> -----Original Message----- > From: quixote-users-bounces+jsibre=chironsys.com@mems-exchange.org > [mailto:quixote-users-bounces+jsibre=chironsys.com@mems-exchange.org]On > Behalf Of Greg Ward > Sent: Friday, December 26, 2003 7:38 PM > To: quixote-users@mems-exchange.org > Subject: [Quixote-users] Patch: smarter default session cookie path [Greg explains the problem, and supplies a patch to solve it] Thanks for putting this out here, Greg. During my session tribulations the last two days, I was actually bitten by the problem you described at one point, and remembering your post and applying the patch saved me who-knows-how-much-grief. Then I got other bugs... I'm sure you got a chuckle about them :) Anyway, things are going pretty well now, and in testing against Moz 1.5, IE6, and NN4.7, I found some problems with logging out in the latter. After modifying my copy of medusa_http.py to provide a trace of headers in and headers out, I narrowed the problem down to: [after successful login] OUTGOING: Set-Cookie = QX_session="1445a1dd640e66fe"; path=/ and [after successful logout] OUTGOING: Set-Cookie = QX_session=""; max-age=0 In IE and Moz, the missing 'path=/' is not an issue, but it causes NN4.7 to treat it as a different cookie: [next request, immediatly after logout, request coming from NN4.7] INCOMING: HTTP_COOKIE = QX_session="750697b293ab2a5b"; QX_session="" So, even though NN4.7 is old, and should probably be buried, I submit the following patches to help quixote play better with it (and bring the revoke_session_cookie code in line with your modifications to the set_session_cookie code): One is a patch against a session.py that has already been patched with your patch (session.py.cookie-path-revoke.patch), and the other is a patch against a 'stock' 0.7a3 session.py file (session.py.cookie-path-set-revoke.patch) Jason