Opened 17 years ago
Last modified 14 years ago
#7183 closed
sessionid broken by jsession — at Initial Version
| Reported by: | mbeattie | Owned by: | nobody |
|---|---|---|---|
| Component: | HTTP handling | Version: | dev |
| Severity: | Keywords: | wsgi session | |
| Cc: | Triage Stage: | Design decision needed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | yes | Patch needs improvement: | yes |
| Easy pickings: | no | UI/UX: | no |
Description
I was trying to use a django setup on a machine that used to have a j2ee setup and whenever I tried to use any of the session
functionality it would give an error saying that the key I was looking for wasn't found. I figured out that the problem is
for some reason once a particular jsessionid is set, firefox will hold on to it forever for that host and always send it as
part of the HTTP_COOKIE. The way to fix it is to clear the cookies for that host. I am not too sure what the real cause of
this is or what belongs in HTTP_COOKIE, but I found a way to make it go away by modifying wsgi.py. It seems that django only
cares about the sessionid part of that header so that's all I grabbed. Someone more knowledgeable about why this happens
might have something better.
13a14
import re
147c148,153
< self._cookies = http.parse_cookie(self.environ.get('HTTP_COOKIE', ))
---
cookiestring = self.environ.get('HTTP_COOKIE', )
sessionfind = re.search("(sessionid=[0-9a-f]*)", cookiestring)
if sessionfind == None:
self._cookies = http.parse_cookie(cookiestring)
else:
self._cookies = http.parse_cookie(sessionfind.groups()[0])
my patch