New feature: cookie namespaces
So far, all OpenACS versions used "ad_" as a prefix for cookies (such
as ad_login, ad_session_id, ...). In certain situations this can lead
to confusion, since cookies are managed by browsers via domain names,
and running multiple OpenACS instances in the same domain will cause
overwriting of such cookies by these instances. The can happen e.g.
when running multiple instances on the same machine, or using
port-forwarding to virtual machines/containers, using reverse proxies,
etc. Note that the cookie overwriting problem does not exist for
host-node-mapped subsites, since host-node-mapping depends on domain
names.
One could consider using the port in the cookie name (as
sometimes noted as an option), but this would not work, in case the
same server should be reachable over multiple ports.
Therefore, one can now specify a "CookieNamespace" in the OpenACS
configuration file, which is per default "ad_", which is sufficient
for the majority of installations. In cases, where it is needed, a
different CookieNamespace can now be configured.
To manage the cookie names internally, OpenACS provides a new API call
security::cookie_name to derive the namespaced cookie name from a stem.
Snippet of the OpenACS configuration file for setting the CookieNamespace
#---------------------------------------------------------------------
# OpenACS specific settings (per server)
#---------------------------------------------------------------------
ns_section ns/server/${server}/acs {
ns_param CookieNamespace "ad_"
...
}
