[Bug 15428] Different timeout preference for OPAC and staff interface
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15428 --- Comment #19 from David Cook <dcook@prosentient.com.au> --- (In reply to Katrin Fischer from comment #18)
But how do we know if it's an OPAC or a staff side cookie? Maybe naming the cookies differently and by that allowing to really have separate sessions independent of setup would be better.
Yes that's what I was thinking. We're replace CGISESSID with KOHA_OPAC_SESSID and KOHA_STAFF_SESSID or something like that, and then depending on where the auth is being initiated the appropriate cookie name would be looked up. (That said, I think that might get complicated with the API...so something to investigate further.)
One reason to use ports is to block access to the staff interface in a firewall. It's a valid configuration option.
You mean using access control lists in a firewall? That's true. I suppose that using different ports would be the only way to do it with that setup. I often suggest restricting by IP address at the HTTP/application layer, since it's easy to due on a per-host basis, but there's certainly advantages to restricting access at lower OSI layers. It's good to know that there are other folk out there restricting access to their staff interface. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org