register cookies in $_REQUEST any more by default (there's now a php.ini
variable 'request_order' to controll that, but we want to work with a
default configuraltion):
- session restore was not working, as only $_REQUEST[sessionid] was checked
- multi domain installs not working, as domain cookie was not checked
- encrypted session were not working, because kp3 cookie was not checked
--> there's now a static method egw_session::get_request($name), which
checks $_REQUEST[$name], $_COOKIE[$name] and for that Safari bug also
$_COOKIE[ucfirst($name)]
Patch is mostly created by script in egroupware/doc/fix_depricated.php in separate commit.
I do NOT advice to apply this patch to a production system (it's commited to trunk!), as the automatic modified regular expressions have a good change to break something ...
- it now also encrypts the egw object and egw_info array, stored in the session
- it no longer encrypts every egw_session::appsession() call, but the
whole array at once when the egw_session object gets destroyed
- mcrypt algo and mode are currently hardcoded to tripledes and ecb, as
we dont have the database connection, when they are needed. You can
add it as egw_info[server][mcrypt_{algo|mode}] in the header.inc.php
- fixed a bug, which let the session grow around 400k(!) each request
- if mcrypt or the selected algo/mode is not availible the session
encryption is switched off automatic, but an error is logged
- DONT UPDATE ON A PROCUDTION SYSTEM (for the next few days)!
- eGW support from now on only php session handling
- custom session handlers (like the memcache one) can now be
implemented as classes and dont need to change any other code
- the class get's autoloaded and the name need to be configured
eg. in the header.inc.php as $egw_info[server][session_handler]
- session restore is now enabled by default (it's way faster and
works well with php5.1+)
- a db-bases session handler follows soon
- problem with $GLOBALS[egw]->translation is no object in common_functions.inc.php (lang() function)
- session cokie with path / (and old session-id) gives "your session could not be verified"
Please note: If you already edited your phpgwapi/inc/functions.inc.php to switch it off, you will get an cvs conflict on updating, just do a "cvs update -C phpgwapi/inc/functions.inc.php" to fix it. If you want to use the session restore or you already used it, you need to go to Setup >> Headeradmin and switch it on there.
At the moment you need to log out to activate any changes in the config, preferences or the apps enabled for a user. This can be changed easily by invalidating the cache.
2) New way to create an anoymous session: you can specify a callback function, which gets called if the session could not be verified. The callback can use the DB or instanciate a config object to get the account-date, which it returns. A new session get then created.
1) $GLOBALS['phpgw_info'] to $GLOBALS['egw_info'],
2) $GLOBALS['phpgw'] to $GLOBALS['egw'],
3) PHPGW_ to EGW_ constants
The phpgw ones ars now a reference to the new egw ones, to allow a soft migration
