Description
Requesting a page with quite a lot of attached embedded images, sometimes I get http 403 FORBIDDEN (403 is not Surge Protection). I logged the situation and find out that in Page.py in line 1085 request.user.may.read(self.page_name) is false because the user object is not valid in the request object (user.name is empty while logging) when this happens, although I'm logged in.
if not request.user.may.read(self.page_name):
request.status_code = 403This happens only about every 20 request, testing with a page having about 7 attached images. I'm using the moin default authentication. I recognized the problem also in version 1.8.x. With the built in wikiserver and different versions of python (2.4.6, 2.5.4 or 2.6.4) on windows I can also reproduce the problem. Surge protection is off surge_action_limits = None.
Steps to reproduce
The problem can be reproduced with a clean moin 1.9.1 desktop wiki with a page acl protected page having some attachments.
- Login
- Create a page with a lot of embedded images
set acl protection for example #acl Known:read,write All:
- Press F5 (refresh functionality of Firefox) up to 100 times
Example
example page with 8 png files attached
#acl Known:read,write All:
* {{attachment:contact_us_icon-d.png}}
* {{attachment:broom.png}}
* {{attachment:World.png}}
* {{attachment:Feuerrad_Wiki_sml.png}}
* {{attachment:home.png}}
* {{attachment:clock.png}}
* {{attachment:moin.png}}
* {{attachment:Help.png}}sample logging code from page.py beginning in line 1084:
1 if page_exists:
2 logging.log(logging.INFO, " Info: User: %s, cookies: %s", repr(request.user), repr(request.cookies))
3 if not request.user.may.read(self.page_name):
4 logging.log(logging.INFO, "Error: User: %s, cookies: %s", repr(request.user), repr(request.cookies))
5 request.status_code = 403
6 else:
logging result shows that the session cookie seems to be ok, because its the same in the first request with a valid user. But the user.name is empty:
2010-01-29 00:04:02,467 INFO MoinMoin.web.serving:41 127.0.0.1 "GET /SeiteFinden HTTP/1.1" 200 -
2010-01-29 00:04:03,515 INFO MoinMoin.Page:1085 Info: User: <MoinMoin.user.User at 0x15ed0d0 name:u'GunnarScherf' valid:1>, cookies: {'MOIN_SESSION_8080_ROOT': u'a096bd5204873dae584f254cbc7f97bc04ba3567'}
2010-01-29 00:04:03,687 INFO MoinMoin.web.serving:41 127.0.0.1 "GET /StartSeiteHTTP/1.1" 200 -
2010-01-29 00:04:03,905 INFO MoinMoin.web.serving:41 127.0.0.1 "GET /StartSeite?action=AttachFile&do=get&target=Sangha2009.png HTTP/1.1" 304 -
2010-01-29 00:04:03,937 INFO MoinMoin.web.serving:41 127.0.0.1 "GET /StartSeite?action=AttachFile&do=get&target=World.png HTTP/1.1" 304 -
2010-01-29 00:04:03,937 INFO MoinMoin.web.serving:41 127.0.0.1 "GET /StartSeite?action=AttachFile&do=get&target=contact_us_icon-d.png HTTP/1.1" 304 -
2010-01-29 00:04:03,937 INFO MoinMoin.web.serving:41 127.0.0.1 "GET /StartSeite?action=AttachFile&do=get&target=broom.png HTTP/1.1" 304 -
2010-01-29 00:04:03,967 INFO MoinMoin.web.serving:41 127.0.0.1 "GET /StartSeite?action=AttachFile&do=get&target=Feuerrad_Wiki_sml.png HTTP/1.1" 304 -
