[ic] CookieName directive fails
Davor Ocelic
docelic at mail.inet.hr
Thu Aug 11 18:12:10 EDT 2005
On Wed, 27 Jul 2005 11:52:47 -0600 (MDT)
Jon Jensen <jon at endpoint.com> wrote:
> On Wed, 27 Jul 2005, Bruno Cantieni wrote:
>
> >> I'm interested to hear if setting CookiePattern fixes your problem.
> >
> > Thanks for the feedback on this, Jon.
> > I was under the impression that Config.pm provided a default value for this:
> > ['CookiePattern', 'regex', '[-\w:.]+'],
>
> It looks like you're right. Hmm.
>
> Well, it's probably time to start adding some logDebug() calls to
> Vend::Dispatch so you can see exactly what's going on at each step of
> those routines.
Hello folks,
I was floating around CookieName for some other purposes, and I
traced your problem.
Interchange cookie is in the form:
SessionID (8 to 32 characters), followed by a colon (:),
followed by an IP address, username or domainname.
When no CookieName is set, the code takes the default path
and extracts session ID by using this hard-coded regex:
MV_SESSION_ID=(\w{8,32})[:_]
As you see, from the complete MV_SESSION_ID string, it only
takes first 8 to 32 characters, before the colon or underscore.
However, when CookieName *is* set, it tries to match this:
$::Instance->{CookieName}=($Vend::Cfg->{CookiePattern})
The problem is that CookiePattern is currently set to
'[-\w:.]+', which is too liberal, and matches the whole cookie
value instead of just the session part (8-32 chars) up to the
first comma.
I suppose the solution is to change the default CookiePattern
value from [-\w:.]+ to \w{8,32}
Otherwise, I've tested and CookieName works properly
"out of the box".
I'll commit the fix to CVS.
Regards,
-docelic at icdevgroup.org
More information about the interchange-users
mailing list