durusmail: quixote-users: Patch: smarter default session cookie path
Patch: smarter default session cookie path
2003-12-27
Greg Ward
2003-12-27
Greg Ward
Patch: smarter default session cookie path [PATCH]
2004-01-29
Jason E. Sibre (3 parts)
2004-02-03
Neil Schemenauer
2004-01-05
Oscar Rambla
Patch: smarter default session cookie path
Greg Ward
2003-12-27
On 26 December 2003, To quixote-users@mems-exchange.org said:
> The fix is pretty obvious: make the default session cookie path the URL
> of the application root, which is conveniently available in
> SCRIPT_NAME.  Patch attached.

Oops, if this patch is accepted, the comment above SESSION_COOKIE_PATH
in config.py will need editing.  Suggested rewrite:

# Domain and path to which the session cookie is restricted.  Leaving
# these undefined is fine.  Quixote does not have a default "domain"
# option, meaning the session cookie will only be sent to the
# originating server.  If you don't set the cookie path, Quixote will
# use your application's root URL (ie. SCRIPT_NAME in a CGI-like
# environment), meaning the session cookie will be sent to all URLs
# controlled by your application, but no other.

Also, this patch works for me with a CGI/FastCGI driver.  I suspect it
will work with SCGI, which also sets up a CGIish environment.  No clue
how it will work with mod_python, Twisted, or Medusa.  Anyone care to
try it out?

        Greg
--
Greg Ward                          http://www.gerg.ca/
If you don't have anything nice to say, come sit by me.
     --Dorothy Parker
reply