Issue66

Issues
Show Unassigned
Show All
Search

Login




Register
Lost your login?

Help
Roundup docs

Title remove port from cookie path
Priority bug Status unread
Superseder Nosy List ken
Assigned To Topics

Created on 2009-03-05.15:47:11 by ken, last changed 2009-03-05.15:47:11 by ken.

Messages
msg150 (view) Author: ken Date: 2009-03-05.15:47:10 
When you do:
1) login in "https"
2) all other in "http"
3) use Opera client
4) use non-standard port 
5) use AuthTkt cookie plugin
then port left in the domain in the cookie prevent Opera client to send cookie
to other port (i.e. http).

Solution: just remove port from cookie domain.

repoze.who.plugins.auth_tkt.py:

    def _get_cookies(self, environ, value):
        cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
        cur_domain = cur_domain.split(":")[0] # this removes port if any
        wild_domain = '.' + cur_domain
        cookies = [


auth_tkt.py
76d75
<         cur_domain = cur_domain.split(":")[0]
142,143c141,142
<             #cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
<             #wild_domain = '.' + cur_domain
---
>             cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
>             wild_domain = '.' + cur_domain
History
Date User Action Args
2009-03-05 15:47:11 ken create