auth_cas redis session_filename + logout issue

26 views
Skip to first unread message

Mark Graves

unread,
Aug 18, 2017, 1:22:40 AM8/18/17
to web2py-users
Hey everyone,  

Question / potential bug(s):

I created the following to reproduce:


Basically, when I run that setup.sh, it sets up two apps and installs redis in virtual environments, copies in web2py, and replaces db.py with the one in the main repo.

Its the only file that has changed from a default web2py setup.

The odd thing is that when I run these apps, the consumer app sets response.session_file to None, and has a response.session_filename

The file does not exist after a single request.  It may at some point during the request (easy enough to check).

It does not appear to have the same effect on the cas_provider app, at least via the output (neither is a key in response object)

I think this is around 883 but not sure, in https://github.com/web2py/web2py/blob/master/gluon/globals.py

There are distinctly two times that response.session_filename gets called in that file only for the consumer app. I figured that out by logging to console around every call.

I don't know if thats intentional, or a bug.

The second part however, may be related to setup.

I can logout from the session via the provider app, but attempting to logout via the consumer app gives me a foreign key error. didnt have time to jump into the generation of logout url.

Thoughts?

Mark Graves

unread,
Aug 18, 2017, 1:35:02 PM8/18/17
to web2py-users
On deeper inspection, the logout issue is strange, and related to the redis sessions.

auth.settings.login_form.cas_logout_url


is the right URL.  If I visit it independently in a browser it works as expected. 

However, there are no auth_users created in the cas_consumer app when redis sessions are used.  They are created when redis sessions are not used.

Is that expected behavior?  It strikes me as a misconfiguration issue.

Mark Graves

unread,
Aug 24, 2017, 5:43:05 AM8/24/17
to web...@googlegroups.com
Got it!

migrate = False, migrate_enabled = False to fix the FK error.  

Still no clue on why its declaring a session file_name.

Oddly enough, its a string in this case, but in file based sessions its an open file object.

It still seems to be only in memory CAS clients that have the issue.

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/u5r2lvAxAD4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages