[Mailman-Developers] UPDATE-2 - problem with cookies? Round 2

Allen Bolderoff allen@gist.net.au
Fri, 24 Dec 1999 13:20:47 +1030 

OK. let me clarify myself.

it appears, that if mailman has not set a cookie, but a sitewide cookie exists 
in the browser, mailman will try to use the sitewide cookie, without checking 
if it is in fact the correct cookie (which at this point is not created).

so, instead of creating a new cookie, as it should, it is dying in the process 
of parsing the wrong cookie.

Hope this helps the developers.

Allen


-- 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Allen Bolderoff <allen@gist.net.au>
LNC - Redhat and Linux, help and commentary http://linux.netnerve.com
CTPC - Caffeine - get it here: http://www.coffee-tea-pots-cups.com/
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
GPG fingerprint = CBB0 8626 702C 3D01 B5AD  A54A DC2C 93B7 3E4B 6472
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++




Return-Path: <owner-mailman-developers@python.org>
Delivered-To: mailman-developers@dinsdale.python.org
Received: from python.org (parrot.python.org [132.151.1.90])
	by dinsdale.python.org (Postfix) with ESMTP
	id A809B1CD21; Thu, 23 Dec 1999 21:50:36 -0500 (EST)
Received: from ns1.gist.net.au (IDENT:root@main.gist.net.au [203.20.102.2])
	by python.org (8.9.1a/8.9.1) with ESMTP id VAA21724;
	Thu, 23 Dec 1999 21:50:33 -0500 (EST)
Received: from harper.gist.net.au (root@harper.gist.net.au [203.20.102.68])
	by ns1.gist.net.au (8.8.7/8.8.7) with ESMTP id MAA03331;
	Fri, 24 Dec 1999 12:18:59 +1030
Received: from harper.gist.net.au (IDENT:allen@localhost [127.0.0.1])
	by harper.gist.net.au (8.9.3/8.8.7) with ESMTP id NAA13571;
	Fri, 24 Dec 1999 13:21:14 +1030
Resent-Message-Id: <199912240251.NAA13571@harper.gist.net.au>
Message-Id: <199912240251.NAA13571@harper.gist.net.au>
X-Mailer: exmh version 2.1.0
To: blurr@txraves.org
In-Reply-To: Your message of "Thu, 23 Dec 1999 11:10:01 MDT."
             <014701bf4d68$8e7011b0$ea17a8c0@jordan> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 24 Dec 1999 13:14:17 +1030
From: Allen Bolderoff <allen@gist.net.au>
Resent-To: mailman-users@python.org
Resent-Cc: mailman-developers@python.org
Resent-Date: Fri, 24 Dec 1999 13:21:14 +1030
Resent-From: Allen Bolderoff <allen@gist.net.au>
Resent-Sender: allen@harper.gist.net.au
Subject: [Mailman-Developers] UPDATE - problem with cookies? Round 2
Sender: mailman-developers-admin@python.org
Errors-To: mailman-developers-admin@python.org
X-BeenThere: mailman-developers@python.org
X-Mailman-Version: 1.2 (experimental)
Precedence: bulk
List-Id: Mailman mailing list developers <mailman-developers.python.org>

> > What would you like us to do?  Yes, it looks like a bug.  Have you tried
> > either examining the cookie or deleting it?... since the error message
> > pretty
> > clearly points to the file of code, and the code is pretty clearly
> > examining
> > the cookie data itself and finding something wrong....
> > 
> > You might add something like
> > 
> > if len(cookiedata) < len(key): return 0
> > 
> > before 
> > 
> > if cookiedata[keylen+1] <> '"' and cookiedata[-1]....
> > 
> > in SecurityManager.py.
> > 
> > I haven't tested the fix, because I don't know if that's what's going
> > wrong.

This does not work, however, what I can tell you is that if there is another cookie set by the webserver, it appears to confuse mailman.

Mailman then tries to use the other cookie.

ie - I use roxen - http://www.roxen.com

roxen sets a unique cookie for every user that comes to the site.

when I turn on the debug messages by removing the commented debug code, and access a bad page, I get the cookie, which is called RoxenUserID showing in the debug file, not the one we would expect.

In fact, this seems to happen when the cookie does not exist (the authentication cookie that mailman makesm that is) 


Hope this helps 
-- 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Allen Bolderoff <allen@gist.net.au>
LNC - Redhat and Linux, help and commentary http://linux.netnerve.com
CTPC - Caffeine - get it here: http://www.coffee-tea-pots-cups.com/
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
GPG fingerprint = CBB0 8626 702C 3D01 B5AD  A54A DC2C 93B7 3E4B 6472
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++