Description
If cookie_path is set to something different than the SCRIPT_NAME that MoinMoin gets when run, the Logout button won't delete the MOIN_ID cookie.
Steps to reproduce
Set cookie_path in wikiconfig.py to something different from SCRIPT_NAME (maybe add or delete a /)
- Login
- Logout
- Go to another page, and find yourself not logged in
Details
MoinMoin Version |
1.5.2 |
OS and Version |
Mandrake 10.1 |
Python Version |
2.3.4 |
Server Setup |
Apache running MoinMoin as as CGI script |
Server Details |
|
Workaround
Don't use cookie_path in wikiconfig.py.
Discussion
Here's the simple patch. Note that request.setCookie handles this right, it just wasn't added to request.deleteCookie.
--- MoinMoin/request.py 2006-02-04 07:38:56.000000000 -0500 +++ MoinMoin-copy/request.py 2006-02-19 23:51:39.000000000 -0500 @@ -1314,7 +1314,10 @@ c['MOIN_ID'] = '' if self.cfg.cookie_domain: c['MOIN_ID']['domain'] = self.cfg.cookie_domain - c['MOIN_ID']['path'] = self.getScriptname() + if self.cfg.cookie_path: + c['MOIN_ID']['path'] = self.cfg.cookie_path + else: + c['MOIN_ID']['path'] = self.getScriptname() c['MOIN_ID']['max-age'] = 0 # Set expires to one year ago for older clients yearago = time.time() - (3600 * 24 * 365)
Plan
- Priority:
Assigned to: ThomasWaldmann
- Status: refactored code, see patch moin--main--1.5--patch-455