Description
If cookie_path is set to something different than the SCRIPT_NAME that MoinMoin gets when run, the Logout button won't delete the MOIN_ID cookie.
Steps to reproduce
Set cookie_path in wikiconfig.py to something different from SCRIPT_NAME (maybe add or delete a /)
- Login
- Logout
- Go to another page, and find yourself not logged in
Details
MoinMoin Version |
1.5.2 |
OS and Version |
Mandrake 10.1 |
Python Version |
2.3.4 |
Server Setup |
Apache running MoinMoin as as CGI script |
Server Details |
|
Workaround
Don't use cookie_path in wikiconfig.py.
Discussion
Here's the simple patch. Note that request.setCookie handles this right, it just wasn't added to request.deleteCookie.
--- MoinMoin/request.py 2006-02-04 07:38:56.000000000 -0500
+++ MoinMoin-copy/request.py 2006-02-19 23:51:39.000000000 -0500
@@ -1314,7 +1314,10 @@
c['MOIN_ID'] = ''
if self.cfg.cookie_domain:
c['MOIN_ID']['domain'] = self.cfg.cookie_domain
- c['MOIN_ID']['path'] = self.getScriptname()
+ if self.cfg.cookie_path:
+ c['MOIN_ID']['path'] = self.cfg.cookie_path
+ else:
+ c['MOIN_ID']['path'] = self.getScriptname()
c['MOIN_ID']['max-age'] = 0
# Set expires to one year ago for older clients
yearago = time.time() - (3600 * 24 * 365)
Plan
- Priority:
Assigned to: ThomasWaldmann
- Status: refactored code, see patch moin--main--1.5--patch-455