Description
If you run two wikis on http://localhost:8080/ and http://localhost:8081/ and try to log in and work in both in parallel using the same browser, you will encounter strange effects (logging in in one wiki logs you out in the other).
It looks like we do not put the port into the cookie (like we do with server/domain and path).
rfc 2109 states, that the browser should save cookies per cookiename/server/path AND PORT. Obviously at least Firefox does not do it like that.
There is a newer rfc 2965 about cookies (specifying Set-Cookie2 header).
The more one reads about cookie specs and their implementation, the more confusing it gets...
Component selection
- session cookie generation / storage by user agent
Details
MoinMoin Version |
1.9a |
OS and Version |
|
Python Version |
|
Server Setup |
|
Server Details |
|
Language you are using the wiki in (set in the browser/UserPreferences) |
|
Workaround
Use different server/domain name and/or path.
Discussion
Can we do better? How? Will it work in practice?
From the Python bug tracker:
Why do you want RFC 2965 compatibility? I'm not trolling; RFC 2965 is dead as an internet protocol (except as a basis for implementing the older cookie protocols, as RFC 2965 + compatibility hacks -- but $Port is not relevant in that case). The authors of the RFC gave up on an effort to publish errata to the RFC, due to the complexities and the lack of interest from the internet at large. AFAIK, $Port is not implemented by browsers (except for maybe Opera and lynx, IIRC). It just never caught on. See also http://python.org/sf/1638033
From the Django tracker: "(I just checked: it still only supports RFC2109 in Python 2.5)"
Plan
- Priority:
- Assigned to:
- Status: not a moin bug, but a limitation of the cookies - looks like we have to live with it
Workaround: http://hg.moinmo.in/moin/1.9/rev/4226fde63931, please test