| Jim Gallacher (JIRA) 2005-10-28, 5:31 pm |
| Multiple session cookies created when ApplicationPath is set to /
-----------------------------------------------------------------
Key: MODPYTHON-86
URL: http://issues.apache.org/jira/browse/MODPYTHON-86
Project: mod_python
Type: Bug
Versions: 3.2
Environment: mod_python-3.2.2b.win32-py2.4.exe
Reporter: Jim Gallacher
Assigned to: Jim Gallacher
Originally reported by Villiam Manera on mod_python list.
"""
Apache configuration --> PythonOption ApplicationPath '/'
Before the beta there was only a cookie: pysid with path = '/'
With the beta in place there are many pysid with different path,seems one each module I call, example:
Pysyd: e81c661b3c9d11948a3b643c4c031695855e254a
61239279086ef1bb8916c10c path:/
Pysid: 855e254a61239279086ef1bb8916c10c path: /cgi-mpy/cgi_mpy_utentis.py/
Pysyd: 855e254a61239279086ef1bb8916c10c path: /cgi-mpy/cgi-mpy_menu.py/
Pysyd: 855e254a61239279086ef1bb8916c10c path: /comm/comm_menu.py/
Pysyd: 855e254a61239279086ef1bb8916c10c path: /pf/pf_magauto.py/ ......
"""
Villiam traced the problem to the following code in Session.py
class BaseSession(dict):
..........
if self._sid:
# attempt to load ourselves
self.lock()
if self.load():
self._new = 0
if not req.headers_out.has_key("Set-Cookie"):
Cookie.add_cookie(self._req, Cookie.Cookie(session_cookie_name, self._sid))
The last two lines were added to 3.2 to support some new session handling functionality. For various reasons that new functionality has been deferred until 3.3, but the new code was not removed. That should not be a problem, except that it is both buggy a
nd wrong. :-(
The correct fix for the 3.2.x release is to remove those 2 lines.
if self._sid:
# attempt to load ourselves
self.lock()
if self.load():
self._new = 0
#if not cookies.has_key(session_cookie_name):
# Cookie.add_cookie(self._req, self.make_cookie())
|