[Freeipa-devel] [PATCH 82] Compliant client side session cookie behavior
Rob Crittenden
rcritten at redhat.com
Fri Dec 7 20:44:41 UTC 2012
John Dennis wrote:
> Revised patch attached.
>
Why catch exceptions from client_session_keyring_keyname() when it
doesn't raise any?
In store_session_cookie() shouldn't we log an error if a cookie can't be
parsed, not a debug?
In apply_session_cookie() I think we should log Cookie.URLMismatch and
Exception at the error level instead of debug.
My knowledge of cookies is rusty, but I don't understand this bit in
path_valid()
+ if not url_path or not url_path.startswith('/'):
+ request_path = '/'
+ elif url_path.count('/') <= 1:
+ request_path = '/'
+ elif url_path.endswith('/'):
+ request_path = url_path[:-1]
+ else:
+ request_path = url_path
If my url_path cis /ipa isn't this going to treat it as "/"? That seems
wrong.
Functionally the patch appears to be fine.
rob
More information about the Freeipa-devel
mailing list