[Phpgroupware-developers] cookies/sitemgr revisited

[totschnig . michael]

some time ago, I posted here about the problem that phpgroupware's
handling of cookies creates when you want to use several installs of
phpgroupware in the same domain. I did not get any reponse from
skeeter. I investigated the issue further and I found an alternative
solution, which seems to work. I am not sure if it is generalizable,
and I did not test it very thoroughly, but I'll document it here, so
that others who have the same problem could try it, and if it prooves
useful, maybe it can be adopted officially.

The solution implies three changes, one two the API session class, one
to sitemgr-link/index.php, one to sitemgr-site/config.inc.php

1) In the API, if you do not want to set the cookie in a generalized
way you have to change the function phpgw_setcookie in file
class.sessions_php4.inc.php (if you use PHP4 sessions): 
function phpgw_setcookie($cookiename,$cookievalue='',$cookietime=0)
{
                        setcookie($cookiename,$cookievalue,$cookietime);
}

you can but do not have to comment out any call to phpgw_set_cookiedomain

2) In sitemgr-link/index.php replace line
Header('Location: ' . sitemgr_link2('/index.php'));
by
Header('Location: ' . sitemgr_link2('/index.php',array("PHPSESSID" => 
session_id())));

3) In sitemgr-site/config.inc.php add the lines 
if ($GLOBALS['HTTP_GET_VARS']['PHPSESSID'])
{
        
$GLOBALS['phpgw']->session->phpgw_setcookie('PHPSESSID',$GLOBALS['HTTP_GET_VARS']['PHPSESSID']);
}
before line
if (! $GLOBALS['phpgw']->session->verify())

What this does is to communicate the PHP sesssion ID from phpgroupware
to sitemgr's web site when a user clicks on the link from inside
phpgroupware. This has the advantage that sessions could even be
continued if you use a completely different virtual host for the web
site, and that you do not have to "pollute" all your domain's web sites with an
overgeneralized cookie.
It has the inconvenience that user's have to use the link from inside
phpgroupware in order to have their session continued when they browse
the web site.

Patrick, would this solution be acceptable for you?

When I experienced with this, I was astonished to realize that it
works to just pass the PHPSESSID cookie in order to recreate the
existing phpgroupware session. I wondered is it necessary that
phpgroupware still sets its own cookies sessionid and kp3 since these
are stored as PHP session variables?

Michael