[Freeipa-devel] [PATCH 82] Compliant client side session cookie behavior
John Dennis
jdennis at redhat.com
Mon Dec 10 14:53:58 UTC 2012
On 12/10/2012 09:00 AM, John Dennis wrote:
> On 12/10/2012 07:30 AM, Petr Viktorin wrote:
>> Just two issues:
>>
>> When testing with lite-server listening on localhost, every request
>> outputs "ipa: ERROR: not sending session cookie, URL mismatch". Is the
>> message necessary?
>
> Rob asked for this to be changed from a debug message to an error which
> made sense, in theory we should never get into the situation, if we do
> something is terribly wrong. However neither of us thought about the
> lite-server case. There are two possible ways to address this.
>
> 1) test for the lite server context and don't emit the message. We test
> for lite server elsewhere and treat things differently. But I'm not a
> big fan of this approach, it's a way for mistakes to creep in because
> we're not exercising the same code paths during testing as we do during
> production.
>
> 2) Make the domain in the cookie match the domain of the lite-server.
> Currently we read the domain from api.env.host (technically it's the URL
> host). Perhaps there should be a utility to return the URL host
> component for those places that need it which detects which mode the
> server is running in. I'll take a quick look and see if that makes sense.
Much simpler solution, using api.env.host was the wrong source of the
server domain, it should have been the host value in api.env.xmlrpc_uri
instead. Changing it to reference xmlrpc_uri fixes the problem without
any other changes and is the value we should have been using.
Patch will follow shortly after some more testing.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list