AuthTktAuthenticationPolicy: Behaviour of "wild_domain" option unclear.
27 views
Skip to first unread message
Torsten Irländer
Aug 3, 2017, 4:09:14 AM8/3/17
to pylons-discuss
Hi,
I'm in doubt how to use the "wild_domain" option in AuthTktAuthenticationPolicy correct or if I found a defect. Before opening a ticket I want to ask here.
I'm using for AuthTktAuthenticationPolicy cookie-based authentification for a site hosted under "my-app.foo.example.com"
As described in the documentation[0] I receive two cookie after authentification on default configuration:
1. my-app.foo.example.com (host-only)
I expect when setting the "wild_domain" option to false only one cookie (the host-only) is set. But the wild_domain option seems to have no effect for me. I always get those two cookies.
I do not use any of the interferring option like "domain" or "parent_domain".
How to use the "wild_domain" option correct to only receive one host-only cookie?
I'm using Pyramid 1.5.2.
Some context:
However using "domain" has some effect as I only get one cookie, but this is the wildcard and *not* the host-only one. Which isn't my expected behaviour but might be another issue.
regards
Torsten
Bert JW Regeer
Aug 3, 2017, 1:32:19 PM8/3/17
to pylons-...@googlegroups.com
We shouldn’t be sending two cookies anymore since browsers treat both .my-app.foo.example.com and my-app.foo.example.com the same, so we could save some request bandwidth, but that is another ticket for later.
In other words, wild_domain being set to True or False makes no difference anymore.
https://tools.ietf.org/html/rfc6265#section-5.2.3
> If the first character of the attribute-value string is %x2E (".”):
> Let cookie-domain be the attribute-value without the leading %x2E
> (".") character.
and:
https://tools.ietf.org/html/rfc6265#section-5.1.3
That being said, it should only be setting one cookie if wild_domain is False.
Bert
> --
> You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discus...@googlegroups.com.
> To post to this group, send email to pylons-...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/717ee1f9-4092-4841-adab-3eb331b9e7ed%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
In other words, wild_domain being set to True or False makes no difference anymore.
https://tools.ietf.org/html/rfc6265#section-5.2.3
> If the first character of the attribute-value string is %x2E (".”):
> Let cookie-domain be the attribute-value without the leading %x2E
> (".") character.
and:
https://tools.ietf.org/html/rfc6265#section-5.1.3
That being said, it should only be setting one cookie if wild_domain is False.
Bert
> You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discus...@googlegroups.com.
> To post to this group, send email to pylons-...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/717ee1f9-4092-4841-adab-3eb331b9e7ed%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Torsten Irländer
Aug 4, 2017, 9:24:26 AM8/4/17
to pylons-discuss
Thanks for your reply Bert!
Ok, in this case I think I am using the wild_domain option correct but the behaviour is not correct and there seems to be a defect. However I set this option always to cookies are set.
I will file a issue for this.
Torsten
Torsten Irländer
Aug 7, 2017, 2:56:57 AM8/7/17
to pylons-discuss
Reply all
Reply to author
Forward
0 new messages