You are viewing a plain text version of this content. The canonical link for it is here.

Posted to mod_python-dev@quetz.apache.org by "Graham Dumpleton (JIRA)" <ji...@apache.org> on 2006/03/21 00:49:01 UTC

[jira] Created: (MODPYTHON-149) Allow cross subdomain sessions.

Allow cross subdomain sessions.
-------------------------------

         Key: MODPYTHON-149
         URL: http://issues.apache.org/jira/browse/MODPYTHON-149
     Project: mod_python
        Type: Improvement
  Components: session  
    Reporter: Graham Dumpleton
 Assigned to: Graham Dumpleton 


When session class creates cookie, it does not explicitly set the "domain" attribute. This means that the session will only apply to the specific site the request was targeted at. This precludes a single server hosting multiple virtual host subdomains under a parent domain and a session being shared across these sites.

The code could perhaps be enhanced to allow an option to be set to force the inclusion of a "domain" attribute in the cookie for the session much like it currently allows with the "path" attribute. The option for the latter is "ApplicationPath". As noted in MODPYTHON-127 there is an intent to properly namespace these mod_python options so maybe there should be an option:

  mod_python.Session.application_domain

with Session code implementing following in make_cookie() method:

        if config.has_key("mod_python.Session.application_domain"):
            c.domain = config["mod_python.Session.application_domain"]

Setting the domain though would only be required if you want cross site session cookies within an enclosing domain, it would not be required for a single site.

Depending on whether multiple applications are being hosted on sites under the same domain, an application may also want to override the session cookie name and session cookie path to avoid conflicts between multiple applications when doing this.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (MODPYTHON-149) Allow cross subdomain sessions.

Posted by "Graham Dumpleton (JIRA)" <ji...@apache.org>.

    [ http://issues.apache.org/jira/browse/MODPYTHON-149?page=comments#action_12376619 ] 

Graham Dumpleton commented on MODPYTHON-149:
--------------------------------------------

Following on from further discussions on option naming, as per MODPYTHON-127, option will now be called:

  mod_python.session.application_domain

> Allow cross subdomain sessions.
> -------------------------------
>
>          Key: MODPYTHON-149
>          URL: http://issues.apache.org/jira/browse/MODPYTHON-149
>      Project: mod_python
>         Type: Improvement

>   Components: session
>     Reporter: Graham Dumpleton
>     Assignee: Graham Dumpleton

>
> When session class creates cookie, it does not explicitly set the "domain" attribute. This means that the session will only apply to the specific site the request was targeted at. This precludes a single server hosting multiple virtual host subdomains under a parent domain and a session being shared across these sites.
> The code could perhaps be enhanced to allow an option to be set to force the inclusion of a "domain" attribute in the cookie for the session much like it currently allows with the "path" attribute. The option for the latter is "ApplicationPath". As noted in MODPYTHON-127 there is an intent to properly namespace these mod_python options so maybe there should be an option:
>   mod_python.Session.application_domain
> with Session code implementing following in make_cookie() method:
>         if config.has_key("mod_python.Session.application_domain"):
>             c.domain = config["mod_python.Session.application_domain"]
> Setting the domain though would only be required if you want cross site session cookies within an enclosing domain, it would not be required for a single site.
> Depending on whether multiple applications are being hosted on sites under the same domain, an application may also want to override the session cookie name and session cookie path to avoid conflicts between multiple applications when doing this.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Resolved: (MODPYTHON-149) Allow cross subdomain sessions.

Posted by "Graham Dumpleton (JIRA)" <ji...@apache.org>.

     [ http://issues.apache.org/jira/browse/MODPYTHON-149?page=all ]
     
Graham Dumpleton resolved MODPYTHON-149:
----------------------------------------

    Fix Version: 3.3
     Resolution: Fixed

> Allow cross subdomain sessions.
> -------------------------------
>
>          Key: MODPYTHON-149
>          URL: http://issues.apache.org/jira/browse/MODPYTHON-149
>      Project: mod_python
>         Type: Improvement

>   Components: session
>     Reporter: Graham Dumpleton
>     Assignee: Graham Dumpleton
>      Fix For: 3.3

