You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Wouldn't it be easier to amend the instructions to omit the token files from being deleted by overzealous admins doing spring cleaning? This is not exactly an issue that the average DokuWiki user or even admin encounters.
And I would not consider this to be a Bug either because deleting files in the cache directory is not a normal DokuWiki operation. Possibly a feature request.
I agree normally nobody has to manually clean the cache, and this is not a normal DW operation. But, pages, meta, attic files are not stored in the cache directory for a reason, that's not their place. I mean, a cache directory is usually for cache files, not long lived authentication files. In some situation, one might want to quickly remove the cache because of a cluttered system, and loose their JWT files, which might, or not, be a problem.
Anyway, it's for you to decide if this is a bug or not.
The problem
Hi,
Currently, JWT are stored in cache directory.
The problem is that cache content could easily be removed by an admin who “knows” that cache files can be removed without causing any harm.
DW maintenance tips page proposes a cleaning recipe that will remove JWT files.
I suggest that JWT be stored somewhere else. Maybe meta dir is a better choice or
conf/tokens
could be created for that matter.If that makes sense to you too, I could try to write a PR so that DW would:
conf/token
or$conf['metadir']
,Version of DokuWiki
2024-03-14a "Kaos"
PHP Version
irrelevant
Webserver and version of webserver
irrelevant
Browser and version of browser, operating system running browser
irrelevant
Additional environment information
No response
Relevant logs and/or error messages
No response
The text was updated successfully, but these errors were encountered: