BUGGER

Project Home
Bug Status:
Closed - Resolved
Bug ID136
Date Logged9/8/2011
Logged ByBen Tasker
DetailsIf two copies of Document Library are installed on one server, the authentication data in the session cookie allows a user to authenticate in one instance, and then access the other (even if they don't have an account on the second instance)
DeveloperBTasker
Developer NotesInstance ID added to Session variable


Bug Comments:


Usually a subdomain/virtual host would be in use which would prevent this.

However, will need to update the authentication mechanism to resolve anyway

Ben Tasker09-08-2011 08:25


Will update authentication mechanism to mark current working directory in the auth data. This can then be verified to ensure that the user is accessing the correct system.

Additional work will be needed so that a user can access both instances simultaneously (as they may well be authorised to access both) without continuously having to log back in

Ben Tasker09-08-2011 08:27


Added new variable to Configuration - instance ID. This can be left as default for most installs but will need to be changed where multiple instances are being used without a subdomain
Ben Tasker09-08-2011 11:19


/lib/template.php
/lib/auth.php
/lib/db/db_basics.php
/lib/reference.php

Updated to use the new instance id in Session variables

Ben Tasker09-08-2011 11:29


Sent for testing
Ben Tasker09-08-2011 11:30


Bug resolved, instance ID prevents auth vars being used across instances.

Use of instance ID in session var allows user to utilise multiple instances at the same time (so long as the instance ID's differ)

Ben Tasker09-08-2011 11:53

At the time of it's abandonment, BUGGERs template was still under development. Apologies for any feelings of nausea! Copyright Ben Tasker 2009 Released under the GNU GPL V3
No permission given for Interception of communications by any third party.
"Broken? Have you BUGGERed it?"