ConsoleKit, PolicyKit, HAL, XDG_SESSION_COOKIE

Lennart Poettering mzqohf at
Thu Jul 22 10:33:36 PDT 2010

On Thu, 22.07.10 13:58, Julian Thomé (frostisch at wrote:

> Hello mailing list,
> i have a question about the interaction between HAL, ConsoleKit,
> PolicyKit and the environment variable XDG_SESSION_COOKIE.
> As described in the documentation of ConsoleKit, the session-leader(gdm,
> kdm) asks the ConsoleKit Daemon to open a new session. The ConsoleKit
> Daemon returns the secret cookie to the session-leader.
> The Console-Kit Daemon also determine which session is currently active
> and can take control of the hardware of the Seat.

Note that the secret cookie i actually not secret at all. It is
generated from a pseudo-random generator, from the current time and the
local machine uuid. It is trivial to guess for subsequent logins if you
logged in at least once. Just use the pseudo-random generator to calc he
next value form the one you got assigned and figure out the login time
from in utmp and you have the cookie.

I think the XDG_SESSION_COOKIE should go away and be replaced by the
audit session id as maintained by the kernel, which however has slightly
different semantics.


Lennart Poettering - Red Hat, Inc.

More information about the dbus mailing list