[Moin-user] upgrade to 1.7.2 blocked, external cookie auth does not work

Roger Haase crosseyedpenguin at yahoo.com
Tue Dec 2 20:30:17 EST 2008 



--- On Tue, 12/2/08, Michael Matthews <mjmatthews1 at rcn.com> wrote:

> From: Michael Matthews <mjmatthews1 at rcn.com>
> Subject: Re: [Moin-user] upgrade to 1.7.2 blocked, external cookie auth does not work
> To: 
> Cc: "moin Users" <moin-user at lists.sourceforge.net>
> Date: Tuesday, December 2, 2008, 5:19 PM
> Roger Haase wrote:
> >
> > --- On Tue, 12/2/08, Michael Matthews
> <mjmatthews1 at rcn.com> wrote:
> >
> >   
> >> From: Michael Matthews <mjmatthews1 at rcn.com>
> >> Subject: [Moin-user] upgrade to 1.7.2 blocked,
> external cookie auth does not work
> >> To: "moin Users"
> <moin-user at lists.sourceforge.net>
> >> Date: Tuesday, December 2, 2008, 11:10 AM
> >> I am trying to upgrade from 1.5.x ri 1.7.2. Am
> using my own
> >> external
> >> cookie authentication method. I did post this
> before but
> >> did not have
> >> time to follow through. When user logs in
> authentication
> >> takes place,
> >> login id is displayed but pagetrail only displays
> current
> >> page. I was
> >> told this is a session failure. How do I debug
> this failure
> >> (which is
> >> silent as far as I can tell)?
> >>
> >>     
> >
> > There is a help page for 1.7 here:
> >   
> http://master17.moinmo.in/HelpOnAuthentication/ExternalCookie
> >
> > Based upon your symptoms, a guess is either you are
> not setting a cookie, you are changing the cookie value with
> each page request, or you may be setting the cookie for the
> wrong domain.
> >
> > If you have the Firefox browser witht he Web Developer
> extension installed, verify you have a MOIN_SESSION cookie
> and the value is consistent for multiple page requests.
> >
> > Roger Haase
> >
> >
> >       
> >   
> Thanks for the URL. The example had some new code for me
> but  Still same
> behavior. No MOIN_SESSION cookie.
> 
> I am maintaining my own cookie which has nothing to do with
> MOIN cookie.
> I expect the application to maintain it's own cookie as
> needed. So where
> does this happen? And if it is required that the
> ExternalCookie routine
> create it why isn't it documented.  The example creates
> a MoinAuth
> cookie but I thought it was only an example.
> 
> My plugin worked in 1.5
> 

Yes, I had a hack for Moin <1.7 that worked too, but the Moin authentication process was changed in 1.7 - see the /docs/CHANGEs.

I had to rewrite my hack to fit the 1.7 model (there is another minor change required for Moin 1.8).  If your request method returns a user object, Moin will create the cookie.  The MoinAuth cookie is an example, it can be any name except MOIN_SESSION.  You may have to resort to writing to a log file to debug your code.  I included a "def writeLog(*args):" function in the example because I needed it to debug my code.

There appear to be few of using ExternalCookie for authentication, if you find errors in HelpOnAuthentication/ExternalCookie, please fix it.  

I will be MIA until Friday, good luck.

Roger Haase

More information about the Moin-user mailing list