Description

If you run two wikis on http://localhost:8080/ and http://localhost:8081/ and try to log in and work in both in parallel using the same browser, you will encounter strange effects (logging in in one wiki logs you out in the other).

It looks like we do not put the port into the cookie (like we do with server/domain and path).

rfc 2109 states, that the browser should save cookies per cookiename/server/path AND PORT. Obviously at least Firefox does not do it like that.

There is a newer rfc 2965 about cookies (specifying Set-Cookie2 header).

The more one reads about cookie specs and their implementation, the more confusing it gets...

Component selection

Details

MoinMoin Version

1.9a

OS and Version

Python Version

Server Setup

Server Details

Language you are using the wiki in (set in the browser/UserPreferences)

Workaround

Use different server/domain name and/or path.

Discussion

Can we do better? How? Will it work in practice?

From the Python bug tracker:

Why do you want RFC 2965 compatibility?

I'm not trolling; RFC 2965 is dead as an internet protocol (except as a
basis for implementing the older cookie protocols, as RFC 2965 +
compatibility hacks -- but $Port is not relevant in that case).  The
authors of the RFC gave up on an effort to publish errata to the RFC, due
to the complexities and the lack of interest from the internet at large.

AFAIK, $Port is not implemented by browsers (except for maybe Opera and
lynx, IIRC).  It just never caught on.

See also http://python.org/sf/1638033

From the Django tracker: "(I just checked: it still only supports RFC2109 in Python 2.5)"

Plan


CategoryMoinMoinNoBug

MoinMoin: MoinMoinBugs/PortSpecificCookie (last edited 2010-01-09 23:25:06 by ThomasWaldmann)