HomeBlogsweitzman's blog

preventing annoying logouts when using multiple sites

Submitted by weitzman on Tue, 05/16/2006 - 03:24

UPDATE: i just had to add a conf_init() call before that line to get this working again. Odd.

Drupal 4.7 added a session_regenerate() call which makes it harder to stay logged into multiple sites on the same domain.That call is essential for preventing session fixation attacks, so I'd rather not comment it out, even on dev sites. My fix is to add the following line to bottom of settings.php

conf_init();
ini_set('session.name',  preg_replace("/[^a-z\d]/i", "", $GLOBALS['base_url']));

This line changes the session cookie's name from PHPSESSIONID to a name based on the name of your settings.php directory path. That path should be unique enough to prevent these cookie conflicts. The preg_replace() is there to strip out all non alphanumeric characters since those are invalid in a cookie name.

Also see Cannot stay logged in on more than one site on the same server

Tags:

Powered by Drupal, an open source content management system

About

Moshe WeitzmanMoshe Weitzman is a long time Drupal developer (since 2001). He manages groups.drupal.org and the Organic Groups module. His tiny company, Cyrve, specializes in data migration into Drupal. Read about his past projects (e.g. NY Observer) and contact him.

Moshe lives in Boston USA with his wife and 2 girls.

My Photos

Think!

Change Congress

Support CC - 2007

Support Obama 2008

Stop the Spying - EFF

Syndicate

Syndicate content

RSS, XHTML, CSS

Drupal Themes Design by SEOposition.com