2009-03-07T00:08:53 *** grzywacz has quit IRC
2009-03-07T03:11:04 *** dimazest has joined #moin-dev
2009-03-07T04:01:09 *** dimazest_ has joined #moin-dev
2009-03-07T04:17:02 *** dimazest has quit IRC
2009-03-07T05:11:14 *** dimazest has joined #moin-dev
2009-03-07T05:27:47 *** dimazest_ has quit IRC
2009-03-07T05:35:19 *** dimazest_ has joined #moin-dev
2009-03-07T05:51:25 *** dimazest has quit IRC
2009-03-07T07:05:25 *** dimazest has joined #moin-dev
2009-03-07T07:22:31 *** dimazest_ has quit IRC
2009-03-07T07:55:30 *** dimazest_ has joined #moin-dev
2009-03-07T08:12:46 *** dimazest has quit IRC
2009-03-07T08:28:20 *** starGaming is now known as stargaming
2009-03-07T10:01:15 <ThomasWaldmann> TheSheep: modernized has (c) entries for Nir and me and nothing for you, wich is obviously wrong
2009-03-07T10:15:35 *** dimazest has joined #moin-dev
2009-03-07T10:32:07 *** dimazest_ has quit IRC
2009-03-07T10:50:22 <ThomasWaldmann> hmm, anon session disabling (default) doesn't work in 1.9
2009-03-07T11:06:43 *** grzywacz has joined #moin-dev
2009-03-07T12:09:42 *** dimazest_ has joined #moin-dev
2009-03-07T12:17:46 *** dimazest has quit IRC
2009-03-07T13:19:47 *** dimazest has joined #moin-dev
2009-03-07T13:37:13 *** dimazest_ has quit IRC
2009-03-07T13:54:05 * ThomasWaldmann found another unfinished mess
2009-03-07T15:09:43 <dreimark> moin
2009-03-07T15:10:22 <dreimark> pagetrail seems not to work wit cgi/http_auth. The len is wrong I have onlyone item in pagetrail
2009-03-07T15:24:15 <dreimark> hmm, seems the session files are not compatibel, after removing them I get now a valid trail
2009-03-07T16:00:59 <dreimark> in 1.9 WikiSandBox does not show the png file of the drawing
2009-03-07T16:01:38 <dreimark> http://master19.moinmo.in/WikiSandBox
2009-03-07T16:21:24 <dreimark> bbl
2009-03-07T16:47:43 <ThomasWaldmann> dreimark: if pagetrail is only 1 item long, that means that there is no session
2009-03-07T16:50:39 <ThomasWaldmann> and it looks like we currently have 2 sessions systems in the 1.9 source: the old one from 1.8 (inactive?) and the new one using werkzeug.contrib.session code and missing some features of the old one (active)
2009-03-07T16:57:10 *** dimazest has quit IRC
2009-03-07T16:57:10 *** ThomasWaldmann has quit IRC
2009-03-07T16:57:10 *** vpv has quit IRC
2009-03-07T16:57:10 *** dreimark has quit IRC
2009-03-07T16:57:10 *** nwp has quit IRC
2009-03-07T16:57:10 *** TheSheep has quit IRC
2009-03-07T16:57:10 *** stargaming has quit IRC
2009-03-07T16:57:10 *** waldi has quit IRC
2009-03-07T16:57:10 *** mitsuhiko has quit IRC
2009-03-07T16:57:10 *** xorAxAx has quit IRC
2009-03-07T16:58:13 *** ThomasWaldmann has joined #moin-dev
2009-03-07T16:58:13 *** dimazest has joined #moin-dev
2009-03-07T16:58:13 *** TheSheep has joined #moin-dev
2009-03-07T16:58:13 *** stargaming has joined #moin-dev
2009-03-07T16:58:13 *** dreimark has joined #moin-dev
2009-03-07T16:58:13 *** vpv has joined #moin-dev
2009-03-07T16:58:13 *** nwp has joined #moin-dev
2009-03-07T16:58:13 *** xorAxAx has joined #moin-dev
2009-03-07T16:58:13 *** mitsuhiko has joined #moin-dev
2009-03-07T16:58:13 *** waldi has joined #moin-dev
2009-03-07T16:58:13 *** irc.freenode.net sets mode: +o ThomasWaldmann
2009-03-07T17:00:37 <dreimark> ThomasWaldmann: after deleting the old sessio nfiles I have now a working pagetrail
2009-03-07T17:16:39 <ThomasWaldmann> it should be enough to just delete the cookie when manually testing
2009-03-07T17:17:05 <ThomasWaldmann> but maybe wait until after my next commit, I am currently doing a cleanup for the session stuff
2009-03-07T17:17:24 <ThomasWaldmann> MoinMoin.session seems to be unused
2009-03-07T17:18:10 <dreimark> I have no farm setup so I have no idea why I have cache files in data/cache/__common__/session
2009-03-07T17:18:37 <dreimark> they should only be written for the farm scope
2009-03-07T17:19:37 <ThomasWaldmann> ?
2009-03-07T17:20:12 <dreimark> if i search where __common__ is defined I get only caching.py
2009-03-07T17:20:17 <dreimark> lif scope == 'farm':
2009-03-07T17:20:22 <dreimark> return os.path.join(request.cfg.cache_dir, '__common__', arena)
2009-03-07T17:20:46 <ThomasWaldmann> each caching call can tell the scope of its data storage
2009-03-07T17:21:25 <ThomasWaldmann> btw, i added some session_dir cfg attr recently
2009-03-07T17:22:06 <dreimark> I know e.g. scope='farm' (unfort. I have no idea why my test system should have this)
2009-03-07T17:22:24 <dreimark> may be it is old, will do some new instances tests
2009-03-07T17:25:06 <ThomasWaldmann> i think it is ok to store the session cache on farm level. you still can override this if you don't want it.
2009-03-07T17:34:41 <ThomasWaldmann> logout is also borked
2009-03-07T17:35:03 <ThomasWaldmann> (you are still tracked by a anon session after you log out)
2009-03-07T17:35:25 <ThomasWaldmann> even if cookie lifetime for anon sessions is 0
2009-03-07T17:36:48 <dreimark> hmm the same sesion or a new one?
2009-03-07T17:40:18 <dreimark> it is the same session file
2009-03-07T17:41:38 <dreimark> but it's content is purged
2009-03-07T17:47:20 <ThomasWaldmann> still bad, because if anon cookie lifetime is 0, we do not want anon sessions
2009-03-07T17:47:38 <ThomasWaldmann> dreimark: did you ever use openid?
2009-03-07T18:03:52 *** dimazest_ has joined #moin-dev
2009-03-07T18:18:51 *** dimazest has quit IRC
2009-03-07T18:34:56 * ThomasWaldmann adds httponly flag to cookies
2009-03-07T19:35:55 <CIA-38> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4628:3c6980b5e938 1.9/MoinMoin/ (5 files in 5 dirs): (log message trimmed)
2009-03-07T19:35:55 <CIA-38> fix new session code. remove old session code. details below.
2009-03-07T19:35:55 <CIA-38> Removed the old 1.8 session code (MoinMoin.session):
2009-03-07T19:35:55 <CIA-38> * cfg.session_handler and session_id_handler are gone (use cfg.session_service)
2009-03-07T19:35:55 <CIA-38> * cfg.anonymous_session_lifetime is gone (use cfg.cookie_lifetime)
2009-03-07T19:35:59 <CIA-38> Fixed new 1.9 session code (MoinMoin.web.session):
2009-03-07T19:36:01 <CIA-38> * cfg.cookie_lifetime is now a tuple (anon, loggedin), giving the lifetime
2009-03-07T19:36:44 <ThomasWaldmann> of the cookie in hours, accepting floats, for anon sessions and logged in
2009-03-07T19:36:44 <ThomasWaldmann> sessions. Default is (0, 12). 0 means not to use a session cookie (== not to
2009-03-07T19:36:47 <ThomasWaldmann> establish a session) and makes only sense for anon users.
2009-03-07T19:36:50 <ThomasWaldmann> * cfg.cookie_httponly is new and defaults to True.
2009-03-07T19:36:52 <ThomasWaldmann> * when logging out, the session cookie is deleted.
2009-03-07T19:36:55 <ThomasWaldmann> * more debug logging
2009-03-07T19:37:43 <ThomasWaldmann> trail is still a bit broken for anon users without a real session
2009-03-07T20:08:18 <CIA-38> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4629:554e1d780e3b 1.9/MoinMoin/ (auth/openidrp.py user.py web/session.py): fixed anon session detection, optimized trail code
2009-03-07T21:24:39 * ThomasWaldmann hacked a modernized_cms
2009-03-07T21:24:45 <ThomasWaldmann> TheSheep: ^^
2009-03-07T21:49:34 <ThomasWaldmann> http://paste.pocoo.org/show/106885/
2009-03-07T22:22:19 <CIA-38> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4295:716dcfb00e8e 1.8/MoinMoin/theme/modernized_cms.py: added modernized_cms theme
2009-03-07T22:52:32 <dreimark> re
2009-03-07T22:53:29 <ThomasWaldmann> wb dreimark
2009-03-07T22:53:32 <dreimark> ThomasWaldmann: sorry I have not used openid yet.
