Garvin has been assisting me in this matter. Here is what we have done:
1. Serendipity's core code has been modified (1.6 svn branch) to properly allow one to change session names.
2. No core amember files have been modified.
3.1 .htaccess of serendipity has been modified:
Code: Select all
php_value auto_prepend_file "/path/to/prepend/file/test-sessions.php"
3.2. my test-sessions.php file causes serendipity to use a default session name:
Code: Select all
<?php
session_name('PHPSESSID');
session_start();
$_SESSION['SERVER_GENERATED_SID'] = 'ijustcalltosayifillyou';
4. .htaccess was added to aMember root folder to make aMember NOT use the same code that is prepended to serendipity, to avoid problems:
Code: Select all
php_value auto_prepend_file None
RewriteEngine Off
This all works perfectly - users are properly logged into serendipity upon successful aMember login.
Unfortunately, they are NOT logged out upon aMember logout or even when a browser is closed. This is a problem because a user could have serendipity access beyond their Amember subscription period.
When aMember developers were trying to get their plugin compatible with s9y 1.5.x, they too had a problem with logging out of serendipity. Does this email exchange provide any help (messages are shown as newest first):
----------------------------------------------------
Hello, Don.
I've modified plugin. It will set authorization Cookies with life time equals to 1 hour.
BTW, aMember will remove these Cookies on logout.
----------------------------------------------------
Yes, this is critical. Think of this: Consider a subscription period of one month. Imagine that the serendipity session also lasts a month. The aMember subscription could expire, but a user would still have access to content well beyond their subscription period.
Can you think of some way to ensure visitors do not have access to protected content beyond their subscription period?
=Don=
----------------------------------------------------
Hello, Don.
Is this critical?
Serendipity uses it's own sessions and aMember can't set or remove it.
So, I've used Cookies to make single login work but it isn't suitable for logout.
----------------------------------------------------
The login function seems to work, but not the log out. When I log out of amember, I am still logged into serendipity.
=Don=