Webware for Python

Hank Freeman wrote:
> My Webware install is up and running, on Apache 2, and tests are successful.
> However, although the password is entered correctly, and cookies are
> enabled, it is not accepted.  I removed all cookies for my site, and tried
> "one more time" and confirmed a cookie is set. ...

Are you talking about the password for the Administration pages? Does it 
work with the built-in HTTP server (http://localhost:8080/Admin/)? Do 
Webware sessions work (check with the CountVisits example)?

-- Christoph

Yes, this is regarding access to the admin pages.  Yes, they work from the
built-in HTTP server.  Webware sessions and the other pages displayed from
the provided Main.py also work.  I also just tested this from IE, and the
authentication works from Internet Explorer 6.0.2800.1106.  This issue arose
in my default browser, Firefox 1.5.  I have not tested it from Netscape at
all.

--Hank
  -----Original Message-----
  From: webware-discuss-admin@...
[mailto:webware-discuss-admin@... Behalf Of Christoph
Zwerschke
  Sent: Wednesday, January 11, 2006 5:54 PM
  To: webware-discuss@...
  Subject: Re: [Webware-discuss] Admin password rejected


               Sender ALLOWED   [ Remove ]  [ Block ]    details

              Vanquish Anti-Spam Control Panel




  Hank Freeman wrote:
  > My Webware install is up and running, on Apache 2, and tests are
successful.
  > However, although the password is entered correctly, and cookies are
  > enabled, it is not accepted.  I removed all cookies for my site, and
tried
  > "one more time" and confirmed a cookie is set. ...

  Are you talking about the password for the Administration pages? Does it
  work with the built-in HTTP server (http://localhost:8080/Admin/)? Do
  Webware sessions work (check with the CountVisits example)?

  -- Christoph


  -------------------------------------------------------
  This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
  for problems?  Stop!  Download the new AJAX search engine that makes
  searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
  http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
  _______________________________________________
  Webware-discuss mailing list
  Webware-discuss@...
  https://lists.sourceforge.net/lists/listinfo/webware-discuss

Hank Freeman wrote:
> Yes, this is regarding access to the admin pages.  Yes, they work from 
> the built-in HTTP server.  Webware sessions and the other pages 
> displayed from the provided Main.py also work.  I also just tested this 
> from IE, and the authentication works from Internet Explorer 
> 6.0.2800.1106.  This issue arose in my default browser, Firefox 1.5.  I 
> have not tested it from Netscape at all.

I can assure you that the Admin pages of Webware 0.9 work with Firefox 
1.5 and Apache 2 except you have disabled cookies. Are you sure that 
cookies are enabled and the "CountVisits" example works (really counts) 
with Firefox? Are you sure you entered the password correctly (as in 
Application.config)?

-- Christoph

First, I believe you.  It works, with Firefox 1.5, if I am on the console of
the server (Fedora Core 2) where my site is hosted.  It works from Internet
Explorer from my personal workstation (MS Win 2K Pro SP4).  It sets the same
cookie on the server Firefox instance that it sets on my personal
workstation from Firefox 1.5.  I tested from my personal workstation with
Netscap 7.2 and that works as well.  Something is wrong with the Firefox
configuration on my desktop that is munging up the authentication.

Is there a way to get Webware to log or disclose mor information on the
authentication dialog from the application server side?  I'd like to find
out if the password is actually getting there, and what the data is when it
does.

--Hank
  -----Original Message-----
  From: webware-discuss-admin@...
[mailto:webware-discuss-admin@... Behalf Of Christoph
Zwerschke
  Sent: Wednesday, January 11, 2006 7:51 PM
  To: webware-discuss@...
  Subject: Re: [Webware-discuss] Admin password rejected


               Sender ALLOWED   [ Remove ]  [ Block ]    details

              Vanquish Anti-Spam Control Panel




  Hank Freeman wrote:
  > Yes, this is regarding access to the admin pages.  Yes, they work from
  > the built-in HTTP server.  Webware sessions and the other pages
  > displayed from the provided Main.py also work.  I also just tested this
  > from IE, and the authentication works from Internet Explorer
  > 6.0.2800.1106.  This issue arose in my default browser, Firefox 1.5.  I
  > have not tested it from Netscape at all.

  I can assure you that the Admin pages of Webware 0.9 work with Firefox
  1.5 and Apache 2 except you have disabled cookies. Are you sure that
  cookies are enabled and the "CountVisits" example works (really counts)
  with Firefox? Are you sure you entered the password correctly (as in
  Application.config)?

