History of Bitweaver and Browser Cookies

Version 6

Bitweaver and Browser Cookies

All about browser cookies in TikiPro

Created by: Stephan Borg, Last modification: 01 May 2005 (11:56 UTC) by Stephan Borg
Note: This is not about the tag-line cookies found in the kernel (we really need to rename those...)

Introduction

This page is an explanation of the use of browser cookies in TikiPro. Hopefully, it will help developers to understand the different types of cookies used in TikiPro and help with consistency and standardisation of their use.

Issues

Currently there are a few issues outlined below.
  • Number of cookies per site
    • Previously there was a limit reached by the number of cookies produced per site. Every open and closed state of menus was stored in a cookie value, which quickly increased the numbers. Whether this exists as a problem today I am not sure - we need confirmation.
  • Remember Me problems
    • The Remember Me option (Administration / Users / Login Settings) has been designed to allow a single TikiPro site to authenticate a user and then use this authenticated session for other TikiPro sites. Currently, if the user enters the incorrect cookie domain (without the wildcard prefix '.'), it causes problems. We will provide some sanity checking to ensure this simple problem does not cause grief.
    • The cookie session name PHPSESSID is used in Bonnie, which is actually generated by PEAR:Auth. The session name TIKISESSION is now used in Clyde, which will affect the Remember Me function between TikiPro versions.

Types

There are currently two types of cookies used in TikiPro.
  1. The user authentication / session cookie, that is used to track authenticated users and share this information across TikiPro sites using the Remember Me functionality. These cookies should only use the Remember Me cookie settings (cookie_path and cookie_domain), if the Remember Me feature is turned on.
  2. The menu state cookies are used to keep track of menu states between sessions. These should be site specific and should not have any references to the Remember Me cookie_path and cookie_domain settings.
  3. The tz_offset cookie is used to calculate client time zone information. This is currently the best way we were able to track client time zone information.
Page History
Date/CommentUserIPVersion
01 Sep 2006 (15:52 UTC)
Stephan Borg218.214.1.11312
Current • Source
Stephan Borg218.214.1.1138
View • Compare • Difference • Source
Stephan Borg218.214.1.1137
View • Compare • Difference • Source
Stephan Borg218.214.1.1136
View • Compare • Difference • Source
Stephan Borg218.214.1.1135
View • Compare • Difference • Source
Stephan Borg218.214.1.1133
View • Compare • Difference • Source
Stephan Borg218.214.1.1132
View • Compare • Difference • Source
Stephan Borg218.214.1.1131
View • Compare • Difference • Source