|
Alberto Ruiz
al at ruiz.ws
Fri Mar 31 21:11:43 EST 2006
Something is wrong with the Cookie class because the web reply is not
sending the cookie properly. Am I doing something wrong? This setup was
working fine on a Debian system. It is now running on a FreeBSD. I
sniffed the web server reply and this is what am getting:
HTTP/1.1 200 OK.
.Date: S at, 01 A
pr 2006 01:30:21
GMT..Se rver: Ap
ache/1.3 .33 (Uni
x) mod_p ython/2.
7.11 Pyt hon/2.4.
2 PHP/4. 4.2 mod_
perl/1.2 9..Keep-
Alive: t imeout=1
5, max=1 00..Conn
ection: Keep-Ali
ve..Tran sfer-Enc
oding: c hunked..
Content- Type: te
xt/html. ...62 ..
userq=up date use
r set SI D='EndNx
nm0nnJEp Jtug4b2f
WjusIDRV 3Kw' whe
re name= 'lorim'
and pass word='12
3'..41 . .<head><
meta htt p-equiv=
'refresh ' conten
t='0;url =/BB.htm
l'></hea d>..1 .
. ..0... .
So as you can see I'm getting a 62 and then some wierd text from a sql
query and then the Cookie contents, as well as some other stuff. But
'Cookie:' should be preappended to the cookie. Here is a snippet of the
code handling the cookie:
.....
from mod_python import Cookie
def index (req,LLRuser='',LLRpw=''):
global R; R=req; R.content_type="text/html"
R.send_http_header()
cur=DBconnectpropman.DB.cursor()
sidrefreshing=0
ZWF.R=R
global SID;SID=''
global UID;UID=''
cookies = Cookie.get_cookies(R, Cookie.MarshalCookie,
secret='LLR14151111')
if LLRuser!='' and LLRpw!='': # login attempt
if string.find(LLRuser,"@")!=-1: #client login attempt
cur.execute("select clientid,name,password from client where
email='"+LLRuser+"'")
userrs=cur.fetchone()
if str(userrs)!='None':
LLRuser=userrs[1]
usertable='client'
else:
cur.execute("select * from user where name='"+LLRuser+"' and
password='"+LLRpw+"'")
userrs=cur.fetchone()
usertable='user'
if str(userrs)!='None': #login success create session key, update user
record, sett sid cookie
SID=''
for n in range(0,32):
x=random.randint(48,108)
if x>57:x+=8
if x>90:x+=6
SID+=chr(x)
cookie = Cookie.Cookie('sid', SID); cookie.expires = time.time() +
36000; Cookie.add_cookie(R, cookie)
q="update "+usertable+" set SID='"+SID+"' where name='"+LLRuser+"'
and password='"+LLRpw+"'"
R.write("userq="+q)
cur.execute(q)
R.write("<head><meta http-equiv='refresh'
content='0;url=/BB.html'></head>")
sidrefreshing=1
if cookies.has_key('sid'):
#we have a session id, is it valid?
USER=ZWF.usercheck(R,cur)
SID=USER.SID
UID=USER.UID
........
Let me know if you need any other info.
Can I use the regular python Cookie class instead?
|