[Moin-user] upgrade to 1.7.2 blocked, external cookie auth does not work
Michael Matthews
mjmatthews1 at rcn.com
Wed Dec 3 11:09:46 EST 2008
Roger,
The problem is that Moinmoin cannot handle multiple cookies correctly. I
add my cookie(set-cookie header), MM adds it's cookie and when the
headers are emitted the cookies are merged and clobbered in the
MoinMoin/request/__init__.py emit_http_headers routine. The problem is
discussed here:
http://bugs.python.org/issue1660009
At this time I am not sure how to fix. Possibly merge cookies with ;
instead of comma which is what the server does but the browser may barf
on that. The real problem is that MoinMoin does not support multiple
header types. Will play with it.
thanks for your help on this.
Roger Haase wrote:
>
> --- On Tue, 12/2/08, Michael Matthews <mjmatthews1 at rcn.com> wrote:
>
>
>> From: Michael Matthews <mjmatthews1 at rcn.com>
>> Subject: Re: [Moin-user] upgrade to 1.7.2 blocked, external cookie auth does not work
>> To:
>> Cc: "moin Users" <moin-user at lists.sourceforge.net>
>> Date: Tuesday, December 2, 2008, 5:19 PM
>> Roger Haase wrote:
>>
>>> --- On Tue, 12/2/08, Michael Matthews
>>>
>> <mjmatthews1 at rcn.com> wrote:
>>
>>>
>>>
>>>> From: Michael Matthews <mjmatthews1 at rcn.com>
>>>> Subject: [Moin-user] upgrade to 1.7.2 blocked,
>>>>
>> external cookie auth does not work
>>
>>>> To: "moin Users"
>>>>
>> <moin-user at lists.sourceforge.net>
>>
>>>> Date: Tuesday, December 2, 2008, 11:10 AM
>>>> I am trying to upgrade from 1.5.x ri 1.7.2. Am
>>>>
>> using my own
>>
>>>> external
>>>> cookie authentication method. I did post this
>>>>
>> before but
>>
>>>> did not have
>>>> time to follow through. When user logs in
>>>>
>> authentication
>>
>>>> takes place,
>>>> login id is displayed but pagetrail only displays
>>>>
>> current
>>
>>>> page. I was
>>>> told this is a session failure. How do I debug
>>>>
>> this failure
>>
>>>> (which is
>>>> silent as far as I can tell)?
>>>>
>>>>
>>>>
>>> There is a help page for 1.7 here:
>>>
>>>
>> http://master17.moinmo.in/HelpOnAuthentication/ExternalCookie
>>
>>> Based upon your symptoms, a guess is either you are
>>>
>> not setting a cookie, you are changing the cookie value with
>> each page request, or you may be setting the cookie for the
>> wrong domain.
>>
>>> If you have the Firefox browser witht he Web Developer
>>>
>> extension installed, verify you have a MOIN_SESSION cookie
>> and the value is consistent for multiple page requests.
>>
>>> Roger Haase
>>>
>>>
>>>
>>>
>>>
>> Thanks for the URL. The example had some new code for me
>> but Still same
>> behavior. No MOIN_SESSION cookie.
>>
>> I am maintaining my own cookie which has nothing to do with
>> MOIN cookie.
>> I expect the application to maintain it's own cookie as
>> needed. So where
>> does this happen? And if it is required that the
>> ExternalCookie routine
>> create it why isn't it documented. The example creates
>> a MoinAuth
>> cookie but I thought it was only an example.
>>
>> My plugin worked in 1.5
>>
>>
>
> Yes, I had a hack for Moin <1.7 that worked too, but the Moin authentication process was changed in 1.7 - see the /docs/CHANGEs.
>
> I had to rewrite my hack to fit the 1.7 model (there is another minor change required for Moin 1.8). If your request method returns a user object, Moin will create the cookie. The MoinAuth cookie is an example, it can be any name except MOIN_SESSION. You may have to resort to writing to a log file to debug your code. I included a "def writeLog(*args):" function in the example because I needed it to debug my code.
>
> There appear to be few of using ExternalCookie for authentication, if you find errors in HelpOnAuthentication/ExternalCookie, please fix it.
>
> I will be MIA until Friday, good luck.
>
> Roger Haase
>
>
>
More information about the Moin-user
mailing list