The tale of the Cookie Monster
We got some legends in tikiwiki and that one is quite simple : sometimes some users get disconnected wildly after a time, or are told to enable cookies when it's enabled already, such oddities. Actually the fact is that the browsers limits the number of cookies per domain to 20 (I still wonder why, but I spent weeks to figure that out and it's verified).
The Hunt
The cookie monster is not well hidden, it's a common javascript set of functions that centralize manageement of cookies for the menus switching, the tabs memory, and such things. The lair of the cookie monster is in line 347 in {CVS()}lib/tiki-js.js{CVS}
setCookie(name, value, section, expires, path, domain, secure)
- used by other js functions with only 2 first args
- used by js tz_offset with 4 args
getCookie(name, section)
- used in other js functions
deleteCookie(name, path, domain)
- not used anywhere, surprising
The 1.9 fix (sylvie)
An optional parameter session has been added to the setCookie and getCookie.
So instead of creating a cookie with the name name, it creates or uses the cookie with the name section. The value of this cookie is coded like this : @name:value@name2:value2
A section has been added for the menu entries.
TODO: put the other cookies in section
An attempt have been done to use a session variable and the XMLHTTP method. This would have eliminated all the cookies with a small loss of performance. In 1.9 it is still buggy and have been put into comments