Home / Browse / Webware for Python / Mail / Archive

Webware for Python

Email Archive: webware-discuss (read-only)

2000:	_Jan	_Feb	_Mar	_Apr	_May (149)	_Jun (174)	_Jul (41)	_Aug (118)	_Sep (72)	_Oct (111)	_Nov (69)	_Dec (147)
2001:	_Jan (242)	_Feb (276)	_Mar (363)	_Apr (704)	_May (183)	_Jun (209)	_Jul (173)	_Aug (230)	_Sep (80)	_Oct (306)	_Nov (338)	_Dec (291)
2002:	_Jan (273)	_Feb (294)	_Mar (303)	_Apr (463)	_May (319)	_Jun (182)	_Jul (160)	_Aug (140)	_Sep (192)	_Oct (302)	_Nov (238)	_Dec (176)
2003:	_Jan (179)	_Feb (222)	_Mar (256)	_Apr (167)	_May (139)	_Jun (145)	_Jul (113)	_Aug (259)	_Sep (146)	_Oct (124)	_Nov (143)	_Dec (66)
2004:	_Jan (58)	_Feb (128)	_Mar (193)	_Apr (228)	_May (111)	_Jun (107)	_Jul (93)	_Aug (78)	_Sep (48)	_Oct (99)	_Nov (104)	_Dec (119)
2005:	_Jan (115)	_Feb (124)	_Mar (86)	_Apr (41)	_May (52)	_Jun (21)	_Jul (32)	_Aug (14)	_Sep (52)	_Oct (30)	_Nov (19)	_Dec (19)
2006:	_Jan (43)	_Feb (35)	_Mar (68)	_Apr (21)	_May (38)	_Jun (46)	_Jul (19)	_Aug (38)	_Sep (58)	_Oct (15)	_Nov (12)	_Dec (30)
2007:	_Jan (49)	_Feb (23)	_Mar (29)	_Apr (19)	_May (33)	_Jun (4)	_Jul (10)	_Aug (26)	_Sep (2)	_Oct (9)	_Nov (1)	_Dec (21)
2008:	_Jan (15)	_Feb (3)	_Mar (10)	_Apr (8)	_May (4)	_Jun (2)	_Jul (2)	_Aug	_Sep	_Oct (2)	_Nov (13)	_Dec
2009:	_Jan (11)	_Feb (4)	_Mar	_Apr (6)	_May	_Jun (16)	_Jul (1)	_Aug	_Sep	_Oct	_Nov	_Dec (9)
2010:	_Jan (6)	_Feb (4)	_Mar (2)	_Apr (12)	_May (20)	_Jun (9)	_Jul (7)	_Aug	_Sep (1)	_Oct (5)	_Nov	_Dec (4)
2011:	_Jan	_Feb	_Mar (10)	_Apr	_May	_Jun	_Jul (9)	_Aug (2)	_Sep	_Oct	_Nov	_Dec
2012:	_Jan (2)	_Feb	_Mar	_Apr	_May	_Jun	_Jul	_Aug	_Sep (6)	_Oct (3)	_Nov (8)	_Dec (11)
2013:	_Jan (1)	_Feb (1)	_Mar	_Apr	_May	_Jun	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec


S	M	T	W	T	F	S
						1

2	3	4	5	6	7	8
		(2)
9	10	11	12	13	14	15

16	17	18	19	20	21	22

23	24	25	26	27	28	29

30

Re: [Webware-discuss] Session Issue bug found

From: Sophana <sophana@zi...> - 2007-09-04 14:02

Christoph Zwerschke a écrit :
> Sophana wrote:
>   
>> I reverted to 0.9.2 because of the cookie clear bug which I couldn't
>> find a workaround.
>>     
>
> If you provide a test case for that bug, I'll try to fix it in the next 
> version.
>
>   
>>> But this would be redirected to /wk/wk/* and not work anyway?
>>>       
>> No, in my case I only redirect / (^/$) with [PT] rewriting (Pass Through)
>> Other urls are not redirected.
>>     
>
>   
>> Here is the rewrite rule (apache 2):
>>
>>     RewriteEngine on
>>     RewriteRule ^/$ /wk/Main [PT]
>>     
>
> Ok. I thought you used something like
>
> RewriteRule ^/(.*) /wk/$1 [L,PT]
>
> In your case, since you have to servlet paths, you need to use the least 
> common path, i.e. set CookiePath explicitly to '/'.
>
> Maybe we should make '/' the default CookiePath again instead of None 
> (automatic determination)? This is less secure, but at least it will 
> always work (Microsoft policy ;-) This issue has already caused too much 
> confusion in the past.
>
>   
Could you tell us more about this security problem?

Re: [Webware-discuss] Session Issue bug found

From: Christoph Zwerschke <cito@on...> - 2007-09-04 18:33

Sophana wrote:
> Christoph Zwerschke a écrit :
>> Maybe we should make '/' the default CookiePath again instead of None 
>> (automatic determination)? This is less secure, but at least it will 
>> always work (Microsoft policy ;-) This issue has already caused too much 
>> confusion in the past.
>>   
> Could you tell us more about this security problem?

The problem with the session cookie path is explained in this document:
http://www.net-security.org/dl/articles/cookie_path.pdf

-- Christoph