- Posts: 5033
- Thank you received: 1257
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
Cookies/Sessions: Why is LimeSurvey using the default sessionname?
- jelo
- Topic Author
- Offline
- Platinum Member
Less
More
6 years 1 month ago #164481
by jelo
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Cookies/Sessions: Why is LimeSurvey using the default sessionname? was created by jelo
LS 3 is creating two session cookies.
Issues around sessions with multiple installations (can be your own space or on shared server with shared session storage) can be the result of the current behavior.
Wouldn't it be better to change the default behavior?
1. Recognize the path and set the path in the cookie.
LS is ignoring the path. If you have two installations in different paths, the cookies are the same.
You cannot stay logged in both LS installations.
2. Set a session-name (not using the default name)
secure.php.net/manual/en/session.configu...php#ini.session.name
3. Add a unique part (for every installation) to the names.
Example Nextcloud:
Code:
Name PHPSESSID (taken from php.ini) Value 11c93...(etc.) Host host.domain.tld Path / Expires At end of session Secure Yes HttpOnly Yes Name YII_CSRF_TOKEN Name YII_CSRF_TOKEN Value SlBXd....(etc.) Host host.domain.tld Path / Expires At end of session Secure Yes HttpOnly No
Issues around sessions with multiple installations (can be your own space or on shared server with shared session storage) can be the result of the current behavior.
Wouldn't it be better to change the default behavior?
1. Recognize the path and set the path in the cookie.
LS is ignoring the path. If you have two installations in different paths, the cookies are the same.
You cannot stay logged in both LS installations.
2. Set a session-name (not using the default name)
secure.php.net/manual/en/session.configu...php#ini.session.name
3. Add a unique part (for every installation) to the names.
Example Nextcloud:
Code:
Name nc_sameSiteCookielax Value true Host host.domain.tld Path /yourinstallation Expires Fri, 31 Dec 2100 23:59:59 GMT Secure Yes HttpOnly Yes Name nc_sameSiteCookiestrict Value true Host host.domain.tld Path /yourinstallation Expires Fri, 31 Dec 2100 23:59:59 GMT Secure Yes HttpOnly Yes Name oc3d172roqs9 (unique name) Value 68899..(etc.) Host host.domain.tld Path /yourinstallation Expires At end of session Secure Yes HttpOnly Yes
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13597
- Thank you received: 2487
6 years 1 month ago #165027
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Cookies/Sessions: Why is LimeSurvey using the default sessionname?
You can set yourself what you want in config.php file.
manual.limesurvey.org/Optional_settings#Session_settings
I really think session name/path etc … are something related to server, not tool : then it's server admin part.
manual.limesurvey.org/Optional_settings#Session_settings
I really think session name/path etc … are something related to server, not tool : then it's server admin part.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- jelo
- Topic Author
- Offline
- Platinum Member
Less
More
- Posts: 5033
- Thank you received: 1257
6 years 1 month ago #165034
by jelo
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic Cookies/Sessions: Why is LimeSurvey using the default sessionname?
Choosing a default value is a very important thing. The question "Why is LimeSurvey using default sessionname" is still unanswered.DenisChenu wrote: I really think session name/path etc … are something related to server, not tool : then it's server admin part.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13597
- Thank you received: 2487
6 years 1 month ago - 6 years 1 month ago #165035
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic Cookies/Sessions: Why is LimeSurvey using the default sessionname?
By default : LimeSurvey CHOOSE default sessionname set by server admin …
Then : i think really it's OK. php.ini can set anything on sessioname , even by hostname …
Then : i think really it's OK. php.ini can set anything on sessioname , even by hostname …
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Last edit: 6 years 1 month ago by DenisChenu.
The topic has been locked.