Differences from version 1 to 12



@@ -1,9 +1,32 @@

-Note: This is not about the tag-line cookies found in the kernel (we really need to rename those...)
+^Note: This is not about the tag-line cookies found in the kernel (we really need to rename those...)^
 {maketoc}
-!Introduction
-This page is an explanation of the use of browser cookies in TikiPro. Hopefully, it will help developers to understand the different types of cookies used in TikiPro and help with consistency and standardisation of their use.
+
+!Introduction - Where are Cookies Used in Bitweaver?
+This page is an explanation of the use of browser cookies in Bitweaver. Hopefully, it will help developers to understand the different types of cookies used in bitweaver and help with consistency and standardisation of their use.
+
+!Types
+There are a number of types of cookies used in bitweaver.
+
+# The session cookie that is used to track user session within Bitweaver. The cookie session name has changed over the versions, __PHPSESSID__ in Bonnie (which is actually generated by PEAR:Auth), __TIKISESSION__ in ReleaseOne, and now __BWSESSION__ in ReleaseTwo.
+# The user authentication cookie, that is used to track authenticated users and can be used to share information across Bitweaver sites using the ''Remember Me'' functionality. These cookies should only use the ''Remember Me'' cookie settings (__cookie_path__ and __cookie_domain__), if the ''Remember Me'' feature is enabled. The cookie session name has changed over the versions, __tiki-user-bitweaver__ in Bonnie and ReleaseOne, and now __bit-user-bitweaver__ in ReleaseTwo.
+# The __tz_offset__ cookie is used to calculate client time zone information. Bitweaver initially checks if there is a preferred time zone set in the user preferences, and will use this if so. Otherwise, the server's time zone is used and stored in the __tz_offset__ cookie. This value is calculated using Javascript in __kernel/tiki.js__ in Bonnie and ReleaseOne, and __util/javascript/bitweaver.js__ in ReleaseTwo. The setting should be site specific and should not have any references to the ''Remember Me'' __cookie_path__ and __cookie_domain__ settings.
+# Menu and Module Open/Closed Status - Theses cookies are used to keep track of open or closed menus and modules between sessions (__$package+admenu, layoutadmenu, $custom+menu, $module_title__). These are stored using Javascript in __kernel/tiki.js__ in Bonnie and ReleaseOne, and __util/javascript/bitweaver.js__ in ReleaseTwo. The setting should be site specific and should not have any references to the ''Remember Me'' __cookie_path__ and __cookie_domain__ settings.
+# Switch Theme Module (__tiki-theme__) - Previously used to temporarily change the theme using a drop-down module, the current theme was stored in this cookie. This code should be deprecated and changed to use the User Preferences Theme setting, rather than using this method.
+# Javascript Tabs (webfxtab_) - Javascript Tab selections are stored in this cookie and currently are not configured explicitly by Bitweaver in anyway.
+
 !Issues
 Currently there are a few issues outlined below.
-!!Number of cookies per site
-Previously there was a limit reached by the number of cookies produced per site. Every open and closed state of menus was stored in a cookie value, which quickly
-!
+
+* Number of cookies per site
+** Previously there was a limit reached by the number of cookies produced per site. Every open and closed state of menus was stored in a cookie value, which quickly increased the numbers. The solution is likely to use arrays to serialise menu status and minimise the number of cookies for this purpose.
+
+* Remember Me problems
+** The Remember Me option (Administration / Users / Login Settings) has been designed to allow a single bitweaver site to authenticate a user and then use this authenticated session for other bitweaver sites. Currently, if the user explicitly enters the incorrect __cookie_domain__ (without the wildcard prefix '.'), it causes problems.
+** Previously __cookie_path__ and __cookie_domain__ settings were stored in prefernces, even if they were the defaults. After an upgrade, possibly to another site, these settings would prevent authentication with or without ''Remember Me'' option enabled. This has been fixed in the R2 upgrade process.
+
+* Cookie Path problems
+** Due to Bitweaver's multi-level packages, generation of cookies and their cookie path references, need to be controlled. Without this control, cookies are generated with paths from all over the installation causing large numbers of cookies and incorrect cookie references. Even with ''Remember Me'' functionality disabled, the default __cookie_path__ should be BIT_ROOT_URL and default __cookie_domain__ an empty string, to prevent this problem.
+
+!What are Cookie Defaults?
+* Cookie Path = URL Path where Bitweaver is installed. Default is __BIT_ROOT_URL__, the URL path where Bitweaver is installed.
+* Cookie Domain = URL Server Name - When server name is supplied to cookie parameters, it prefixes it with a '.' wildcard. To explicitly use the server name, you need to provide an empty string ("") in the cookie parameters. Default is empty string, which uses the explicity server name.
Page History
Date/CommentUserIPVersion
01 Sep 2006 (15:52 UTC)
Stephan Borg218.214.1.11312
Current • Source
Stephan Borg218.214.1.1138
View • Compare • Difference • Source
Stephan Borg218.214.1.1137
View • Compare • Difference • Source
Stephan Borg218.214.1.1136
View • Compare • Difference • Source
Stephan Borg218.214.1.1135
View • Compare • Difference • Source
Stephan Borg218.214.1.1133
View • Compare • Difference • Source
Stephan Borg218.214.1.1132
View • Compare • Difference • Source
Stephan Borg218.214.1.1131
View • Compare • Difference • Source