Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Multi duplicate session Set-Cookie header after 9e927c4 New ThreadedDict #45

Closed
chuangbo opened this Issue · 3 comments

2 participants

@chuangbo

After commit 9e927c4, I found web.session will app.add_processor(self._processor) on each request, cause session set-cookie multi times.
Here's the playback:

example from http://webpy.org/cookbook/sessions

import web
web.config.debug = False
urls = (
    "/count", "count",
    "/reset", "reset"
)
app = web.application(urls, locals())
session = web.session.Session(app, web.session.DiskStore('sessions'), initializer={'count': 0})

class count:
    def GET(self):
        session.count += 1
        return str(session.count)

class reset:
    def GET(self):
        session.kill()
        return ""

if __name__ == "__main__":
    app.run()

Use newest webpy git source

cat@cat-mbp ~/i(master) $ ./app.py 
init session here
http://0.0.0.0:8080/

cat@cat-mbp ~/i(master) $ curl -I http://localhost:8080/count
HTTP/1.1 200 OK
Set-Cookie: webpy_session_id=7e550992eff539cb17ce03484f25f38be9ef525b; Path=/; httponly
Connection: close
Date: Thu, 24 Feb 2011 10:14:40 GMT
Server: CherryPy/3.1.2 WSGI Server

cat@cat-mbp ~/i(master) $ curl -I http://localhost:8080/count
HTTP/1.1 200 OK
Set-Cookie: webpy_session_id=b8fd314485ae4012eae8bb098a1b9efebd5f6a68; Path=/; httponly
Set-Cookie: webpy_session_id=b8fd314485ae4012eae8bb098a1b9efebd5f6a68; Path=/; httponly
Connection: close
Date: Thu, 24 Feb 2011 10:14:40 GMT
Server: CherryPy/3.1.2 WSGI Server

cat@cat-mbp ~/i(master) $ curl -I http://localhost:8080/count
HTTP/1.1 200 OK
Set-Cookie: webpy_session_id=59f233edc5da2037e88e7a7292e6069a84a591d7; Path=/; httponly
Set-Cookie: webpy_session_id=59f233edc5da2037e88e7a7292e6069a84a591d7; Path=/; httponly
Set-Cookie: webpy_session_id=59f233edc5da2037e88e7a7292e6069a84a591d7; Path=/; httponly
Connection: close
Date: Thu, 24 Feb 2011 10:14:41 GMT
Server: CherryPy/3.1.2 WSGI Server

Use 0.34 release version https://github.com/webpy/webpy/zipball/webpy-0.34

cat@cat-mbp ~/i(master) $ ./app.py 
init session here
http://0.0.0.0:8080/

cat@cat-mbp ~/i(master) $ curl -I http://localhost:8080/count
HTTP/1.1 200 OK
Set-Cookie: webpy_session_id=02da716a33a5c183a02935cd816965a92f9766a3; Path=/
Connection: close
Date: Thu, 24 Feb 2011 10:23:20 GMT
Server: CherryPy/3.1.2 WSGI Server

cat@cat-mbp ~/i(master) $ curl -I http://localhost:8080/count
HTTP/1.1 200 OK
Set-Cookie: webpy_session_id=281774011de60cb488f299488dea974f88bf9b04; Path=/
Connection: close
Date: Thu, 24 Feb 2011 10:23:21 GMT
Server: CherryPy/3.1.2 WSGI Server

cat@cat-mbp ~/i(master) $ curl -I http://localhost:8080/count
HTTP/1.1 200 OK
Set-Cookie: webpy_session_id=f109babbf69c6fe811fb9561ba0eeb69c9216da7; Path=/
Connection: close
Date: Thu, 24 Feb 2011 10:23:21 GMT
Server: CherryPy/3.1.2 WSGI Server
@anandology
Collaborator

Fixed mutliple set-cookie header issue with session. (closed by 23583b4)

The Session class was extended from ThreadedDict, which is extended from
threading.local. It looks like __init__ is called once for each thread
for thread local objects. That made session to add multiple processors
to the application, one for each thread/request.

Fixed this issue by keeping the threadeddict as an attribute instead of
extending from it.

@anandology
Collaborator

chuangbo, can you please verify this fix?

@chuangbo

Thanks!
I can't verify because I don't use session, but it seems to be ok.

@anandology anandology referenced this issue from a commit in anandology/webpy
@anandology anandology Fixed mutliple set-cookie header issue with session. (closes #45)
The Session class was extended from ThreadedDict, which is extended from
threading.local. It looks like __init__ is called once for each thread
for thread local objects. That made session to add multiple processors
to the application, one for each thread/request.

Fixed this issue by keeping the threadeddict as an attribute instead of
extending from it.
23583b4
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.