delete such sessions that have been created by the script, but *all* PHP sessions in the session directory. In the specific case, there were multiple users on the server; each with a separate webspace, of course, but sessions were stored in a common /tmp directory. So if any other PHP script used a shorter session lifetime, it deleted my program's sessions as well.
The solution was to store the sessions in a different path within the own webspace, not in the common /tmp directory.
Is this maybe capable explaining the random deletion?
2011-09-26xyan
Can u check if your bug has something todo with FS#2297 ?
2013-01-25ChrisS
DokuWiki only deletes the authentication cookie when the user logs out, that is our desired behaviour. The only code which deletes the cookie (auth_logoff() in inc/auth.php #345-383) also clears $_SESSION[DOKU_COOKIE]['auth']. Your fix suggests the cookie wasn't sent by the browser. In your wiki are their variations in domain, path or port?