Issue66

Title remove port from cookie path
Priority bug Status chatting
Superseder Nosy List ken
Assigned To Topics

Created on 2009-03-05.15:47:11 by ken, last changed 2010-05-13.16:28:55 by nedosa.

Messages
msg407 (view) Author: nedosa Date: 2010-05-13.16:28:54
I also confirm this bug. Cookies with a domain property that ends with a port
number are not saved in FF3+. This bug makes it hard to adequately test certain
authentication cases.
msg389 (view) Author: Mohjive Date: 2010-03-18.20:31:17
Without any further investigation of headers, "masking" as IE will allow Opera to sign in.
msg150 (view) Author: ken Date: 2009-03-05.15:47:10
When you do:
1) login in "https"
2) all other in "http"
3) use Opera client
4) use non-standard port 
5) use AuthTkt cookie plugin
then port left in the domain in the cookie prevent Opera client to send cookie
to other port (i.e. http).

Solution: just remove port from cookie domain.

repoze.who.plugins.auth_tkt.py:

    def _get_cookies(self, environ, value):
        cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
        cur_domain = cur_domain.split(":")[0] # this removes port if any
        wild_domain = '.' + cur_domain
        cookies = [


auth_tkt.py
76d75
<         cur_domain = cur_domain.split(":")[0]
142,143c141,142
<             #cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
<             #wild_domain = '.' + cur_domain
---
>             cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
>             wild_domain = '.' + cur_domain
History
Date User Action Args
2010-05-13 16:28:55 nedosa set messages: + msg407
2010-03-18 20:31:18 Mohjive set status: unread -> chatting
messages: + msg389
2009-03-05 15:47:11 ken create