[Freeipa-devel] [PATCH 82] Compliant client side session cookie behavior
John Dennis
jdennis at redhat.com
Mon Dec 10 17:11:18 UTC 2012
In IRC Rob and I agreed the message about a URLMismatch should be at the
debug level and not the error level because it can occur on a client
anytime the client elects to connect to a different server, which is not
an error.
Attached is the revised patch and a diff against the previous patch and
this one just so it makes it easier to see what actually changed.
Basically it's 4 things:
* use xmlrpc_url as the cookies domain
* revert message back to debug level
* fix bug Petr3 found with uninitialized variable
* update make-lint not to complain about using the fields in a urlparse
result
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index b2ff362..a5c5de5 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -578,7 +578,7 @@ class xmlclient(Connectible):
pass
return original_url
except Cookie.URLMismatch, e:
- self.error("not sending session cookie, URL mismatch: %s", e)
+ self.debug("not sending session cookie, URL mismatch: %s", e)
return original_url
except Exception, e:
self.error("not sending session cookie, unknown error: %s", e)
diff --git a/ipalib/session.py b/ipalib/session.py
index b955b49..68b9b26 100644
--- a/ipalib/session.py
+++ b/ipalib/session.py
@@ -22,6 +22,7 @@ import errors
import os
import re
import time
+from urllib2 import urlparse
from text import _
from ipapython.ipa_log_manager import *
from ipalib import api, errors
@@ -964,7 +965,7 @@ class MemcacheSessionManager(SessionManager):
session_cookie = Cookie.get_named_cookie_from_string(cookie_header, self.session_cookie_name)
except Exception, e:
session_cookie = None
- else:
+ if session_cookie:
session_id = session_cookie.value
if session_id is None:
@@ -1083,8 +1084,8 @@ class MemcacheSessionManager(SessionManager):
expiration = None;
cookie = Cookie(self.session_cookie_name, session_id,
- domain=api.env.host, path=url_path,
- httponly=True, secure=True,
+ domain=urlparse.urlparse(api.env.xmlrpc_uri).netloc,
+ path=url_path, httponly=True, secure=True,
expires=expiration)
if add_header:
result = 'Set-Cookie: %s' % cookie
diff --git a/make-lint b/make-lint
index 4cd7ce6..ae09e2a 100755
--- a/make-lint
+++ b/make-lint
@@ -64,7 +64,8 @@ class IPATypeChecker(TypeChecker):
'pattern', 'pattern_errmsg'],
'ipalib.parameters.Enum': ['values'],
'ipalib.parameters.File': ['stdin_if_missing'],
- 'urlparse.SplitResult': ['netloc'],
+ 'urlparse.SplitResult': ['scheme', 'netloc', 'path', 'query', 'fragment', 'username', 'password', 'hostname', 'port'],
+ 'urlparse.ParseResult': ['scheme', 'netloc', 'path', 'params', 'query', 'fragment', 'username', 'password', 'hostname', 'port'],
'ipaserver.install.ldapupdate.LDAPUpdate' : ['log', 'debug', 'info', 'warning', 'error', 'critical', 'exception'],
'ipaserver.plugins.ldap2.SchemaCache' : ['log', 'debug', 'info', 'warning', 'error', 'critical', 'exception'],
'ipaserver.plugins.ldap2.IPASimpleLDAPObject' : ['log', 'debug', 'info', 'warning', 'error', 'critical', 'exception'],
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jdennis-0082-4-Compliant-client-side-session-cookie-behavior.patch
Type: text/x-patch
Size: 75567 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20121210/22aca04a/attachment.bin>
More information about the Freeipa-devel
mailing list