The tale of the Cookie Monster

We got some legends in tikiwiki and that one is quite simple : sometimes some users get disconnected wildly after a time, or are told to enable cookies when it's enabled already, such oddities. Actually the fact is that the browsers limits the number of cookies per domain to 20 (I still wonder why, but I spent weeks to figure that out and it's verified).

The Hunt

The cookie monster is not well hidden, it's a common javascript set of functions that centralize manageement of cookies for the menus switching, the tabs memory, and such things. The lair of the cookie monster is in line 347 in {CVS()}lib/tiki-js.js{CVS}

setCookie(name, value, section, expires, path, domain, secure)

  • used by other js functions with only 2 first args
  • used by js tz_offset with 4 args

getCookie(name, section)

  • used in other js functions

deleteCookie(name, path, domain)

  • not used anywhere, surprising

The 1.9 fix (sylvie)

An optional parameter session has been added to the setCookie and getCookie.
So instead of creating a cookie with the name name, it creates or uses the cookie with the name section. The value of this cookie is coded like this : @name:value@name2:value2
A section has been added for the menu entries.
TODO: put the other cookies in section

An attempt have been done to use a session variable and the XMLHTTP method. This would have eliminated all the cookies with a small loss of performance. In 1.9 it is still buggy and have been put into comments

Page last modified on Sunday 25 March 2007 03:28:55 GMT-0000