2009-03-07T22:57:11 <dreimark> ThomasWaldmann:I have looked only at the comments above but http cookie lifetime does not know floating point numbers
2009-03-07T22:58:04 <ThomasWaldmann> no problem, i make an int of it after calculating seconds
2009-03-07T22:58:13 <dreimark> ok
2009-03-07T23:10:09 <dreimark> ThomasWaldmann: why can I get the same session file for http_auth after I have closed a session.
2009-03-07T23:10:30 <CIA-38> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4636:83483f4e26cb 1.9/MoinMoin/ (8 files in 5 dirs): merged moin/1.8
2009-03-07T23:10:38 <dreimark> I get it also with a new user. so i get the page trail from the previous user
2009-03-07T23:11:16 <ThomasWaldmann> you mean anon -> logged in?
2009-03-07T23:11:29 <dreimark> no user logged in by http_auth
2009-03-07T23:11:42 <dreimark> then browser closed means logout
2009-03-07T23:12:03 <dreimark> then created a nuew user for http_auth and logged in with that one
2009-03-07T23:12:15 <dreimark> he gets the session file of the previous user
2009-03-07T23:12:48 <ThomasWaldmann> did you clear the old cookies before testing?
2009-03-07T23:12:58 <dreimark> no, will redo
2009-03-07T23:13:25 <ThomasWaldmann> hmm, i guess i know the problem
2009-03-07T23:13:39 <ThomasWaldmann> current code clears the cookie on logout action
2009-03-07T23:13:51 <dreimark> http_auth has no logout
2009-03-07T23:14:01 <ThomasWaldmann> yes, therefore cookie stays
2009-03-07T23:14:21 <ThomasWaldmann> thus you will have a anon session
2009-03-07T23:17:05 <dreimark> verified after clearing old cookies. two users can get the same session
2009-03-07T23:18:14 <dreimark> not at the same time with one browser
2009-03-07T23:22:21 <dreimark> that's difficult the old session file had known the userid of the old user
2009-03-07T23:25:05 <dreimark> arg another problem by http_auth
2009-03-07T23:26:13 <dreimark> if you switch by superuser to another user you get in settings the possibility to change a password for that user
2009-03-07T23:26:23 <dreimark> and if you do so you run in a traceback
2009-03-07T23:30:13 <ThomasWaldmann> dreimark: you mean GivenAuth?
2009-03-07T23:31:57 <dreimark> I file a bug report currently
2009-03-07T23:34:41 <dreimark> http://moinmo.in/MoinMoinBugs/1.9http_auth_su_user_change_password
2009-03-07T23:36:06 <dreimark> the wiki becomes totally broken for the user afterwards
2009-03-07T23:36:26 <dreimark> every other page gives that traceback now
2009-03-07T23:40:12 <dreimark> killing the session file escapes
2009-03-07T23:43:24 <dreimark> (the traceback happens by su from user to user to user, clarified in the report)
2009-03-07T23:45:43 <ThomasWaldmann> add "userobj and" at the place where it crashes
2009-03-07T23:48:33 <dreimark> hmm, that stops now the su session
2009-03-07T23:49:30 <dreimark> clicking on change password changes the account to my account
2009-03-07T23:50:18 <ThomasWaldmann> i dont see yet how this all is related to changing a password
2009-03-07T23:51:03 <dreimark> there should be never a link to change a pssword for http_auth
2009-03-07T23:51:12 <dreimark> it isn't for the current user
2009-03-07T23:51:27 <ThomasWaldmann> and that bug lacks details
2009-03-07T23:51:30 <dreimark> but if he switches to another user he get's the password change form
2009-03-07T23:51:42 <dreimark> which detail?
2009-03-07T23:52:05 <ThomasWaldmann> auth config
2009-03-07T23:52:49 <ThomasWaldmann> and a user profile is just a user profile. the profile does not know how that user authenticates.
2009-03-07T23:56:06 <dreimark> hmm, if superuser itselfs can not change his password, why should he be able to change someone else password.
2009-03-07T23:56:52 <ThomasWaldmann> because he is currently logged in via http auth?
2009-03-07T23:57:24 <dreimark> sure but the config does not let an other user then not to login by http auth
2009-03-07T23:58:16 <dreimark> if someone comes to me hey I want a new password and I change it that way it won't work
MoinMoin: MoinMoinChat/Logs/moin-dev/2009-03-07 (last edited 2009-03-06 23:15:02 by IrcLogImporter)