Hi there! I've run into this situation that looks like a bug.
I've found the problem when trying to make two apps share the sessions
(storing sessions in files or in database). But the problem only happens
when I use parametter-based router in order to exclusively map domains to
apps.
I've been able to reproduce it from scratch using web2py last stable
version (2.16.1). Here are the steps I follow to reproduce the problem:
1) Download and unzip web2py
2) From the admin app, create two new apps: *test* and *test_panel*
3) As we need the two apps to use the same database, delete
applications/test_panel/models/db.py and replace it by a symlink pointing
to applications/test/models/db.py
4) In models/db.py add this line right after instantiating DAL, in order to
connect to the session:
session.connect(request, response, cookie_key='mycookiekey', masterapp=
'test')
Notice the "masterapp" argument is pointing to the "test".
Remember both apps use the same model (symlinked).
5) The login/register/logout will be done in "test" app. For the sake of
this example, we won't make anymore changes to the apps (we would have to
delete the login/register/logout functions at *test_panel* app, as the
login will be done only in *test* app, but it's not necessary for this
example). Notice the only change we did is "session.connect" in the model,
nothing more.
*Up to here, it works like a charm*. I can login in *test* app, and then I
go to *test_panel* app and I can see that I'm logged in.
If I inspect the request cookies when accessing *test_panel* app, I can see
there are a couple of cookies sent:
session_id_test
session_data_test
session_id_test_panel
session_id_admin
The important part here is that the "session_data_test" cookie is sent,
that is, the cookie that was written when I logged in at *test* app.
So, everything works ok here. Both apps are sharing cookie sessions.
However, *the problem appears if we want to access test app in the main
domain and test_app in a subdomain*.
Here is the steps to reproduce the problem:
6) Create a routes.py file at the web2py root folder, and put this content:
# -*- coding: utf-8 -*-
routers = dict(
BASE=dict(
default_controller='default',
default_function='index',
domains={
'test.com':'test',
'panel.test.com': 'test_panel'
},
exclusive_domain=True,
)
)
7) Edit the /etc/hosts file and add both domains as localhost: *test.com*
and *panel.test.com*. This way, each app can be accessed only through the
specified domain.
*This is where the problem appears.* Apps no longer share sessions.
I login at test.com (remember to use the 8000 port or whatever port you
used to start web2py's embedded server).
Then I go to panel.test.com, inspect the request cookies and I see this
cookies are being sent:
session_id_test
session_id_test_panel
Notice there is no "session_data_test" cookie being sent, that's why I'm
not logged in when I go to panel.test.com.
*This problem is the same when the sessions are stored in database*. In
order to make that test, just replace session.connect with this:
session.connect(request, response, db=db, masterapp='test')
The problem is the same. Sessions are correctly shared, but in the moment
you configure routes.py to map each app to a specific domain, cookies
aren't shared anymore.
Is this the expected behaviour or could it be a bug?
Thanks in advance.
Regards,
Lisandro
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
