So far, all OpenACS versions used "ad_" as a prefix for cookies (such as ad_login, ad_session_id, ...). In certain situations this can lead to confusion, since cookies are managed by browsers via domain names, and running multiple OpenACS instances in the same domain will cause overwriting of such cookies by these instances. The can happen e.g. when running multiple instances on the same machine, or using port-forwarding to virtual machines/containers, using reverse proxies, etc. Note that the cookie overwriting problem does not exist for host-node-mapped subsites, since host-node-mapping depends on domain names.
One could consider using the port in the cookie name (as sometimes noted as an option), but this would not work, in case the same server should be reachable over multiple ports.
Therefore, one can now specify a "CookieNamespace" in the OpenACS configuration file, which is per default "ad_", which is sufficient for the majority of installations. In cases, where it is needed, a different CookieNamespace can now be configured.
To manage the cookie names internally, OpenACS provides a new API call security::cookie_name to derive the namespaced cookie name from a stem.
Snippet of the OpenACS configuration file for setting the CookieNamespace #--------------------------------------------------------------------- # OpenACS specific settings (per server) #--------------------------------------------------------------------- ns_section ns/server/${server}/acs { ns_param CookieNamespace "ad_" ... }
Loading ...