Description: ------------ When using the Auth (1.3.0r2) to secure different pages on the same server, it is recommended to call setSessionname() which, in turn, calls the php function @session_name(). However the constructor calls session_start() and session_register() on the local variable $this->_sessionName before setSessionName can be called. According to 'http://us4.php.net/manual/en/function.session-name.php' calling session_name has no effect after the session is registered... And my session and sessionid always stays on the internal name '_authsession'. The code has been like this for awhile so it's 'possible' something else is wrong in my setup, or else no-one has verified that the function really does anything. The constructor overrides anything I did in code. Reproduce code: --------------- The only way I could get it to work was modifying the constructor to register the correct name before starting the session. I guess it could start/register it later, like in the start function or something too... function Auth($storageDriver, $options = '', $loginFunction = '', $showLogin = true, $sessionName= '') { $this->applyAuthOptions($options); if ($sessionName) { $this->_sessionName = $sessionName; } ...

This bug has been fixed in CVS. In case this was a documentation problem, the fix will show up at the end of next Sunday (CET) on pear.php.net. In case this was a pear.php.net website problem, the change will show up on the website in short time. Thank you for the report, and for helping us make PEAR better. Fixed setSessionName to change the internal session variable name instead of calling session_name.

I looked at the proposed fix in CVS and don't see how it can fix the problem (in PHP 4 anyway). When you create a new instance of the class the Auth constructor is called, which does session_start and session_register. At this point calling the function setSessionName with whatever functionality it has will have no effect. You would have to call it before the constructor and I don't now of this being possible in php (4) unless I create a new class to extend Auth (silly idea), unless I'm missing something. This is why I proposed adding a new parameter directly to the constructor as the setSessionName doesn't work (at least the way its documented to) anyway. Thanks!

This bug has been fixed in CVS. In case this was a documentation problem, the fix will show up at the end of next Sunday (CET) on pear.php.net. In case this was a pear.php.net website problem, the change will show up on the website in short time. Thank you for the report, and for helping us make PEAR better. setSessionName now changes the internal session pointer by default auth data is kept in $_SESSION['_authsession'] by setting $auth->setSessionName('mySession'); the auth data will be kept in $_SESSION['_authmySession'] the setsessionname will no longer be used