History of Bitweaver and Browser Cookies

Version 8

Bitweaver and Browser Cookies

All about browser cookies in bitweaver

Created by: Stephan Borg, Last modification: 01 May 2005 (14:08 UTC) by Stephan Borg
Note: This is not about the tag-line cookies found in the kernel (we really need to rename those...)

Introduction

This page is an explanation of the use of browser cookies in bitweaver. Hopefully, it will help developers to understand the different types of cookies used in bitweaver and help with consistency and standardisation of their use.

Types

There are a number of types of cookies used in bitweaver.
  1. The user authentication / session cookie, that is used to track authenticated users and share this information across bitweaver sites using the Remember Me functionality. These cookies should only use the Remember Me cookie settings (cookie_path and cookie_domain), if the Remember Me feature is turned on. The cookie session name PHPSESSID is used in Bonnie, which is actually generated by PEAR:Auth. The session name TIKISESSION is now used in ReleaseOne, which will affect the Remember Me function between bitweaver versions.
  2. The menu state cookies are used to keep track of open or closed menus between sessions. These are stored via the kernel/tiki.js using Javascript. These should be site specific and should not have any references to the Remember Me cookie_path and cookie_domain settings.
  3. The tz_offset cookie is used to calculate client time zone information. bitweaver initially checks if there is a preferred time zone set in the user preferences, and will use this if so. Otherwise, the server's time zone is used and stored in the tz_offset cookie. This is stored via the kernel/tiki.js using Javascript, should be site specific and should not have any references to the Remember Me cookie_path and cookie_domain settings.

Issues

Currently there are a few issues outlined below.
  • Number of cookies per site
    • Previously there was a limit reached by the number of cookies produced per site. Every open and closed state of menus was stored in a cookie value, which quickly increased the numbers. The solution to this will need to be researched and a project in itself.
  • Remember Me problems
    • The Remember Me option (Administration / Users / Login Settings) has been designed to allow a single bitweaver site to authenticate a user and then use this authenticated session for other bitweaver sites. Currently, if the user enters the incorrect cookie domain (without the wildcard prefix '.'), it causes problems.
  • Cookie Path problems
    • Due to bitweaver's multi-level packages, generation of cookies and their cookie path references, need to be controlled. Without this control, cookies are generated with paths from all over the installation causing large numbers of cookies and incorrect cookie references. Even with Remember Me functionality turned off, the default cookie path should be TIKI_ROOT_URL to prevent this problem.
Page History
Date/CommentUserIPVersion
01 Sep 2006 (15:52 UTC)
Stephan Borg218.214.1.11312
Current • Source
Stephan Borg218.214.1.1138
View • Compare • Difference • Source
Stephan Borg218.214.1.1137
View • Compare • Difference • Source
Stephan Borg218.214.1.1136
View • Compare • Difference • Source
Stephan Borg218.214.1.1135
View • Compare • Difference • Source
Stephan Borg218.214.1.1133
View • Compare • Difference • Source
Stephan Borg218.214.1.1132
View • Compare • Difference • Source
Stephan Borg218.214.1.1131
View • Compare • Difference • Source