Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Two or more instances on the same host with different ports overwrite the cookies for each other #1479

Closed
foosel opened this issue Sep 5, 2016 · 1 comment

Comments

Projects
None yet
1 participant
@foosel
Copy link
Owner

commented Sep 5, 2016

Problem

If two or more OctoPrint instances are accessed via the same host (domain, ip, ...) but different ports, since cookies are not port specific one instance will happily overwrite the session cookie of the others. Also see this discussion in the G+ community.

The same issue also exists if two or more OctoPrint instances are accessed via different sub paths from the same reverse proxy, since the session cookies are set for the / path and do not take configured script roots into account.

Solution

  1. Postfix cookies that are set on the responses with a port specific suffix and strip said suffix from cookies read from the request transparently for the underlying code.
  2. Make sure that the configured script root is prepended to the cookie path on set cookies.

Already implemented in 9d9eb33, ticket created for documentation purposes.

@foosel foosel added this to the 1.2.16 milestone Sep 5, 2016

@foosel foosel self-assigned this Sep 5, 2016

@foosel

This comment has been minimized.

Copy link
Owner Author

commented Sep 24, 2016

Fixed in 1.2.16 which was released yesterday. Also fixed on devel.

@foosel foosel closed this Sep 24, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.