Multi duplicate session Set-Cookie header after 9e927c4 New ThreadedDict #45

Closed
chuangbo opened this Issue Feb 24, 2011 · 3 comments

Comments

Projects
None yet
2 participants
@chuangbo

After commit 9e927c4, I found web.session will app.add_processor(self._processor) on each request, cause session set-cookie multi times.
Here's the playback:

example from http://webpy.org/cookbook/sessions

import web
web.config.debug = False
urls = (
    "/count", "count",
    "/reset", "reset"
)
app = web.application(urls, locals())
session = web.session.Session(app, web.session.DiskStore('sessions'), initializer={'count': 0})

class count:
    def GET(self):
        session.count += 1
        return str(session.count)

class reset:
    def GET(self):
        session.kill()
        return ""

if __name__ == "__main__":
    app.run()

Use newest webpy git source

cat@cat-mbp ~/i(master) $ ./app.py 
init session here
http://0.0.0.0:8080/

cat@cat-mbp ~/i(master) $ curl -I http://localhost:8080/count
HTTP/1.1 200 OK
Set-Cookie: webpy_session_id=7e550992eff539cb17ce03484f25f38be9ef525b; Path=/; httponly
Connection: close
Date: Thu, 24 Feb 2011 10:14:40 GMT
Server: CherryPy/3.1.2 WSGI Server

cat@cat-mbp ~/i(master) $ curl -I http://localhost:8080/count
HTTP/1.1 200 OK
Set-Cookie: webpy_session_id=b8fd314485ae4012eae8bb098a1b9efebd5f6a68; Path=/; httponly
Set-Cookie: webpy_session_id=b8fd314485ae4012eae8bb098a1b9efebd5f6a68; Path=/; httponly
Connection: close
Date: Thu, 24 Feb 2011 10:14:40 GMT
Server: CherryPy/3.1.2 WSGI Server

cat@cat-mbp ~/i(master) $ curl -I http://localhost:8080/count
HTTP/1.1 200 OK
Set-Cookie: webpy_session_id=59f233edc5da2037e88e7a7292e6069a84a591d7; Path=/; httponly
Set-Cookie: webpy_session_id=59f233edc5da2037e88e7a7292e6069a84a591d7; Path=/; httponly
Set-Cookie: webpy_session_id=59f233edc5da2037e88e7a7292e6069a84a591d7; Path=/; httponly
Connection: close
Date: Thu, 24 Feb 2011 10:14:41 GMT
Server: CherryPy/3.1.2 WSGI Server

Use 0.34 release version https://github.com/webpy/webpy/zipball/webpy-0.34

cat@cat-mbp ~/i(master) $ ./app.py 
init session here
http://0.0.0.0:8080/

cat@cat-mbp ~/i(master) $ curl -I http://localhost:8080/count
HTTP/1.1 200 OK
Set-Cookie: webpy_session_id=02da716a33a5c183a02935cd816965a92f9766a3; Path=/
Connection: close
Date: Thu, 24 Feb 2011 10:23:20 GMT
Server: CherryPy/3.1.2 WSGI Server

cat@cat-mbp ~/i(master) $ curl -I http://localhost:8080/count
HTTP/1.1 200 OK
Set-Cookie: webpy_session_id=281774011de60cb488f299488dea974f88bf9b04; Path=/
Connection: close
Date: Thu, 24 Feb 2011 10:23:21 GMT
Server: CherryPy/3.1.2 WSGI Server

cat@cat-mbp ~/i(master) $ curl -I http://localhost:8080/count
HTTP/1.1 200 OK
Set-Cookie: webpy_session_id=f109babbf69c6fe811fb9561ba0eeb69c9216da7; Path=/
Connection: close
Date: Thu, 24 Feb 2011 10:23:21 GMT
Server: CherryPy/3.1.2 WSGI Server
@anandology

This comment has been minimized.

Show comment Hide comment
@anandology

anandology Feb 27, 2011

Owner

Fixed mutliple set-cookie header issue with session. (closed by 23583b4)

The Session class was extended from ThreadedDict, which is extended from
threading.local. It looks like __init__ is called once for each thread
for thread local objects. That made session to add multiple processors
to the application, one for each thread/request.

Fixed this issue by keeping the threadeddict as an attribute instead of
extending from it.

Owner

anandology commented Feb 27, 2011

Fixed mutliple set-cookie header issue with session. (closed by 23583b4)

The Session class was extended from ThreadedDict, which is extended from
threading.local. It looks like __init__ is called once for each thread
for thread local objects. That made session to add multiple processors
to the application, one for each thread/request.

Fixed this issue by keeping the threadeddict as an attribute instead of
extending from it.

@anandology

This comment has been minimized.

Show comment Hide comment
@anandology

anandology Feb 27, 2011

Owner

chuangbo, can you please verify this fix?

Owner

anandology commented Feb 27, 2011

chuangbo, can you please verify this fix?

@chuangbo

This comment has been minimized.

Show comment Hide comment
@chuangbo

chuangbo Feb 27, 2011

Thanks!
I can't verify because I don't use session, but it seems to be ok.

Thanks!
I can't verify because I don't use session, but it seems to be ok.

anandology added a commit to anandology/webpy that referenced this issue May 3, 2011

Fixed mutliple set-cookie header issue with session. (closes #45)
The Session class was extended from ThreadedDict, which is extended from
threading.local. It looks like __init__ is called once for each thread
for thread local objects. That made session to add multiple processors
to the application, one for each thread/request.

Fixed this issue by keeping the threadeddict as an attribute instead of
extending from it.

This issue was closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment