Issue66

Issues
Show Unassigned
Show All
Search

Login




Register
Lost your login?

Help
Roundup docs

Title remove port from cookie path
Priority bug Status chatting
Superseder Nosy List ken
Assigned To Topics

Created on 2009-03-05.15:47:11 by ken, last changed 2010-05-13.16:28:55 by nedosa.

Messages
msg407 (view) Author: nedosa Date: 2010-05-13.16:28:54 
I also confirm this bug. Cookies with a domain property that ends with a port
number are not saved in FF3+. This bug makes it hard to adequately test certain
authentication cases.
msg389 (view) Author: Mohjive Date: 2010-03-18.20:31:17 
Without any further investigation of headers, "masking" as IE will allow Opera to sign in.
msg150 (view) Author: ken Date: 2009-03-05.15:47:10 
When you do:
1) login in "https"
2) all other in "http"
3) use Opera client
4) use non-standard port 
5) use AuthTkt cookie plugin
then port left in the domain in the cookie prevent Opera client to send cookie
to other port (i.e. http).

Solution: just remove port from cookie domain.

repoze.who.plugins.auth_tkt.py:

    def _get_cookies(self, environ, value):
        cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
        cur_domain = cur_domain.split(":")[0] # this removes port if any
        wild_domain = '.' + cur_domain
        cookies = [


auth_tkt.py
76d75
<         cur_domain = cur_domain.split(":")[0]
142,143c141,142
<             #cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
<             #wild_domain = '.' + cur_domain
---
>             cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
>             wild_domain = '.' + cur_domain
History
Date User Action Args
2010-05-13 16:28:55 nedosa set messages: + msg407
2010-03-18 20:31:18 Mohjive set status: unread -> chatting
messages: + msg389
2009-03-05 15:47:11 ken create