Opened 16 years ago
Closed 13 years ago
#6763 closed defect (worksforme)
Sessions broken intermittently for multi-project trac
| Reported by: | Owned by: | Jonas Borgström | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | web frontend | Version: | 0.11.3 |
| Severity: | normal | Keywords: | session authentication verify |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description (last modified by )
My setup is:
- Trac 0.11b
- Apache 2.2.8
- mod_wsgi
- mod_digest authentication
- PostgreSQL database
The trac environment is setup for multi-project trac, using os.environ['TRAC_ENV_PARENT_DIR']. All of the projects use the same digest realm, but some of the projects are restricted from viewing by non-authenticated users. At one point it was possible to authenticate in one trac project and go to another and simply click 'login'. Now this works intermittently, sometimes truncating the session table fixes the problem. Sometimes clicking the login link a couple of times will also help.
The apache configuration is nearly identical to: http://code.google.com/p/modwsgi/wiki/IntegrationWithTrac except that my trac sites are under a virtual domain. with WSGIScriptAlias set to '/'.
Attachments (0)
Change History (10)
comment:1 by , 16 years ago
comment:2 by , 16 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
After a bit of a lengthy discussion, the issue turned out to be a missing AuthDigestDomain in the <LocationMatch> directive providing the authentication.
comment:3 by , 16 years ago
| Resolution: | invalid |
|---|---|
| Status: | closed → reopened |
Appears that the issue isn't currently fixed.
comment:4 by , 16 years ago
I committed a missing db.commit() yesterday to the session.py code, it may be relevant (or not).
comment:6 by , 15 years ago
This is still an issue with 0.11.2-1 again commenting out the req.incookie thing around line 155 of Session.init fixes the problem
else:
#if req.incookie.has_key(COOKIE_KEY): # sid = req.incookie[COOKIE_KEY].value # self.promote_session(sid) self.get_session(req.authname, authenticated=True)
It seems that if COOKIE_KEY is found things don't work right. While testing this whenever I would screw up the code and get a server crash, after fixing the crash it would log me in correctly.
A secondary issue is that I have to click 'login' for it to log me in, it should automatically log me in whenever I visit another trac site from my current set of sites.
comment:7 by , 15 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
It seems to have been fixed in 11.3
comment:8 by , 15 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
| Version: | 0.11b1 → 0.11.3 |
Sorry, actually it's not fixed with 0.11.3
comment:9 by , 15 years ago
| Component: | general → web frontend |
|---|---|
| Description: | modified (diff) |
| Keywords: | session authentication verify added; needinfo removed |
| Milestone: | → 0.12.1 |
Looks hard to troubleshoot short of reproducing your configuration (mod_wsgi, mod_digest, multiple environments sharing the same realm).
comment:10 by , 13 years ago
| Milestone: | next-minor-0.12.x |
|---|---|
| Resolution: | → worksforme |
| Status: | reopened → closed |
I sort of solved this by commenting out the following lines in session.py:Session.__init
# if req.incookie.has_key(COOKIE_KEY): # sid = req.incookie[COOKIE_KEY].value # self.promote_session(sid)
It seemed to me that for some reason trac is setting a session cookie, then checking it and disregarding the digest authentication data. I may be suffering from a misconfiguration.
I won't close the ticket because it _may_ be a bug, but I've hacked it on my end.