Description

This is carried over from MoinMoinBugs/1.6NoPageTrailForAnonymousUser

Using auth = [http, moin_session] on a cgi/Apache does not give a correct page trail with moin-1.6.1 for users that are logged in. The page trail contains only one item (the current page).

Example

Config example that does not work (i.e. that gives no page trail):

```
   1     from MoinMoin.auth.http import http
   2     from MoinMoin.auth import moin_session
   3     auth = [http, moin_session]
```

With moin_session_verbose = True the following log was obtained:

2008-02-06 00:27:27,226 INFO logging initialized
2008-02-06 00:27:27,303 INFO auth.moin_session: name=None login=False logout=False user_obj=<MoinMoin.user.User at 0xbba648 name:u'Linke' valid:1>
2008-02-06 00:27:27,319 INFO either no cookie or no MOIN_SESSION key

To test properly you have to delete the sessions in cache after each config-change and also to delete the cookies for the wiki that are stored in the browser.

Component selection

moin_session (likely for everything except moin_login)

Details

MoinMoin Version	1.6.1
OS and Version	Win XP Pro
Python Version	2.5.1
Server Setup	Apache 2.0.59 + modpython-3.3.1
Server Details	ntlm authentication
Language you are using the wiki in (set in the browser/UserPreferences)	en

Workaround

Add anonymous_cookie_lifetime = 1 to the config and moin_anon_session to the auth-list.

Discussion

Problem identified: moin_session checks if login:. This is only True if someone clicked on the login button in the login form and spoils it for about every other auth method than moin_login.

Plan

Priority:
Assigned to: ThomasWaldmann
Status: fixed by http://hg.moinmo.in/moin/1.6/rev/b9f07a10e373, added tests

CategoryMoinMoinBugFixed

MoinMoin: MoinMoinBugs/1.6NoPageTrailWithHttpAuth-SessionConfigPeculiarities (last edited 2008-02-10 17:26:37 by ThomasWaldmann)