2010-01-29 00:04:03,983 INFO MoinMoin.Page:1085 Info: User: <MoinMoin.user.User at 0x15f4440 name:'' valid:0>, cookies: {'MOIN_SESSION_8080_ROOT': u'a096bd5204873dae584f254cbc7f97bc04ba3567'}
2010-01-29 00:04:03,983 INFO MoinMoin.Page:1087 Error: User: <MoinMoin.user.User at 0x15f4440 name:'' valid:0>, cookies: {'MOIN_SESSION_8080_ROOT': u'a096bd5204873dae584f254cbc7f97bc04ba3567'}
2010-01-29 00:04:03,983 INFO MoinMoin.Page:1085 Info: User: <MoinMoin.user.User at 0x15f4710 name:'' valid:0>, cookies: {'MOIN_SESSION_8080_ROOT': u'a096bd5204873dae584f254cbc7f97bc04ba3567'}
2010-01-29 00:04:03,983 INFO MoinMoin.Page:1085 Info: User: <MoinMoin.user.User at 0x15f4d50 name:'' valid:0>, cookies: {'MOIN_SESSION_8080_ROOT': u'a096bd5204873dae584f254cbc7f97bc04ba3567'}
2010-01-29 00:04:03,983 INFO MoinMoin.Page:1087 Error: User: <MoinMoin.user.User at 0x15f4710 name:'' valid:0>, cookies: {'MOIN_SESSION_8080_ROOT': u'a096bd5204873dae584f254cbc7f97bc04ba3567'}
2010-01-29 00:04:03,983 INFO MoinMoin.Page:1087 Error: User: <MoinMoin.user.User at 0x15f4d50 name:'' valid:0>, cookies: {'MOIN_SESSION_8080_ROOT': u'a096bd5204873dae584f254cbc7f97bc04ba3567'}
2010-01-29 00:04:03,983 INFO MoinMoin.Page:1085 Info: User: <MoinMoin.user.User at 0x15f6d00 name:'' valid:0>, cookies: {'MOIN_SESSION_8080_ROOT': u'a096bd5204873dae584f254cbc7f97bc04ba3567'}
2010-01-29 00:04:03,983 INFO MoinMoin.Page:1087 Error: User: <MoinMoin.user.User at 0x15f6d00 name:'' valid:0>, cookies: {'MOIN_SESSION_8080_ROOT': u'a096bd5204873dae584f254cbc7f97bc04ba3567'}
2010-01-29 00:04:04,078 WARNING MoinMoin.Page:1393 The page "PermissionDeniedPage" could not be found. Check your underlay directory setting.
2010-01-29 00:04:04,078 WARNING MoinMoin.Page:1393 The page "PermissionDeniedPage" could not be found. Check your underlay directory setting.
2010-01-29 00:04:04,078 WARNING MoinMoin.Page:1393 The page "PermissionDeniedPage" could not be found. Check your underlay directory setting.
2010-01-29 00:04:04,078 WARNING MoinMoin.Page:1393 The page "PermissionDeniedPage" could not be found. Check your underlay directory setting.
2010-01-29 00:04:04,108 INFO MoinMoin.web.serving:41 127.0.0.1 "GET /StartSeite?action=AttachFile&do=get&target=moin.png HTTP/1.1" 403 -
2010-01-29 00:04:04,108 INFO MoinMoin.web.serving:41 127.0.0.1 "GET /StartSeite?action=AttachFile&do=get&target=Help.png HTTP/1.1" 403 -
2010-01-29 00:04:04,342 INFO MoinMoin.web.serving:41 127.0.0.1 "GET /StartSeite?action=AttachFile&do=get&target=home.png HTTP/1.1" 403 -
2010-01-29 00:04:04,358 INFO MoinMoin.web.serving:41 127.0.0.1 "GET /StartSeite?action=AttachFile&do=get&target=clock.png HTTP/1.1" 403 -Result in firebug 
Component selection
werkzeug.contrib.sessions.FilesystemSessionStore
Details
MoinMoin Version |
1.9.1 |
OS and Version |
debian etch |
Python Version |
2.4.4 |
Server Setup |
mod_wsgi 2.8 |
Server Details |
|
Language you are using the wiki in (set in the browser/UserPreferences) |
de |
Workaround
Discussion
- Thank you very much, with the fixed session.py code there are no 403 return codes anymore.
Plan
- Priority:
- Assigned to:
Status: hopefully fixed by: http://hg.moinmo.in/moin/1.9/rev/be7c57d8e2a3