  -- Christoph



  -------------------------------------------------------
  This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
  for problems?  Stop!  Download the new AJAX search engine that makes
  searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
  http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
  _______________________________________________
  Webware-discuss mailing list
  Webware-discuss@...
  https://lists.sourceforge.net/lists/listinfo/webware-discuss

> Is there a way to get Webware to log or disclose mor information on the 
> authentication dialog from the application server side?  I'd like to 
> find out if the password is actually getting there, and what the data is 
> when it does.

The easiest way is to add print statements, see
http://www.w4py.org/WebKit/Docs/UsersGuide.html#debugging
The output will be visible in the logs. You may want to start the 
AppServer script with the "-u" option to have unbuffered output.

The servlets in question are in /Webware/WebKit/Admin

-- Christoph

Okay, now I know what is going on, but I don't know why, or what to do about
it...  Everything in the authentication works perfectly save for one thing.
It appears that the call for loginid = session.value('loginid',None) at the
beginning of the authentication block returns a different value than does
request.field('lgoinid', 'nologin').  As a result, the second phrase of the
"if ..." statement that verifies the login fails.  This only happens with
Firefox 1.5 from my desktop.  All my other browsers return the same value in
both calls.  Does this suggest some possible cause in the browser?

Regardless, thanks for all your help.  Clearly, Webware is not at fault
here, and I will pursue the browser issues with the Mozilla folks for some
explanation.  If I find out anything probitive I will post it back to this
thread for future reference.

--Hank

  -----Original Message-----
  From: webware-discuss-admin@...
[mailto:webware-discuss-admin@... Behalf Of Christoph
Zwerschke
  Sent: Thursday, January 12, 2006 3:44 AM
  To: webware-discuss@...
  Subject: Re: [Webware-discuss] Admin password rejected


               Sender ALLOWED   [ Remove ]  [ Block ]    details

              Vanquish Anti-Spam Control Panel




  > Is there a way to get Webware to log or disclose mor information on the
  > authentication dialog from the application server side?  I'd like to
  > find out if the password is actually getting there, and what the data is
  > when it does.

  The easiest way is to add print statements, see
  http://www.w4py.org/WebKit/Docs/UsersGuide.html#debugging
  The output will be visible in the logs. You may want to start the
  AppServer script with the "-u" option to have unbuffered output.

  The servlets in question are in /Webware/WebKit/Admin

  -- Christoph


  -------------------------------------------------------
  This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
  for problems?  Stop!  Download the new AJAX search engine that makes
  searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
  http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
  _______________________________________________
  Webware-discuss mailing list
  Webware-discuss@...
  https://lists.sourceforge.net/lists/listinfo/webware-discuss

Mystery solved.  I am using the "Faster Fox" plug-in.  It does pre-fetching
of links on a page.  With the setting at "Turbo" (most aggressive) this
authentication fails.  For me, it fails at all settings above "Courteous".
(YMMV)  Dialing back the aggressiveness of the plug-in resolved this issue.
Thanks again for all the help.

--Hank
  -----Original Message-----
  From: webware-discuss-admin@...
[mailto:webware-discuss-admin@... Behalf Of Hank
Freeman
  Sent: Thursday, January 12, 2006 5:47 PM
  To: webware-discuss@...
  Subject: RE: [Webware-discuss] Admin password rejected


               Sender ALLOWED   [ Remove ]  [ Block ]    details

              Vanquish Anti-Spam Control Panel




  Okay, now I know what is going on, but I don't know why, or what to do
about it...  Everything in the authentication works perfectly save for one
thing.  It appears that the call for loginid = session.value('loginid',None)
at the beginning of the authentication block returns a different value than
does request.field('lgoinid', 'nologin').  As a result, the second phrase of
the "if ..." statement that verifies the login fails.  This only happens
with Firefox 1.5 from my desktop.  All my other browsers return the same
value in both calls.  Does this suggest some possible cause in the browser?

  Regardless, thanks for all your help.  Clearly, Webware is not at fault
here, and I will pursue the browser issues with the Mozilla folks for some
explanation.  If I find out anything probitive I will post it back to this
thread for future reference.

  --Hank

    -----Original Message-----
    From: webware-discuss-admin@...
[mailto:webware-discuss-admin@... Behalf Of Christoph
Zwerschke
    Sent: Thursday, January 12, 2006 3:44 AM
    To: webware-discuss@...
    Subject: Re: [Webware-discuss] Admin password rejected


                 Sender ALLOWED   [ Remove ]  [ Block ]    details

                Vanquish Anti-Spam Control Panel




    > Is there a way to get Webware to log or disclose mor information on
the
    > authentication dialog from the application server side?  I'd like to
    > find out if the password is actually getting there, and what the data
is
    > when it does.

