特拉克+ AccountManagerPlugin：如何让 cookie 共享正常工作？

发布于 2024-11-19 05:44:57 字数 939 浏览 3 评论 0原文

我有一个包含多个项目的活动 Trac 安装。我使用 AccountManagerPlugin 来管理用户帐户，并允许用户管理自己的帐户。

我当前的 AccountManagerPlugin 配置如下所示：

[account-manager]
account_changes_notify_addresses = 
authentication_url = 
force_passwd_change = true
generated_password_length = 8
hash_method = HtDigestHashMethod
htdigest_realm = TracRealm
notify_actions = []
password_file = /home/sms/trac_sites/trac.htdigest
password_store = HtDigestStore
persistent_sessions = true
user_lock_max_time = 0
verify_email = false

这非常有效，除了：每个 Trac 项目当前都需要单独的身份验证。 这些项目无法共享其身份验证 cookie。

设置auth_cookie_path = /trac不起作用，因为会话数据存储在每个项目自己的数据库中；因此，一个项目无法验证另一个项目的 cookie。更糟糕的是，这会导致项目覆盖彼此的 cookie。

使用未记录的两岁猴子补丁（SharedCookieAuthPlugin）似乎是一个坏主意。

有解决办法吗？

原文

I have an active Trac installation with multiple projects. I am using the AccountManagerPlugin to manage user accounts, and to allow users to manage their own accounts.

My current AccountManagerPlugin configuration looks like this:

[account-manager]
account_changes_notify_addresses = 
authentication_url = 
force_passwd_change = true
generated_password_length = 8
hash_method = HtDigestHashMethod
htdigest_realm = TracRealm
notify_actions = []
password_file = /home/sms/trac_sites/trac.htdigest
password_store = HtDigestStore
persistent_sessions = true
user_lock_max_time = 0
verify_email = false

This works great, except: Each Trac project currently requires separate authentication. The projects are unable to share their authentication cookies.

Setting auth_cookie_path = /trac does not work, because session data is stored in each project's own database; therefore one project cannot validate the cookie of another. Worse, this causes projects to overwrite each other's cookies.

Using an undocumented two-year-old monkey patch (SharedCookieAuthPlugin) seems like a bad idea.

Is there a solution?

分享到QQ

分享到微博