New Q:A for FAQ

[David Miller]

On 9/29/2003 11:55 AM -0500, Bruce Heerssen wrote:

>       Why do users have to login again with each request?
>
> The cookiepath parameter is not set or is set incorrectly. This
> parameter sets the path parameter of the cookies that are sent to users'
> browsers. It should point to the directory immediately above that of
> your bugzilla installation. For instance, if your installation resides
> at http://www.yourserver.com/bugzilla, then the cookiepath parameter
> should be a single slash [/] mark indicating the root document directory.

This is not the correct answer.

If the URL to your Bugzilla is http://www.yourserver.com/bugzilla/ then the
cookiepath should be "/bugzilla/".  It is the actual directory containing
your Bugzilla installation, **as seen by the end-user's web browser**.
Leading and trailing slashes are mandatory.  You can put any directory
above the Bugzilla directory for the cookiepath.  But you can't put
something that isn't at least a partial match or it won't work.  What
you're actually doing is restricting the end-user's browser to sending the
cookies back only to that directory.

If you have more than one Bugzilla running on the server (some people do -
we do on landfill :)  then you need to have the cookiepath restricted
enough so that the different Bugzillas don't confuse their cookies with one
another.

On the other hand, if it's the only Bugzilla on the server, and you don't
mind having other applications on the same server with it being able to see
the cookies (you might be doing this on purpose if you have other things on
your site that share authentication with Bugzilla), then you'll want to
have the cookiepath set to "/", or to a sufficiently-high enough directory
that all of the involved apps can see the cookies.
-- 
Dave Miller      Project Leader, Bugzilla Bug Tracking System
http://www.justdave.net/             http://www.bugzilla.org/