Multiple
cookies
Secured
cookies
The securedCookie parameter of Lemonldap::NG can
be set to:
- 0 : a session is created in session
database and the key is set in the cookie "lemonldap". It can be used
both on https and http applications
- 1 : a session is created in session
database and the key is set in the secured cookie "lemonldap". It can be
used only on https applications
-
2 (version 0.9.5) : 2 sessions are
created in "session" database and "sessionhttp" database :
- the first is set in the secured cookie "lemonldap". It can be
used only on https applications
- the second is set in the cookie "lemonldaphttp". It can be used
only on https applications
In the last case, if the unprotected cookie can be shown by a hacker,
he can not access to the https applications.
Cookie names
The names of the cookies can be change:
- the cookieName parameter can contains 1 or 2 names separated by a
space. The first is the name of the first cookie, the second is used in
the last case for the second cookie. If there is only 1 cookie, the
second will be named "<cookieName>http"