[mod_python] Cookie.py problems

Alberto Ruiz al at ruiz.ws
Fri Mar 31 21:11:43 EST 2006


Something is wrong with the Cookie class because the web reply is not
sending the cookie properly.  Am I doing something wrong? This setup was
working fine on a Debian system.  It is now running on a FreeBSD.  I
sniffed the web server reply and this is what am getting:

HTTP/1.1  200 OK.
.Date: S at, 01 A
pr 2006  01:30:21
GMT..Se rver: Ap
ache/1.3 .33 (Uni
x) mod_p ython/2.
7.11 Pyt hon/2.4.
2 PHP/4. 4.2 mod_
perl/1.2 9..Keep-
Alive: t imeout=1
5, max=1 00..Conn
ection:  Keep-Ali
ve..Tran sfer-Enc
oding: c hunked..
Content- Type: te
xt/html. ...62 ..
userq=up date use
r set SI D='EndNx
nm0nnJEp Jtug4b2f
WjusIDRV 3Kw' whe
re name= 'lorim' 
and pass word='12
3'..41 . .<head><
meta htt p-equiv=
'refresh ' conten
t='0;url =/BB.htm
l'></hea d>..1  .
. ..0... .      

So as you can see I'm getting a 62 and then some wierd text from a sql
query and then the Cookie contents, as well as some other stuff.  But
'Cookie:' should be preappended to the cookie.  Here is a snippet of the
code handling the cookie:

.....
from mod_python import Cookie

def index (req,LLRuser='',LLRpw=''):
	global R; R=req; R.content_type="text/html"
	R.send_http_header()
	cur=DBconnectpropman.DB.cursor()
	sidrefreshing=0
	ZWF.R=R
	global SID;SID=''
	global UID;UID=''
	cookies = Cookie.get_cookies(R, Cookie.MarshalCookie,
secret='LLR14151111')
	
	if LLRuser!='' and LLRpw!='':  # login attempt
		if string.find(LLRuser,"@")!=-1: #client login attempt
			cur.execute("select clientid,name,password from client where
email='"+LLRuser+"'")
			userrs=cur.fetchone()
			if str(userrs)!='None':
				LLRuser=userrs[1]
				usertable='client'
		else:
			cur.execute("select * from user where name='"+LLRuser+"' and
password='"+LLRpw+"'") 
			userrs=cur.fetchone()
			usertable='user'
		if str(userrs)!='None': #login success create session key, update user
record, sett sid cookie
			SID=''
			for n in range(0,32):
				x=random.randint(48,108)
				if x>57:x+=8
				if x>90:x+=6
				SID+=chr(x)
			cookie = Cookie.Cookie('sid', SID); cookie.expires = time.time() +
36000; Cookie.add_cookie(R, cookie)
			q="update "+usertable+" set SID='"+SID+"' where name='"+LLRuser+"'
and password='"+LLRpw+"'"
			R.write("userq="+q)
			cur.execute(q)
			R.write("<head><meta http-equiv='refresh'
content='0;url=/BB.html'></head>")
			sidrefreshing=1
	if cookies.has_key('sid'):
		#we have a session id, is it valid?
		USER=ZWF.usercheck(R,cur)
		SID=USER.SID
		UID=USER.UID
		........

Let me know if you need any other info.

Can I use the regular python Cookie class instead?   



More information about the Mod_python mailing list