Using XML-RPC/Soap (if not allowing anonymous) requires you to login, and then pass the token to each function call. This is fine for a standalone client code/script, but if you want to make use of xml-rpc in a php served web page that just needs to check that you are logged in, and pull back your username, there is no way to access the token. The login token should be available via the seraph.confluence cookie. Also, it would be great if this cookie had a configurable path/realm so that you can choose to expose it to the rest of your site.

e.g. If I have a site as http://mywebspace/. and confluence is setup as http://mywebspace/wiki/ then the cookie will only be pathed to /wiki and not /

There appears to be no ability to configu to expose the confluence user session cookie data to a larger cookie realm. This would be nice as it would allow for development off a single-sign-on environment where the core of that SSO is confluence's existing session management.

In the past there was a bug fix to restrict the cookie path to the context path of confluence to ensure that the cookies don't colide with JIRA and other Seraph authenticating web applications. This was a good fix, but it's ultimatly removed the ability to pass the cookie to a PHP coded page, that could decode the cookie, get the authentication token, and use that via the XML-RPC or Soap Remote API to perform tasks knowing the use it logged in.

There are plenty of examples on writting my own single sign on code, but why go to that effort when the framwork is in place within confluence itself, I just need to be able to talk to it.

I'd like to see the authentication token, stored into the cookie, to be able to configure the cookie to default to the context path, but allow for this to be set as '/'.

Unless there is a way to configure this, but it's just buried somewhere in the config files. I haven't had much success finding it as yet.

Any ideas, could the previous bug fixes be modified to make it a little more admin-configurable?