[Bug 32385] New: OPAC and staff (intranet) should not share the same session and cookie
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32385 Bug ID: 32385 Summary: OPAC and staff (intranet) should not share the same session and cookie Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: m.de.rooy@rijksmuseum.nl QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org See also bug 32369. A login via OPAC should imo not allow you to access staff too when you share the same domain (and cookies) between them. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32385 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cslone@camdencountylibrary. | |org, | |dcook@prosentient.com.au, | |jonathan.druart+koha@gmail. | |com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32385 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=32369 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32385 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.renvoize@ptfs-europe | |.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32385 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |15428 --- Comment #1 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- I think in a way this is a requirement for the older bug 15428. When we have different sessions, we can also implement different timeouts if I am not mistaken. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 [Bug 15428] Different timeout preference for opac and intranet -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32385 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|15428 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 [Bug 15428] Different timeout preference for OPAC and staff interface -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32385 --- Comment #2 from David Cook <dcook@prosentient.com.au> --- Something else to keep in mind is cookie authentication for the REST API interface via the staff interface and OPAC. Maybe this is an opportunity to switch away from "CGISESSID" to more Koha-specific cookie names. There are over 200 references to CGISESSID in the code, although to lessen the work we could just change the cookie name for the OPAC. That would involve fewer script changes. Auth.pm would need an update at a minimum though. If someone is willing to do the work, I suppose there's no reason not to... -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org