[jira] Created: (MODPYTHON-86) Multiple session cookies created when ApplicationPath is set to /

Thu, 27 Oct 2005 12:53:17 -0700 

Multiple session cookies created when ApplicationPath is set to /
-----------------------------------------------------------------

         Key: MODPYTHON-86
         URL: http://issues.apache.org/jira/browse/MODPYTHON-86
     Project: mod_python
        Type: Bug
    Versions: 3.2    
 Environment: mod_python-3.2.2b.win32-py2.4.exe
    Reporter: Jim Gallacher
 Assigned to: Jim Gallacher 


Originally reported by Villiam Manera on mod_python list.

"""
Apache configuration --> PythonOption ApplicationPath '/'

Before the beta there was only a cookie: pysid with path = '/'

With the beta in place there are many pysid with different path,seems one each 
module  I call, example:

Pysyd: e81c661b3c9d11948a3b643c4c031695855e254a61239279086ef1bb8916c10c path:/
Pysid: 855e254a61239279086ef1bb8916c10c path: /cgi-mpy/cgi_mpy_utentis.py/
Pysyd: 855e254a61239279086ef1bb8916c10c path: /cgi-mpy/cgi-mpy_menu.py/
Pysyd: 855e254a61239279086ef1bb8916c10c path: /comm/comm_menu.py/
Pysyd: 855e254a61239279086ef1bb8916c10c path: /pf/pf_magauto.py/ ......
"""

Villiam traced the problem to the following code in Session.py

class BaseSession(dict):
.........
        if self._sid:
            # attempt to load ourselves
            self.lock()
            if self.load():
                self._new = 0
                if not req.headers_out.has_key("Set-Cookie"):
                    Cookie.add_cookie(self._req, 
Cookie.Cookie(session_cookie_name, self._sid))

The last two lines were added to 3.2 to support some new session handling 
functionality. For various reasons that new functionality has been deferred 
until 3.3, but the new code was not removed. That should not be a problem, 
except that it is both buggy and wrong. :-(

The correct fix for the 3.2.x release is to remove those 2 lines.

         if self._sid:
             # attempt to load ourselves
             self.lock()
             if self.load():
                 self._new = 0
                 #if not cookies.has_key(session_cookie_name):
                 #   Cookie.add_cookie(self._req, self.make_cookie())





-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to