Since it looks like another release is approaching... the following is a
patch I have to apply to Quixote before it works right on lwn.net:8088.  I
do *not* propose this patch for general inclusion; it is certainly not the
right solution.

The problem, essentially, is this: when the server is "lwn.net", setting
cookies with an explicit domain causes the cookies to be rejected by the
browser.  I believe this behavior is rooted in the spec for cookies, which
says the cookie domain must have two periods in it.  In fact, "www.lwn.net"
works, but that's not the address we export.

If, on the other hand, you leave the domain out entirely, things work.

The real solution, I think, is to allow None as a value for COOKIE_DOMAIN,
and to tweak http_response:_get_cookie_headers() to drop attributes with
null values.  An easy thing to hack up and send in, if people think that's
the right approach...?

jon

Jonathan Corbet
Executive editor, LWN.net
corbet@lwn.net

--- session.py  Mon Apr 29 11:48:32 2002
+++ session.py.rs       Fri May 24 10:45:17 2002
@@ -224,7 +224,6 @@
                "invalid session ID %s" % `session_id`
         config = get_publisher().config
         request.response.set_cookie(config.cookie_name, session_id,
-                                    domain = config.cookie_domain,
                                     path = config.cookie_path)


@@ -238,7 +237,6 @@
         config = get_publisher().config
         response = request.response
         response.set_cookie(config.cookie_name, "",
-                            domain = config.cookie_domain,
                             path = config.cookie_path,
                             max_age = 0)
         if request.cookies.has_key(config.cookie_name):