[Freeipa-devel] [PATCH 82] Compliant client side session cookie behavior
John Dennis
jdennis at redhat.com
Mon Dec 10 14:00:34 UTC 2012
On 12/10/2012 07:30 AM, Petr Viktorin wrote:
> Just two issues:
>
> When testing with lite-server listening on localhost, every request
> outputs "ipa: ERROR: not sending session cookie, URL mismatch". Is the
> message necessary?
Rob asked for this to be changed from a debug message to an error which
made sense, in theory we should never get into the situation, if we do
something is terribly wrong. However neither of us thought about the
lite-server case. There are two possible ways to address this.
1) test for the lite server context and don't emit the message. We test
for lite server elsewhere and treat things differently. But I'm not a
big fan of this approach, it's a way for mistakes to creep in because
we're not exercising the same code paths during testing as we do during
production.
2) Make the domain in the cookie match the domain of the lite-server.
Currently we read the domain from api.env.host (technically it's the URL
host). Perhaps there should be a utility to return the URL host
component for those places that need it which detects which mode the
server is running in. I'll take a quick look and see if that makes sense.
>
> Replying to a previous mail:
>
> >>> diff --git a/ipalib/session.py b/ipalib/session.py
> >>> index 36beece..900259a 100644
> >>> --- a/ipalib/session.py
> >>> +++ b/ipalib/session.py
> >>> @@ -955,13 +955,18 @@ class MemcacheSessionManager(SessionManager):
> [...]
> >>> + try:
> >>> + session_cookie =
> >>> Cookie.get_named_cookie_from_string(cookie_header,
> >>> self.session_cookie_name)
> >>> + except Exception, e:
> >>> + session_cookie = None
> >>> + else:
> >>> + session_id = session_cookie.value
> >>
> >> When the user first accesses the Web UI, session_cookie will be None,
> >> resulting in an Internal Server Error.
Ah yes I see the mistake now, I was thinking it raised an exception
instead of returning None. Good catch, thanks!
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list