Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Two or more instances on the same host with different ports overwrite the cookies for each other #1479

Closed
foosel opened this issue Sep 5, 2016 · 1 comment
Closed

Two or more instances on the same host with different ports overwrite the cookies for each other #1479

foosel opened this issue Sep 5, 2016 · 1 comment
Assignees
@foosel
Labels
bug Issue describes a bug done Done but not yet released
Milestone
1.2.16

Comments

@foosel
Copy link
Member

foosel commented Sep 5, 2016
edited
Loading

Problem

If two or more OctoPrint instances are accessed via the same host (domain, ip, ...) but different ports, since cookies are not port specific one instance will happily overwrite the session cookie of the others. Also see this discussion in the G+ community.

The same issue also exists if two or more OctoPrint instances are accessed via different sub paths from the same reverse proxy, since the session cookies are set for the / path and do not take configured script roots into account.

Solution

  1. Postfix cookies that are set on the responses with a port specific suffix and strip said suffix from cookies read from the request transparently for the underlying code.
  2. Make sure that the configured script root is prepended to the cookie path on set cookies.

Already implemented in 9d9eb33, ticket created for documentation purposes.
@foosel foosel added bug Issue describes a bug done Done but not yet released labels Sep 5, 2016
@foosel foosel added this to the 1.2.16 milestone Sep 5, 2016
@foosel foosel self-assigned this Sep 5, 2016
@foosel foosel mentioned this issue Sep 8, 2016
Closed
@foosel
Copy link
Member Author

foosel commented Sep 24, 2016

Fixed in 1.2.16 which was released yesterday. Also fixed on devel.

@foosel foosel closed this as completed Sep 24, 2016
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@foosel foosel

Labels
bug Issue describes a bug done Done but not yet released
Projects
None yet
Milestone
1.2.16
Development

No branches or pull requests
1 participant
@foosel