You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is nothing in the above code that might indicate more than one domain. Therefore I expect only one auth_cookie to be created, but in fact 2 cookies are sent, one of them without a domain. This means 2 redundant cookies keep traveling up and down the wire, where only one is needed.
Debugging this issue, I found the following:
I edited /etc/hosts to add this line:
127.0.0.1 local.host
...because the issue only happens when the domain name contains a dot -- such as in production.
In order to debug this, it is necessary to restart waitress. I saw that the value of the variable "domains" is [None, 'local.host'], as you would expect from the code:
The above contains 2 cookies. The one without a domain is undesired.
profile is a webob.cookies.CookieProfile object. pip says my webob is up-to-date at 1.8.6.
Maybe the solution is to reposition the line I indicated above. It should be at the end, executing only if the domains list is empty -- then you add a None, otherwise you don't.
Pyramid is creating a second, undesired auth_tkt cookie, without a domain -- if the domain name contains a dot.
I am using Pyramid 1.10.4, the latest.
There is nothing in the above code that might indicate more than one domain. Therefore I expect only one auth_cookie to be created, but in fact 2 cookies are sent, one of them without a domain. This means 2 redundant cookies keep traveling up and down the wire, where only one is needed.
Debugging this issue, I found the following:
I edited /etc/hosts to add this line:
...because the issue only happens when the domain name contains a dot -- such as in production.
Testing on http://local.host:6543/ I saw the extra auth_tkt cookie appear when I logged in.
In order to debug this, it is necessary to restart waitress. I saw that the value of the variable "domains" is
[None, 'local.host']
, as you would expect from the code:https://github.com/Pylons/pyramid/blob/1.10.4/src/pyramid/authentication.py#L919
But at the end, when profile.get_headers(value, **kw) was called with
kw == {'domains': [None, 'local.host']}
, it returned this:The above contains 2 cookies. The one without a domain is undesired.
profile is a webob.cookies.CookieProfile object. pip says my webob is up-to-date at 1.8.6.
Maybe the solution is to reposition the line I indicated above. It should be at the end, executing only if the domains list is empty -- then you add a None, otherwise you don't.
I am sorry I discussed this in the wrong ticket at first.
The text was updated successfully, but these errors were encountered: