Back to limesurvey.org

Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Cookies/Sessions: Why is LimeSurvey using the default sessionname?

  • jelo
  • jelo's Avatar Topic Author
  • Offline
  • Platinum Member
  • Platinum Member
More
6 years 11 months ago #164481 by jelo
Cookies/Sessions: Why is LimeSurvey using the default sessionname? was created by jelo
LS 3 is creating two session cookies.
Code:
Name  PHPSESSID (taken from php.ini)
Value  11c93...(etc.)
Host  host.domain.tld
Path  /
Expires  At end of session
Secure  Yes
HttpOnly  Yes
Name  YII_CSRF_TOKEN
 
 
Name  YII_CSRF_TOKEN
Value  SlBXd....(etc.)
Host  host.domain.tld
Path  /
Expires  At end of session
Secure  Yes
HttpOnly  No

Issues around sessions with multiple installations (can be your own space or on shared server with shared session storage) can be the result of the current behavior.

Wouldn't it be better to change the default behavior?
1. Recognize the path and set the path in the cookie.
LS is ignoring the path. If you have two installations in different paths, the cookies are the same.
You cannot stay logged in both LS installations.
2. Set a session-name (not using the default name)
secure.php.net/manual/en/session.configu...php#ini.session.name
3. Add a unique part (for every installation) to the names.

Example Nextcloud:
Code:
Name  nc_sameSiteCookielax
Value  true
Host  host.domain.tld
Path  /yourinstallation
Expires  Fri, 31 Dec 2100 23:59:59 GMT
Secure  Yes
HttpOnly  Yes
 
Name  nc_sameSiteCookiestrict
Value  true
Host  host.domain.tld
Path  /yourinstallation
Expires  Fri, 31 Dec 2100 23:59:59 GMT
Secure  Yes
HttpOnly  Yes
 
Name  oc3d172roqs9  (unique name)
Value  68899..(etc.)
Host  host.domain.tld
Path  /yourinstallation
Expires  At end of session
Secure  Yes
HttpOnly  Yes
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team & Official Partner
  • LimeSurvey Community Team & Official Partner
More
6 years 10 months ago #165027 by DenisChenu
Replied by DenisChenu on topic Cookies/Sessions: Why is LimeSurvey using the default sessionname?
You can set yourself what you want in config.php file.
www.limesurvey.org/manual/Optional_settings#Session_settings

I really think session name/path etc … are something related to server, not tool : then it's server admin part.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
The topic has been locked.
  • jelo
  • jelo's Avatar Topic Author
  • Offline
  • Platinum Member
  • Platinum Member
More
6 years 10 months ago #165034 by jelo
Replied by jelo on topic Cookies/Sessions: Why is LimeSurvey using the default sessionname?

DenisChenu wrote: I really think session name/path etc … are something related to server, not tool : then it's server admin part.

Choosing a default value is a very important thing. The question "Why is LimeSurvey using default sessionname" is still unanswered.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team & Official Partner
  • LimeSurvey Community Team & Official Partner
More
6 years 10 months ago - 6 years 10 months ago #165035 by DenisChenu
Replied by DenisChenu on topic Cookies/Sessions: Why is LimeSurvey using the default sessionname?
By default : LimeSurvey CHOOSE default sessionname set by server admin …

Then : i think really it's OK. php.ini can set anything on sessioname , even by hostname …
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
Last edit: 6 years 10 months ago by DenisChenu.
The topic has been locked.
Moderators: holchtpartner

Lime-years ahead

Online-surveys for every purse and purpose

Pricing & Plans
Get started

Legal

About Us

Open Source