Hi, Stefan!
| Stefan Ritt wrote: | | If "password file = xxx" is however in each individual logbooks configuration, then you get "path=/<lobook>". You can check that by inspecting your browser's cookies. In that case the login name and password cookies are only sent to the URL for that specific logbook. I have not tested that extensively (different browsers, with/without Apache proxy), but if it works reliably, I will put this into the documentation. |
We had done so on your advice and in principle this works, but our experience has shown one problem:
We have separated our logbooks into different top groups because of the sheer number of them (i.e. experiment logbooks in one top group with logbook groups for the sub-categories, personal analysis logbooks in another top group etc.). Obviously, the experiment logbooks may share the same login, therefore we have put the "password file" statement into that top group's global section (otherwise, we would have to log on to every beamtime logbook individually, which can be cumbersome when comparing e.g. experiment settings between beamtimes). For the personal logbooks, of course, we use per-logbook-access (i.e. "password file" statement in the individual logbook sections) such that logging on to one's own logbook does not imply access to someone else's logbook. However, since the group/top group structure does not appear in the elog URLs, the cookies for the beamtime logbooks all have the path set to "path=/". This breaks the scheme again (I guess we have sort of "abused" the concept of top groups a little) and it is not possible to work in one of the experiment logbooks in parallel with one's own logbook without having to renew the login when switching the logbook.
Is it possible to modify the elogd such that it first checks if, among the cookies sent, there is one where the path corresponds to the path of the current logbook, and evaluate cookies with "path=/" only if no such cookie is found?
Yoshio |