>
> When session class creates cookie, it does not explicitly set the "domain" attribute. This means that the session will only apply to the specific site the request was targeted at. This precludes a single server hosting multiple virtual host subdomains under a parent domain and a session being shared across these sites.
> The code could perhaps be enhanced to allow an option to be set to force the inclusion of a "domain" attribute in the cookie for the session much like it currently allows with the "path" attribute. The option for the latter is "ApplicationPath". As noted in MODPYTHON-127 there is an intent to properly namespace these mod_python options so maybe there should be an option:
>   mod_python.Session.application_domain
> with Session code implementing following in make_cookie() method:
>         if config.has_key("mod_python.Session.application_domain"):
>             c.domain = config["mod_python.Session.application_domain"]
> Setting the domain though would only be required if you want cross site session cookies within an enclosing domain, it would not be required for a single site.
> Depending on whether multiple applications are being hosted on sites under the same domain, an application may also want to override the session cookie name and session cookie path to avoid conflicts between multiple applications when doing this.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Work started: (MODPYTHON-149) Allow cross subdomain sessions.

Posted by "Graham Dumpleton (JIRA)" <ji...@apache.org>.

     [ http://issues.apache.org/jira/browse/MODPYTHON-149?page=all ]
     
Work on MODPYTHON-149 started by Graham Dumpleton

> Allow cross subdomain sessions.
> -------------------------------
>
>          Key: MODPYTHON-149
>          URL: http://issues.apache.org/jira/browse/MODPYTHON-149
>      Project: mod_python
>         Type: Improvement

>   Components: session
>     Reporter: Graham Dumpleton
>     Assignee: Graham Dumpleton

>
> When session class creates cookie, it does not explicitly set the "domain" attribute. This means that the session will only apply to the specific site the request was targeted at. This precludes a single server hosting multiple virtual host subdomains under a parent domain and a session being shared across these sites.
> The code could perhaps be enhanced to allow an option to be set to force the inclusion of a "domain" attribute in the cookie for the session much like it currently allows with the "path" attribute. The option for the latter is "ApplicationPath". As noted in MODPYTHON-127 there is an intent to properly namespace these mod_python options so maybe there should be an option:
>   mod_python.Session.application_domain
> with Session code implementing following in make_cookie() method:
>         if config.has_key("mod_python.Session.application_domain"):
>             c.domain = config["mod_python.Session.application_domain"]
> Setting the domain though would only be required if you want cross site session cookies within an enclosing domain, it would not be required for a single site.
> Depending on whether multiple applications are being hosted on sites under the same domain, an application may also want to override the session cookie name and session cookie path to avoid conflicts between multiple applications when doing this.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Closed: (MODPYTHON-149) Allow cross subdomain sessions.

Posted by "Graham Dumpleton (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/MODPYTHON-149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Graham Dumpleton closed MODPYTHON-149.
--------------------------------------


> Allow cross subdomain sessions.
> -------------------------------
>
>                 Key: MODPYTHON-149
>                 URL: https://issues.apache.org/jira/browse/MODPYTHON-149
>             Project: mod_python
>          Issue Type: Improvement
>          Components: session
>            Reporter: Graham Dumpleton
>         Assigned To: Graham Dumpleton
>             Fix For: 3.3
>
>
> When session class creates cookie, it does not explicitly set the "domain" attribute. This means that the session will only apply to the specific site the request was targeted at. This precludes a single server hosting multiple virtual host subdomains under a parent domain and a session being shared across these sites.
> The code could perhaps be enhanced to allow an option to be set to force the inclusion of a "domain" attribute in the cookie for the session much like it currently allows with the "path" attribute. The option for the latter is "ApplicationPath". As noted in MODPYTHON-127 there is an intent to properly namespace these mod_python options so maybe there should be an option:
>   mod_python.Session.application_domain
> with Session code implementing following in make_cookie() method:
>         if config.has_key("mod_python.Session.application_domain"):
>             c.domain = config["mod_python.Session.application_domain"]
> Setting the domain though would only be required if you want cross site session cookies within an enclosing domain, it would not be required for a single site.
> Depending on whether multiple applications are being hosted on sites under the same domain, an application may also want to override the session cookie name and session cookie path to avoid conflicts between multiple applications when doing this.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.