[pmwiki-users] Author cookies

Patrick R. Michaud pmichaud at pobox.com
Thu Aug 10 14:02:56 CDT 2006


Reply-To: 
In-Reply-To: <44D66848.3060303 at bechmannsoftware.com>

[Subject was: Working solution for CMS style interface with IMS caching]

On Sun, Aug 06, 2006 at 06:08:08PM -0400, Henrik Bechmann wrote:
> All of this works as expected in Internet Explorer. The Firefox cache is 
> not as responsive however, and requires special procedures. Also, it 
> turns out that PmWiki deletes the Author Name cookie with the logout 
> operation (which I do not think is desirable in most situations).

Actually, it is desirable, and arguably it's the only correct
answer.  PmWiki is used in a large number of laboratory and classroom
environments, where multiple people end up using the same machine
to access a common wiki on a daily basis.  In these situations,
people think of "logout" as meaning "remove my association with
this particular terminal" -- including their author name.  

In fact, many people would be very surprised if the "logout" action 
*didn't* cause their author name to be removed from the forms;
"logout" should mean "I'm no longer here."  Indeed, this is one
of the reasons ?action=logout was originally created...to provide
an easy way to clear the author cookie.

> 2. IMHO the Author Name (as opposed to ID) should never be removed from 
> the cookie. It is not a security feature, but rather a convenience for 
> the author, such that he/she doesn't have to keep adding his/her name 
> from the same computer all the time (when $EnablePostAuthorRequired = 
> 1). 

It's even more inconvenient for an author to try to remove his/her
name from a machine if ?action=logout doesn't do it.

Still, if the admin doesn't want ?action=logout to remove the
author cookie, then use:

    include_once('scripts/author.php');
    $LogoutCookies = array_diff($LogoutCookies, array($AuthorCookie));

which means that ?action=logout won't remove the author cookie.
If there's enough people who think that author cookies should
survive ?action=logout, we can create a special $Enable... variable
for it, otherwise I'll simply cite the above code as a potential
recipe.

Pm




More information about the pmwiki-users mailing list