Why are cookies resent for external TG widgets?

6 views
Skip to first unread message

wul...@gmail.com

unread,
Aug 23, 2007, 6:02:02 PM8/23/07
to TurboGears
I am having problems where external TG widgets (for example the
remoteForm, calendar, tabber, TinyMCE, etc) are responding with a "set-
cookie" response header when it shouldn't be (the request passes a tg-
visit, so the response should not reset the cookie!). I don't have
any issues with internal TG static files such as Mochikit, or external
static files such as my own jscript/css files. I have trying to track
this bug down for a while, and it only happens on IE6 and IE7.

Here is a request and response:

GET http: //MYDOMAIN.com/tg_widgets/turbogears.widgets/ajax.js HTTP/
1.1
Accept: */*
Referer: http://MYDOMAIN.com/analysis/new
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET
CLR 1.1.4322)
Proxy-Connection: Keep-Alive
Host: MYDOMAIN.com
Cookie: tg-visit=4641ab13c4be5f964bc992d76d48167a57ea78e7

HTTP/1.1 200 OK
Date: Thu, 23 Aug 2007 20:32:31 GMT
Content-Length: 2738
Content-Type: application/x-javascript
Server: CherryPy/2.2.1
Last-Modified: Wed, 16 May 2007 03:19:21 GMT
Set-Cookie: tg-visit=fa6308c9d865f581cbd6fc375edb076d35b3fefa;
expires=Sat, 18-Jul-2009 07:16:03 GMT; Path=/
X-Cache: HIT from MYDOMAIN.com
Via: 1.1 inet-nc02 (NetCache NetApp/6.0.6)

W-Mark Kubacki

unread,
Aug 23, 2007, 7:01:14 PM8/23/07
to turbo...@googlegroups.com
wula...@gmail.com wrote:
> I am having problems where external TG widgets (for example the
> remoteForm, calendar, tabber, TinyMCE, etc) are responding with a "set-
> cookie" response header when it shouldn't be (the request passes a tg-
> visit, so the response should not reset the cookie!). I don't have
> any issues with internal TG static files such as Mochikit, or external
> static files such as my own jscript/css files. I have trying to track
> this bug down for a while, and it only happens on IE6 and IE7.
>
> Here is a request and response: [...]

You're right. But this bug doesn't happen only with IE but at least with FF,
too. Therefore let's assume with all browsers.

(If you happen to host your applications with Apache you can add this directive:
<Location /tg_widgets/>
Header unset Set-Cookie
...
</Location>
)

-- W-Mark Kubacki

wul...@gmail.com

unread,
Aug 24, 2007, 7:28:40 PM8/24/07
to TurboGears
Hi,

I am unable to unset the 'set-cookie'. Strangely, I am able to add
headers, so this validates that mod_headers is working. Does this
make sense?

<IfModule mod_headers.c>
Header add MyHeader "ADDED TO ALL HEADERS!"
<Files ~ "\.(js|css|gif|jpe?g|png)$">
Header add MyHeader-2 "ADDED TO SPECIFIC FILES!"
Header append Cache-Control "public"
Header unset Set-Cookie
Header unset "Set-Cookie"
</Files>
</IfModule>

The result of the above:

HTTP/1.1 200 OK
Date: Fri, 24 Aug 2007 23:32:00 GMT
Server: CherryPy/2.2.1
MS-Author-Via: DAV
MyHeader: ADDED TO ALL HEADERS!
MyHeader-2: ADDED TO SPECIFIC FILES!
Cache-Control: public


Last-Modified: Wed, 16 May 2007 03:19:21 GMT
Set-Cookie: tg-visit=fa6308c9d865f581cbd6fc375edb076d35b3fefa;
expires=Sat, 18-Jul-2009 07:16:03 GMT; Path=/

Content-Length: 2738
Content-Type: application/x-javascript
Age: 1290
X-Cache: HIT from MYDOMAIN.com
Connection: close


On Aug 23, 4:01 pm, W-Mark Kubacki <wm...@hurrikane.de> wrote:

> smime.p7s
> 5KDownload

Reply all
Reply to author
Forward
0 new messages