User Identity are across multiple Nettes on same domain

5 years ago

woytam
Member | 11
+
0
-

My question is, if it's good and SAFE to share User Identity across multiple Nette frameworks?
Nette in its sandbox installation works only with session cookie which is same also for different Nette on same domain.

Example:
Two installations of Nette:
www.example.com/shop
www.example.com/blog

If you logged to /shop and then change your address to /blog, you will have the Identity from /shop.
In my opinion, it will be better to save with session the name of script, for example the full path of index.php, so the UserIndentity doesn't work across Nettes.