[mod_python] the domain name in mod_python's session/cookie management

Kevin Wang kwang at activegrid.com
Mon Mar 20 17:44:44 EST 2006

Hi All,

The reason I am asking this is because I found a problem with mod_python's 
Set-Cookie response.  I am assuming that the standard way for setting a 
cookie in a response is that both the application path and domain name are 
supplied so that the next time, the browser will decide if to use this 
cookie for a certain domain and application path.

Looks like mod_python never sets the domain name in "Set-Cookie" header, but 
both firefox and IE browsers are smart enough to assume that the cookie 
belongs to the host requested.  So it works for both firefox and IE. 
However, in the case of request coming from an IE frame, it no longer works! 
  I have no idea why it doesn't work in an IE frame.

To me, the right solution should be that mod_python always sets the domain 
name if one is passed in.

Please let me know if I have missed something or made some obvious mistake.


-- Kevin

Hi All,

When a new session/cookie is created on mod_python side, from the source
code (mod_python/Session.py, mod_python/Cookie.py), I don't see how
mod_python sets the domain name for the Set-Cookie http header.

Without the domain name, the cookie set in the browser is useless (at least
in IE).  How does it work?  Am I missed anything?

Any help or input is appreciated.


-- Kevin

More information about the Mod_python mailing list