Description
Unless MOIN_ID is the first or only cookie for a site, it does not work and login is always lost after navigating away from the login page
Example
If more than one cookie is send via moin (for example by an action or a macro), only the last cookie is send to the client. This may overwrite the moin session cookie.
Details
This Wiki (Twisted)
Workaround
Avoid presence of other cookies on site if possible. No workaround if MoinMoin is on a site that uses a global cookie for the whole site that will be first (i.e. a site that uses AuthCookie)
Discussion
Fix MoinMoin code to iterate through all cookies and not just assume MOIN_ID will be the only one.
With what kind of server environment does this error happen? CGI? Twisted? FastCGI?
This happens with Twisted only. RequestTwisted uses Request.setHttpHeader to set headers. It sends cookies by sending headers, cause there is no other API function for it. But setHttpHeader overwrites any pervious header with the same key. So only the last header gets send.
Solution: Filter out Set-Cookie headers in http_headers and add them to the twisted response via addCookie API Function.
-- OliverGraf 2004-08-02 20:16:26
Plan
- Priority: medium - not many cookies are set beside the session id
Assigned to: OliverGraf
- Status: fixed in 1.3