Opened 17 years ago

Last modified 14 years ago

#7183 closed

sessionid broken by jsession — at Version 2

Reported by: mbeattie Owned by: nobody
Component: HTTP handling Version: dev
Severity: Keywords: wsgi session
Cc: Triage Stage: Design decision needed
Has patch: yes Needs documentation: no
Needs tests: yes Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description (last modified by Ramiro Morales)

I was trying to use a django setup on a machine that used to have a j2ee setup and whenever I tried to use any of the session

functionality it would give an error saying that the key I was looking for wasn't found. I figured out that the problem is

for some reason once a particular jsessionid is set, firefox will hold on to it forever for that host and always send it as

part of the HTTP_COOKIE. The way to fix it is to clear the cookies for that host. I am not too sure what the real cause of

this is or what belongs in HTTP_COOKIE, but I found a way to make it go away by modifying wsgi.py. It seems that django only

cares about the sessionid part of that header so that's all I grabbed. Someone more knowledgeable about why this happens

might have something better.

13a14
> import re
147c148,153
<             self._cookies = http.parse_cookie(self.environ.get('HTTP_COOKIE', ''))
---
>             cookiestring = self.environ.get('HTTP_COOKIE', '')
>             sessionfind = re.search("(sessionid=[0-9a-f]*)", cookiestring)
>             if sessionfind == None: 
>                 self._cookies = http.parse_cookie(cookiestring)
>             else: 
>                 self._cookies = http.parse_cookie(sessionfind.groups()[0])

Change History (3)

by mbeattie, 17 years ago

Attachment: wsgipatch.txt added

my patch

comment:1 by Simon Greenhill, 16 years ago

Triage Stage: UnreviewedAccepted

comment:2 by Ramiro Morales, 16 years ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.
Back to Top