-
- 19 Posts
Right now sessions are started without specification of a name, which means two separate installations of modx on the same host will use the same cookie.
To have the choice of specifying a name would be nice.
-
- 1,732 Posts
hmmmm,
From what I remember each installation uses a different cookie name. see the site_id system setting inside the database. It’s not editable.
-
- 19 Posts
There really is a problem here:
I have two installations running. The site_id value in the database is different for the two installations, but if I log in to the manager in one of the installations and then start the manager in the other, I’m automatically logged in there, even if the username and the password differ! Even worse: this works even if one is logged in as a user that doesn’t exist in the other installation.
This could easily be overcome by calling session_name(); with a unique name instead of doing session_start(); directly.
-
- 2,204 Posts
This problem normaly only occurs when you hav e2 instalations on the same domain e.g.
www.yourdomain.tld/mod-x1
and
www.yourdomain.tld/mod-x1
the cookie remebers the domain and thinks that its the same instalation
on 2 differend domains this schould not be a problem
-
- 19 Posts
Yes, but still this should not be.
-
- 1,732 Posts
Ok,
Thanks Lohengrin. We’ll look into adding the session name variable to the config.inc.php file
Keep up the good work
-
- 1,732 Posts
Lohengrin,
Can you add this to the Bugtracker with the suggested solution?
-
- 239 Posts
I like the described way of etomite better than a setting in a config file. IMHO it is best if you would not have to worry about such a setting. The described combination of host, database, and table prefix should be unique for each MODx install so automatic handling would be possible.
-
- 19 Posts
True, it should be set automatically, but why not editable? There are situations where you might want to have one cookie for all your installations...