mmerickel
commented
4 years ago I think this issue is solved by https://github.com/Pylons/pyramid/pull/3587.
Closed nandoflorestan closed 4 years ago
mmerickel
commented
4 years ago I think this issue is solved by https://github.com/Pylons/pyramid/pull/3587.
nandoflorestan
commented
4 years ago ...inasmuch as the code in that ticket does away with the domains variable, yes, I agree, it should solve this problem. But I haven't tested it.
Pyramid is creating a second, undesired auth_tkt cookie, without a domain -- if the domain name contains a dot.
I am using Pyramid 1.10.4, the latest.
There is nothing in the above code that might indicate more than one domain. Therefore I expect only one auth_cookie to be created, but in fact 2 cookies are sent, one of them without a domain. This means 2 redundant cookies keep traveling up and down the wire, where only one is needed.
Debugging this issue, I found the following:
I edited /etc/hosts to add this line:
...because the issue only happens when the domain name contains a dot -- such as in production.
Testing on http://local.host:6543/ I saw the extra auth_tkt cookie appear when I logged in.
In order to debug this, it is necessary to restart waitress. I saw that the value of the variable "domains" is
[None, 'local.host'], as you would expect from the code:https://github.com/Pylons/pyramid/blob/1.10.4/src/pyramid/authentication.py#L919
But at the end, when profile.get_headers(value, **kw) was called with
kw == {'domains': [None, 'local.host']}, it returned this:The above contains 2 cookies. The one without a domain is undesired.
profile is a webob.cookies.CookieProfile object. pip says my webob is up-to-date at 1.8.6.
Maybe the solution is to reposition the line I indicated above. It should be at the end, executing only if the domains list is empty -- then you add a None, otherwise you don't.
I am sorry I discussed this in the wrong ticket at first.