I'm trying to setup a web site using:
- Drupal 5.3
- Gallery 2.2
- Drupal Gallery 5.x-2.0 module
- TinyMCE 2.1.2
- G2Image TinyMCE plugin 3.0.2
I had a few problems that I think were due to errors I made during software installation. These errors were not reproducible so I can't really describe them. But now, I have a small problem that occur everytime. Here is what happens:
1. I clear every cookie located on my site, and then log on. My Firefox browser then shows me a cookie named SESSxxxx. I think this is the Drupal sessions cookie.
2. I navigate to a page containing G2 filter tags. Some of them links to protected images that can only be viewed by authenticated users. So far so good. The URL of thumbnails and images seems corrects.
3. I then edit the page using TinyMCE. If I try to insert a new image using the G2Image plugin, it shows me only public albums (eg album that everyone can see). I can also notice that it sends me a cookie named PHPSESSID. Why ?
4. I open the emmbedded Gallery2 at <my-site>/drupal/?q=gallery. The first time I open it, every thumbnail and link to images have a g2_GALLERYSID=xxxx appended to it. The browser also get a cookie with that name and value. If I refresh the page, every g2_GALLESID disappear from URLs.
5. If I go back to the page I was editing. Now, the G2Image TinyMCE plugin works fine.
It's a bit annoying to have to visit the embedded gallery before editing anything. But since I don't understand what is going on, I'm wondering if there is a more important security problem somewhere.
Can someone explain me that behaviour ?
Thanks.