    The easiest way is to add print statements, see
    http://www.w4py.org/WebKit/Docs/UsersGuide.html#debugging
    The output will be visible in the logs. You may want to start the
    AppServer script with the "-u" option to have unbuffered output.

    The servlets in question are in /Webware/WebKit/Admin

    -- Christoph


    -------------------------------------------------------
    This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
    for problems?  Stop!  Download the new AJAX search engine that makes
    searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
    http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
    _______________________________________________
    Webware-discuss mailing list
    Webware-discuss@...
    https://lists.sourceforge.net/lists/listinfo/webware-discuss

Thanks for the update. Do you know if that plug-in leaves it's
signature in either an HTTP header or in the user agent string? It
would be nice to know when troubleshooting in the future.

-Chuck

On 1/12/06, Hank Freeman <hfreeman@...> wrote:
>
> Mystery solved.  I am using the "Faster Fox"  plug-in.  It does pre-fetch=
ing of links on a page.  With the setting  at "Turbo" (most aggressive) thi=
s authentication fails.  For me, it fails  at all settings above "Courteous=
".  (YMMV)  Dialing back the  aggressiveness of the plug-in resolved this i=
ssue.  Thanks again for all  the help.
>
> --Hank
>
> -----Original Message-----
> From:    webware-discuss-admin@...    [mailto:webware-d=
iscuss-admin@... Behalf Of Hank    Freeman
> Sent: Thursday, January 12, 2006 5:47 PM
> To:    webware-discuss@...
>
> Subject: RE: [Webware-discuss]    Admin password rejected
>
>
>
>
>
>               Sender ALLOWED               [                Remove       =
         ]  [ Block                ]                details
>
>              Vanquish Anti-Spam Control                Panel
>
>
> Okay, now I know what is going on, but I don't know why, or what to do   =
 about it...  Everything in the authentication works perfectly save for    =
one thing.  It appears that the call for loginid =3D    session.value('logi=
nid',None) at the beginning of the authentication block    returns a differ=
ent value than does request.field('lgoinid', 'nologin').     As a result, t=
he second phrase of the "if ..." statement that verifies    the login fails=
.  This only happens with Firefox 1.5 from my    desktop.  All my other bro=
wsers return the same value in both    calls.  Does this suggest some possi=
ble cause in the browser?
>
> Regardless, thanks for all your help.  Clearly, Webware    is not at faul=
t here, and I will pursue the browser issues with the Mozilla    folks for =
some explanation.  If I find out anything probitive I will post    it back =
to this thread for future reference.
>
> --Hank
>
>
> -----Original Message-----
> From:      webware-discuss-admin@...      [mailto:webwa=
re-discuss-admin@... Behalf Of      Christoph Zwerschk=
e
> Sent: Thursday, January 12, 2006 3:44      AM
> To: webware-discuss@...
> Subject:      Re: [Webware-discuss] Admin password rejected
>
>
>
>
>                 Sender ALLOWED                 [                  Remove =
                 ]  [ Block                  ]                  details
>
>                Vanquish Anti-Spam                  Control      Panel
>
>  > Is there a way to get Webware to log or disclose      mor information =
on the
> > authentication dialog from the application      server side?  I'd like =
to
> > find out if the password is      actually getting there, and what the d=
ata is
> > when it      does.
>
> The easiest way is to add print statements, see
> http://www.w4py.org/WebKit/Docs/UsersGuide.html#debugging
> The      output will be visible in the logs. You may want to start the
> AppServer      script with the "-u" option to have unbuffered output.
>
> The servlets      in question are in /Webware/WebKit/Admin
>
> --      Christoph
>
>
> -------------------------------------------------------
> This      SF.net email is sponsored by: Splunk Inc. Do you grep through l=
og      files
> for problems?  Stop!  Download the new AJAX      search engine that makes
> searching your log files as easy as surfing      the  web.  DOWNLOAD SPLU=
NK!
> http://ads.osdn.com/?ad_id=3D7637&alloc_id=3D16865&op=3Dclick
> _______________________________________________
> Webware-discuss      mailing list
> Webware-discuss@...
> https://lists.sourceforge.net/lists/listinfo/webware-discuss
>

Hank Freeman wrote:
> Mystery solved.  I am using the "Faster Fox" plug-in.  It does pre-fetching
> of links on a page.  With the setting at "Turbo" (most aggressive) this
> authentication fails.  For me, it fails at all settings above "Courteous".
> (YMMV)  Dialing back the aggressiveness of the plug-in resolved this issue.
> Thanks again for all the help.

