[Freeipa-devel] [PATCH 82] Compliant client side session cookie behavior

Petr Viktorin pviktori at redhat.com
Mon Dec 10 12:30:45 UTC 2012 

On 12/09/2012 04:22 PM, John Dennis wrote:
> On 12/09/2012 10:04 AM, John Dennis wrote:
>> On 12/08/2012 11:16 AM, John Dennis wrote:
>>> I'll send an updated patch shortly with the above fix. I also noticed
>>> that http_return_ok() omitted the validation for the HttpOnly and Secure
>>> flags I'll add that too.
>>
>> Revised patch attached.
>
> Same patch contents but with typo fixed.
>

There's some more typos, but let's try to push this through and fix 
typos later.

Thanks for filing the Python bug & explaining your approaches. I still 
think this could be improved I'll stop bikeshedding now.

Just two issues:

When testing with lite-server listening on localhost, every request 
outputs "ipa: ERROR: not sending session cookie, URL mismatch". Is the 
message necessary?

Replying to a previous mail:

 >>> diff --git a/ipalib/session.py b/ipalib/session.py
 >>> index 36beece..900259a 100644
 >>> --- a/ipalib/session.py
 >>> +++ b/ipalib/session.py
 >>> @@ -955,13 +955,18 @@ class MemcacheSessionManager(SessionManager):
[...]
 >>> +        try:
 >>> +            session_cookie =
 >>> Cookie.get_named_cookie_from_string(cookie_header,
 >>> self.session_cookie_name)
 >>> +        except Exception, e:
 >>> +            session_cookie = None
 >>> +        else:
 >>> +            session_id = session_cookie.value
 >>
 >> When the user first accesses the Web UI, session_cookie will be None,
 >> resulting in an Internal Server Error.
 >
 > Hmm... I didn't see this in testing. I think you mean the cookie_header
 > will be None, not the session_cookie being None. That case should have
 > been caught by the try/except block surrounding
 > get_named_cookie_from_string(). But in any event I added a check for the
 > cookie_header being None at the top of the function. Or am I
 > misunderstanding the problem you saw?
 >

Yes, different problem.
No cookie exists, so Cookie.get_named_cookie_from_string returns None, 
session_cookie is set to None, no exception is raised, the else: block 
accesses `session_cookie.value`.
Tested with a clean install on f18.
The attached fix solves the problem.


-- 
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix.patch
Type: text/x-patch
Size: 503 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20121210/080b9ac6/attachment.bin>

More information about the Freeipa-devel mailing list