BUGGER

Project Home

Bug Status:	Closed - Resolved
Bug ID	136
Date Logged	9/8/2011
Logged By	Ben Tasker
Details	If two copies of Document Library are installed on one server, the authentication data in the session cookie allows a user to authenticate in one instance, and then access the other (even if they don't have an account on the second instance)
Developer	BTasker

Developer Notes	Instance ID added to Session variable

Bug Comments:

Usually a subdomain/virtual host would be in use which would prevent this. However, will need to update the authentication mechanism to resolve anyway
Ben Tasker	09-08-2011 08:25

Will update authentication mechanism to mark current working directory in the auth data. This can then be verified to ensure that the user is accessing the correct system. Additional work will be needed so that a user can access both instances simultaneously (as they may well be authorised to access both) without continuously having to log back in
Ben Tasker	09-08-2011 08:27

Added new variable to Configuration - instance ID. This can be left as default for most installs but will need to be changed where multiple instances are being used without a subdomain
Ben Tasker	09-08-2011 11:19

/lib/template.php /lib/auth.php /lib/db/db_basics.php /lib/reference.php Updated to use the new instance id in Session variables
Ben Tasker	09-08-2011 11:29

Sent for testing
Ben Tasker	09-08-2011 11:30

Bug resolved, instance ID prevents auth vars being used across instances. Use of instance ID in session var allows user to utilise multiple instances at the same time (so long as the instance ID's differ)
Ben Tasker	09-08-2011 11:53

At the time of it's abandonment, BUGGERs template was still under development. Apologies for any feelings of nausea! Copyright Ben Tasker 2009 Released under the GNU GPL V3
No permission given for Interception of communications by any third party.
"Broken? Have you BUGGERed it?"