Thank you for the feedback. Now the reason for this problem is clear: 
Fasterfox loaded all the other Admin links in the background which 
resulted in opening a lot of login pages. Each call of the login page 
changed the login id in the session, so that the original login id did 
not fit any more.

If I understand correctly, the login id is used to ensure nobody can 
circumvent the login page (e.h. by providing user and password directly 
as parameters in the URL). So I left the login id mechanism in the code, 
but changed it so that no new login id is created if there is already 
one in the current session. I have checked that in already. The Example 
and Admin pages are not really important, but intended to give people an 
idea how things should be done; so they should do it correctly.

But there is still one thing that I do not understand: I checked this 
with Fasterfox, and I noticed these two bugs/features:
1) Fasterfox makes the links lowercase before pref etching them. It does 
not work at all if links contain uppercase letters and are case 
sensitive (which is the case for the Webware Example/Admin pages!)
2) Fasterfox checks whether links have an extension that looks like a 
static page (e.g. ".html"). If they have no extension (which is the case 
for the Webware Example/Admin pages), then they are not prefetched.
So only after I changed these two things in Fasterfox, I could reproduce 
the described behavior. Are you using a different version of Fasterfox 
(I checked with 1.0.2 which seems to be current).

-- Christoph

Chuck Esterbrook wrote:
> Thanks for the update. Do you know if that plug-in leaves it's
> signature in either an HTTP header or in the user agent string? It
> would be nice to know when troubleshooting in the future.

You can recognize prefetching from Firefox by the following header:
X-Moz: prefetch

Firefox can do this even without Fasterfox if a web page provides 
certain prefetch link tags or headers. The Fasterfox extension has a 
setting where it does prefetching more aggressively.

-- Christoph

Yes, my Fasterfox version is significantly older: 0.7.9 is what I am at now.

--Hank
  -----Original Message-----
  From: webware-discuss-admin@...
[mailto:webware-discuss-admin@... Behalf Of Christoph
Zwerschke
  Sent: Friday, January 13, 2006 3:28 AM
  To: webware-discuss@...
  Subject: Re: [Webware-discuss] Admin password rejected


               Sender ALLOWED   [ Remove ]  [ Block ]    details

              Vanquish Anti-Spam Control Panel




  Hank Freeman wrote:
  > Mystery solved.  I am using the "Faster Fox" plug-in.  It does
pre-fetching
  > of links on a page.  With the setting at "Turbo" (most aggressive) this
  > authentication fails.  For me, it fails at all settings above
"Courteous".
  > (YMMV)  Dialing back the aggressiveness of the plug-in resolved this
issue.
  > Thanks again for all the help.

  Thank you for the feedback. Now the reason for this problem is clear:
  Fasterfox loaded all the other Admin links in the background which
  resulted in opening a lot of login pages. Each call of the login page
  changed the login id in the session, so that the original login id did
  not fit any more.

  If I understand correctly, the login id is used to ensure nobody can
  circumvent the login page (e.h. by providing user and password directly
  as parameters in the URL). So I left the login id mechanism in the code,
  but changed it so that no new login id is created if there is already
  one in the current session. I have checked that in already. The Example
  and Admin pages are not really important, but intended to give people an
  idea how things should be done; so they should do it correctly.

  But there is still one thing that I do not understand: I checked this
  with Fasterfox, and I noticed these two bugs/features:
  1) Fasterfox makes the links lowercase before pref etching them. It does
  not work at all if links contain uppercase letters and are case
  sensitive (which is the case for the Webware Example/Admin pages!)
  2) Fasterfox checks whether links have an extension that looks like a
  static page (e.g. ".html"). If they have no extension (which is the case
  for the Webware Example/Admin pages), then they are not prefetched.
  So only after I changed these two things in Fasterfox, I could reproduce
  the described behavior. Are you using a different version of Fasterfox
  (I checked with 1.0.2 which seems to be current).

  -- Christoph


  -------------------------------------------------------
  This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
  for problems?  Stop!  Download the new AJAX search engine that makes
  searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
  http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
  _______________________________________________
  Webware-discuss mailing list
  Webware-discuss@...
  https://lists.sourceforge.net/lists/listinfo/webware-discuss

Hank Freeman wrote:
> Yes, my Fasterfox version is significantly older: 0.7.9 is what I am at now.

Ok - then all mysteries are solved ;-)

-- Christoph