[pmwiki-users] Session Cookie Problem

Patrick R. Michaud pmichaud at pobox.com
Sun Jun 4 16:16:37 CDT 2006


On Fri, Jun 02, 2006 at 05:27:09PM -0400, Sandy wrote:
> Patrick R. Michaud wrote:
> > That's correct.  PmWiki remembers every password entered during a
> > session, so once someone enters the admin password, they are never
> > prompted for a password again until something happens to cause PmWiki
> > to "forget" the current session's passwords.
> 
> 
> Even when AuthUser is being used? I've noticed a bug when setting up 
> protected pages that might be related to this.
> 
> It was hhappening with the beta series and still happens with 2.1.5.
> 
> When I'm switching back and forth between someone with read/edit 
> priviledges (User) and the admin user (Super), sometimes {$Author} 
> (displayed in the sidebar) will be wrong.

By default, {$Author} takes its value from whatever the author
has last entered in the "author" field of the edit form.  So,
that generally controls.

If the $Author variable is being set in a local configuration file,
then that takes precedences.  If it's being set to $AuthId, then it'll
be the value of the last authentication, whatever it happens to be.

> I know it will show Super when I think I'm logged in as User, yet have 
> only User's priviledges. Not sure if the login was following a 
> logout/login sequence or for some other reason. Yeah, not a terribly 
> useful description.
> 
> Site is www.cricket.onebit.ca . The wikicode showing the problem is
> (:if authid:)
> !User: {$Author}

To really know the identification of the last login, use {$AuthId}
instead of {$Author}.  {$AuthId} is always the last authenticated
identifier, {$Author} can be whatever value an author has set.

Pm




More information about the pmwiki-users mailing list