[geeklog-devtalk] geeklog-devel digest, Vol 1 #384 - 3 msgs

[geeklog-devel-request at lists.geeklog.net]

Send geeklog-devel mailing list submissions to
	geeklog-devel at lists.geeklog.net

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.geeklog.net/listinfo/geeklog-devel
or, via email, send a message with subject or body 'help' to
	geeklog-devel-request at lists.geeklog.net

You can reach the person managing the list at
	geeklog-devel-admin at lists.geeklog.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of geeklog-devel digest..."


Today's Topics:

   1. Re: Editable story IDs (Dirk Haun)
   2. Sessions, again (Dirk Haun)
   3. Re: Sessions, again (Tony Bibbs)

--__--__--

Message: 1
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Subject: Re: [geeklog-devel] Editable story IDs
Date: Thu, 2 Sep 2004 22:56:08 +0200
Organization: Terra Software Systems
Reply-To: geeklog-devel at lists.geeklog.net

I wrote:


>Heavy testing and feedback welcome ...


Found 2 bugs myself: There was a '$' missing in front of a variable name
in admin/story.php and changing an existing story's ID did not update the
story's ID in the article_images table (so the images weren't found any more).

This could really use some testing, it seems. Anyone?

bye, Dirk


-- 
http://www.haun-online.de/
http://geeklog.info/


--__--__--

Message: 2
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Date: Thu, 2 Sep 2004 23:12:05 +0200
Organization: Terra Software Systems
Subject: [geeklog-devel] Sessions, again
Reply-To: geeklog-devel at lists.geeklog.net

Guys,

I've installed the CVS code on my normal webspace today for the first
time. So I don't have that much control over that setup as I have
elsewhere. I found a couple of issues with the HTTP session stuff that
annoyed me

1. I usually use the PEAR installed on the server, not the local copy.
Since the HTTP sessions are in beta, they are not part of a standard PEAR
install and I have to use the PEAR classes that we ship with Geeklog.

Something is wrong with our approach here. The PEAR guys are pretty picky
(ask Tony), so when they haven't released HTTP session yet, there must be
a reason for this. Plus I can foresee the support issues this extra class
will cause us.

2. When browsing the site in Lynx, I was asked twice to accept cookies.
Once for www.example.com and once for .example.com. The latter is normal
- that's for Geeklog's cookies. The former must come from the HTTP
sessions class then and it seems to be using a different domain name.

Is this configurable in the sessions class? Otherwise, it'll add an extra
level of annoyance for people who are picky about cookies (like myself ...).

3. When validating the HTML of my site, the validator complained (and
rightly so) about session IDs that were inserted in the HTML! Since the
W3C validator, <http://validator.w3.org/>, doesn't accept cookies the
session code seems to fall back to using session IDs in the URLs, e.g.

    .../index.php?topic=music&SessionID=vp4137881690fd2

The problem here is that (as part of a link) it should read &amp;
SessionID=... This is actually a configuration issue in php.ini, but on
shared web hosting, you often don't have the permissions to change that.

Why is the sessions class injecting session IDs in the code anyway? Is
this configurable?


Overall, I have to say that I'm not too pleased with the current state.
I'm actually pretty close to ripping it out of CVS again.

I see the potential benefits for using PHP sessions, but something about
our current approach seems to be wrong ...

bye, Dirk


-- 
http://www.haun-online.de/
http://mypod.de/


--__--__--

Message: 3
Date: Thu, 02 Sep 2004 16:49:55 -0500
From: Tony Bibbs <tony at tonybibbs.com>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] Sessions, again
Reply-To: geeklog-devel at lists.geeklog.net

Dirk Haun wrote:


> <>Guys,

>

> I've installed the CVS code on my normal webspace today for the first

> time. So I don't have that much control over that setup as I have

> elsewhere. I found a couple of issues with the HTTP session stuff that

> annoyed me

>

> 1. I usually use the PEAR installed on the server, not the local copy.

> Since the HTTP sessions are in beta, they are not part of a standard PEAR

> install and I have to use the PEAR classes that we ship with Geeklog.

> Something is wrong with our approach here. The PEAR guys are pretty picky

> (ask Tony), so when they haven't released HTTP session yet, there must be

> a reason for this. Plus I can foresee the support issues this extra class

> will cause us.


The code base for this is small.  That said, I can probably get some of 
the bug fixes I have already implemented into it and re-release it.  
Another option is to simply write our own session handler which is quite 
trivial (even for storing stuff in a database).  That way you get rid of 
the PEAR requirement and give lib-sessions a much needed upgrade.  
Regardless, I think the session handling in Geeklog is archaic at best 
and needs revamping.  Whether we do it here now or in a another release 
is up to you guys.


> <>

> 2. When browsing the site in Lynx, I was asked twice to accept cookies.

> Once for www.example.com and once for .example.com. The latter is normal

> - that's for Geeklog's cookies. The former must come from the HTTP

> sessions class then and it seems to be using a different domain name.

>

> Is this configurable in the sessions class? Otherwise, it'll add an extra

> level of annoyance for people who are picky about cookies (like myself 

> ...).


I'll double check on this.  Again, small code base so fixing this isn't 
an issue.  I'm assuming the write you are seeing is when it is writing 
the Session ID to the cookie, right?  That's the only thing I can think of.


> <>

> 3. When validating the HTML of my site, the validator complained (and

> rightly so) about session IDs that were inserted in the HTML! Since the

> W3C validator, <http://validator.w3.org/>, doesn't accept cookies the

> session code seems to fall back to using session IDs in the URLs, e.g.

>

> .../index.php?topic=music&SessionID=vp4137881690fd2

>

> The problem here is that (as part of a link) it should read &amp;

> SessionID=... This is actually a configuration issue in php.ini, but on

> shared web hosting, you often don't have the permissions to change that.

>

> Why is the sessions class injecting session IDs in the code anyway? Is

> this configurable?


Again, small code base.  It's probably as easy as ripping out the IF 
logic that enables that.


> <>

>

> Overall, I have to say that I'm not too pleased with the current state.

> I'm actually pretty close to ripping it out of CVS again.


I'm less pessimestic.  I think with all the changes and the 
register_globals stuff we should take our time, call this release 1.4 
and move on.  In fact, I'd say we could probably have something we 
haven't had in a while, a beta release.  Just a suggestion.  I'll work 
with Blaine on the session stuff and see if we can't get it all ironed 
out.  If  you decide to rip it out of CVS, please give a heads up so I 
can bring a copy down just prior.

In the meantime I'll be busy getting the to-do items off my plate over 
this holiday weekend.

--Tony


--__--__--

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel


End of geeklog-devel Digest