<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"> <head> <meta name="generator" content= "HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" /> <title>Lemonldap::NG documentation: 4.9-Multiple-cookies.html</title> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <style type="text/css"> /*<![CDATA[*/ body{ background: #ddd; font-family: sans-serif; font-size: 11pt; padding: 0 50px; } div.main-content{ padding: 10px; background: #fff; border: 2px #ccc solid; } a{ text-decoration: none; } p.footer{ text-align: center; margin: 5px 0 0 0; } .heading-1{ text-align: center; color: orange; font-variant: small-caps; font-size: 20pt; } .heading-1-1{ color: orange; font-size: 14pt; border-bottom: 2px #ccc solid; } pre{ background: #eee; border: 2px #ccc solid; padding: 5px; border-left: 10px #ccc solid; } ul.star li{ list-style-type: square; } /*]]>*/ </style> </head> <body> <div class="main-content"> <h2 class="heading-1"><span id="HMultiplecookies">Multiple cookies</span></h2> <p class="paragraph"></p> <ul> <li><a href="#HSecuredcookies">Secured cookies</a></li> <li><a href="#HCookienames">Cookie names</a></li> </ul> <h3 class="heading-1-1"><span id="HSecuredcookies">Secured cookies</span></h3> <p class="paragraph"></p>The securedCookie parameter of Lemonldap::NG can be set to: <ul class="star"> <li><strong class="strong">0</strong> : a session is created in session database and the key is set in the cookie "lemonldap". It can be used both on https and http applications</li> <li><strong class="strong">1</strong> : a session is created in session database and the key is set in the secured cookie "lemonldap". It can be used only on https applications</li> <li> <strong class="strong">2</strong> (version 0.9.5) : 2 sessions are created in "session" database and "sessionhttp" database : <ul class="star"> <li>the first is set in the secured cookie "lemonldap". It can be used only on https applications</li> <li>the second is set in the cookie "lemonldaphttp". It can be used only on https applications</li> </ul> </li> </ul>In the last case, if the unprotected cookie can be shown by a hacker, he can not access to the https applications. <h3 class="heading-1-1"><span id="HCookienames">Cookie names</span></h3> <p class="paragraph"></p>The names of the cookies can be change: <ul class="star"> <li>the cookieName parameter can contains 1 or 2 names separated by a space. The first is the name of the first cookie, the second is used in the last case for the second cookie. If there is only 1 cookie, the second will be named "<cookieName>http"</li> </ul> </div> <p class="footer"><a href="index.html">Index</a></p> </body> </html>