TiddlySpace cookie authentication problem

35 views
Skip to first unread message

Peter Neumark

unread,
May 11, 2011, 4:14:16 AM5/11/11
to TiddlyWiki
Hi!

I'd like to use TiddlySpace in a corporate setting, so I need to host
it myself. I followed all the steps in:
http://cdent.tiddlyspace.com/bags/cdent_public/tiddlers/Hosting%20your%20own%20tiddlyspace
At first it seemed like everything works, but I can't register or log
in.

Registration *does* create a record in the user mysql table, but I
also get an error message (the HTTP PUT seems to fails).
Then, when I try to log in, I see the following:

1. HTTP GET to http://localhost/challenge/tiddlywebplugins.tiddlyspace.cookie
2. The server responds with a 303 redirect /status and issues a
set_cookie for 'tiddlyweb_user' in the header
3. When the client does an HTTP GET for /status, it does not send the
tiddlyweb_user cookie in the request.

I have tried logging in from both Firefox and Chrome under linux (from
the same virtual machine). I edited cookie_form.py so the path is not
set, added a valid 'expires' value far in the future, but nothing has
changed!

When I log in to my tiddlyspace.com account, I can see that in step 3,
the client (correctly sends the tiddlyweb_user cookie in the request
headers). I also noticed that tiddlyspace.com uses a cscf_token
cookie, which my local installation does not. Could this be the
problem? If so, how can I fix it.

I would really appreciate some answers, because we are on a very tight
deadline for this project.
Thank you in advance,
Peter Neumark

Peter Neumark

unread,
May 11, 2011, 5:43:05 AM5/11/11
to TiddlyWiki
A small correction:
It seems that the cookie will be correctly sent to the server if I use any other hostname than localhost. Right now I am running into the problem that the server is responding with a HTTP400 (originating from csrf.py).

All help is appreciated!
Peter


--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To post to this group, send email to tiddl...@googlegroups.com.
To unsubscribe from this group, send email to tiddlywiki+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/tiddlywiki?hl=en.


chris...@gmail.com

unread,
May 11, 2011, 7:49:02 AM5/11/11
to TiddlyWiki
On May 11, 9:14 am, Peter Neumark <neumark.pe...@gmail.com> wrote:
> Hi!

Hi! For stuff related to TiddlySpace you are likely to get the
quickest responses by posting to the TiddlyWeb group:
http://groups.google.com/group/tiddlyweb

I'll go head and answer you here, but if we could continue the thread
in that group, that would be great.

> I'd like to use TiddlySpace in a corporate setting, so I need to host
> it myself. I followed all the steps in:http://cdent.tiddlyspace.com/bags/cdent_public/tiddlers/Hosting%20you...
> At first it seemed like everything works, but I can't register or log
> in.

It is most likely this is related to a problem in your
tiddlywebconfig.py file, especially the server_host setting. Can you
post (or send to me privately if you don't want to expose your domain
to the public) your tiddlywebconfig.py so I can get some sense of
what's going on in there?

TiddlySpace requires that the server_host['host'] be set to an
externally visible domain and that you access the server by one of two
ways:

* that domain (e.g. tiddlyspace.com)
* a host within that domain (e.g. cdent.tiddlyspace.com)

If you access over 'localhost' you will reach the server, but then a
few things won't work predictably including:

* domain setting on cookies
* doing PUTs of tiddlers from within a generated TiddlyWiki

On tiddlyspace.com that domain points to an IP but so too does the
wildcard domain of *.tiddlyspace.com. A similar setup is what you want
for your server.

If messing with DNS is not possible, or at least not in a testing
scenario, then you can do something like this in /etc/hosts of the
server and the client machines you are testing with:

127.0.0.1 tiddlyspace.org cdent.tiddlyspace.org
fnd.tiddlyspace.org psd.tiddlyspace.org monkey.tiddlyspace.org system-
theme.tiddlyspace.org

replace '127.0.0.1' with the IP of the server in the /etc/hosts on the
client machines.

> Registration *does* create a record in the user mysql table, but I
> also get an error message (the HTTP PUT seems to fails).

You can get more detail about what's happening on the server by
adding:

'log_level': 'DEBUG'

within the config dictionary of tiddlywebconfig.py and restarting the
server. Debugging messages will be sent to a file named
'tiddlyweb.log' in the instance directory.

> 1. HTTP GET tohttp://localhost/challenge/tiddlywebplugins.tiddlyspace.cookie
> 2. The server responds with a 303 redirect /status and issues a
> set_cookie for 'tiddlyweb_user' in the header
> 3. When the client does an HTTP GET for /status, it does not send the
> tiddlyweb_user cookie in the request.

Is the cookie restricted to a different domain than the one to which
the GET for /status is sent?

> When I log in to my tiddlyspace.com account, I can see that in step 3,
> the client (correctly sends the tiddlyweb_user cookie in the request
> headers). I also noticed that tiddlyspace.com uses a cscf_token
> cookie, which my local installation does not. Could this be the
> problem? If so, how can I fix it.

The csrf_token cookie should start showing up once the other cookie
issues have resolved. As you have said in your subsequent posting
using another hostname gets you a bit closer. Make sure that you have
flushed all your tiddlyweb/space related cookies before trying the
process again.

> I would really appreciate some answers, because we are on a very tight
> deadline for this project.

I'm going to be away from the network for the next 8 hours or so, but
will be back later and will be happy to continue helping however I
can. Seeing the tiddlywebconfig.py will be a good starting point. That
you got things running at all means you've made it past what ought to
be the hard parts, what's left are just tweaky details (I think). We
should be able to figure it out.
Reply all
Reply to author
Forward
0 new messages