We shouldn’t be sending two cookies anymore since browsers treat both .my-app.foo.example.com and my-app.foo.example.com the same, so we could save some request bandwidth, but that is another ticket for later.
In other words, wild_domain being set to True or False makes no difference anymore. https://tools.ietf.org/html/rfc6265#section-5.2.3 > If the first character of the attribute-value string is %x2E (".”): > Let cookie-domain be the attribute-value without the leading %x2E > (".") character. and: https://tools.ietf.org/html/rfc6265#section-5.1.3 That being said, it should only be setting one cookie if wild_domain is False. Bert > On Aug 3, 2017, at 02:09, Torsten Irländer <[email protected]> wrote: > > Hi, > > I'm in doubt how to use the "wild_domain" option in > AuthTktAuthenticationPolicy correct or if I found a defect. Before opening a > ticket I want to ask here. > > I'm using for AuthTktAuthenticationPolicy cookie-based authentification for a > site hosted under "my-app.foo.example.com" > > As described in the documentation[0] I receive two cookie after > authentification on default configuration: > > 1. my-app.foo.example.com (host-only) > 2. .my-app.foo.example.com > > I expect when setting the "wild_domain" option to false only one cookie (the > host-only) is set. But the wild_domain option seems to have no effect for me. > I always get those two cookies. > I do not use any of the interferring option like "domain" or "parent_domain". > > How to use the "wild_domain" option correct to only receive one host-only > cookie? > > I'm using Pyramid 1.5.2. > > Some context: > However using "domain" has some effect as I only get one cookie, but this is > the wildcard and *not* the host-only one. Which isn't my expected behaviour > but might be another issue. > > regards > Torsten > > [0] > https://docs.pylonsproject.org/projects/pyramid/en/1.5-branch/api/authentication.html > > > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/pylons-discuss/717ee1f9-4092-4841-adab-3eb331b9e7ed%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/C7919999-58FB-41E4-B108-81A8A9F6A637%400x58.com. For more options, visit https://groups.google.com/d/optout.
