You are viewing a plain text version of this content. The canonical link for it is here.

Posted to mod_python-dev@quetz.apache.org by "Graham Dumpleton (JIRA)" <ji...@apache.org> on 2006/03/05 06:37:40 UTC

[jira] Closed: (MODPYTHON-86) Multiple session cookies created when ApplicationPath is set to /

     [ http://issues.apache.org/jira/browse/MODPYTHON-86?page=all ]
     
Graham Dumpleton closed MODPYTHON-86:
-------------------------------------


> Multiple session cookies created when ApplicationPath is set to /
> -----------------------------------------------------------------
>
>          Key: MODPYTHON-86
>          URL: http://issues.apache.org/jira/browse/MODPYTHON-86
>      Project: mod_python
>         Type: Bug
>     Versions: 3.2.7
>  Environment: mod_python-3.2.2b.win32-py2.4.exe
>     Reporter: Jim Gallacher
>     Assignee: Jim Gallacher
>      Fix For: 3.2.7

>
> Originally reported by Villiam Manera on mod_python list.
> """
> Apache configuration --> PythonOption ApplicationPath '/'
> Before the beta there was only a cookie: pysid with path = '/'
> With the beta in place there are many pysid with different path,seems one each module  I call, example:
> Pysyd: e81c661b3c9d11948a3b643c4c031695855e254a61239279086ef1bb8916c10c path:/
> Pysid: 855e254a61239279086ef1bb8916c10c path: /cgi-mpy/cgi_mpy_utentis.py/
> Pysyd: 855e254a61239279086ef1bb8916c10c path: /cgi-mpy/cgi-mpy_menu.py/
> Pysyd: 855e254a61239279086ef1bb8916c10c path: /comm/comm_menu.py/
> Pysyd: 855e254a61239279086ef1bb8916c10c path: /pf/pf_magauto.py/ ......
> """
> Villiam traced the problem to the following code in Session.py
> class BaseSession(dict):
> .........
>         if self._sid:
>             # attempt to load ourselves
>             self.lock()
>             if self.load():
>                 self._new = 0
>                 if not req.headers_out.has_key("Set-Cookie"):
>                     Cookie.add_cookie(self._req, Cookie.Cookie(session_cookie_name, self._sid))
> The last two lines were added to 3.2 to support some new session handling functionality. For various reasons that new functionality has been deferred until 3.3, but the new code was not removed. That should not be a problem, except that it is both buggy and wrong. :-(
> The correct fix for the 3.2.x release is to remove those 2 lines.
>          if self._sid:
>              # attempt to load ourselves
>              self.lock()
>              if self.load():
>                  self._new = 0
>                  #if not cookies.has_key(session_cookie_name):
>                  #   Cookie.add_cookie(self._req, self.make_cookie())

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira