Ticket #779 (defect)
Opened 9 months ago
Last modified 3 months ago
Conflict with sessions and basic/digest auth tools
Status: closed (worksforme)
| Reported by: | dowski | Assigned to: | dowski |
|---|---|---|---|
| Priority: | normal | Milestone: | 3.1 |
| Component: | sessions | Keywords: | |
| Cc: |
It looks like there is a problem with using the session and (basic|digest)_auth tools together. This was originally reported on IRC by StoneKeeper. Attached is a sample program that demonstrates the problem. Here is the traceback:
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/CherryPy-3.0.2-py2.4.egg/cherrypy/_cpengine.py", line 244, in release
req.close()
File "/usr/lib/python2.4/site-packages/CherryPy-3.0.2-py2.4.egg/cherrypy/_cprequest.py", line 424, in close
self.hooks.run('on_end_request')
File "/usr/lib/python2.4/site-packages/CherryPy-3.0.2-py2.4.egg/cherrypy/_cprequest.py", line 90, in run
hook()
File "/usr/lib/python2.4/site-packages/CherryPy-3.0.2-py2.4.egg/cherrypy/_cprequest.py", line 58, in __call__
return self.callback(**self.kwargs)
File "/usr/lib/python2.4/site-packages/CherryPy-3.0.2-py2.4.egg/cherrypy/lib/sessions.py", line 418, in close
if sess.locked:
File "/usr/lib/python2.4/site-packages/CherryPy-3.0.2-py2.4.egg/cherrypy/__init__.py", line 234, in __getattr__
child = getattr(serving, self.__attrname__)
AttributeError: '_Serving' object has no attribute 'session'
Attachments
Change History
01/28/08 07:36:09: Modified by dowski
- attachment auth_session_conflict.py added.
02/21/08 12:43:44: Modified by guest
03/14/08 10:35:34: Modified by fumanchu
I can't seem to reproduce this either in HEAD or r1900. Can you verify it's been fixed or is invalid?
04/26/08 19:59:59: Modified by mschurter
Attached test case works for me in r1954. (Debian Sid, Python 2.5.2)
06/29/08 14:33:39: Modified by fumanchu
- status changed from new to closed.
- resolution set to worksforme.
Problem is with auth raising 401, because then before_request_body hooks are not run and thus session is not initialized.
Fix for me with existing version is hacky:
cherrypy.tools.later_digest_auth = cherrypy.Tool('before_handler', digest_auth, priority=60)Real fix would mean either not calling session hooks if hooks wasn't initialized, or checking for hasattr(cherrypy, 'session') in save/etc session hooks.
Or something more robust and less straightforward :)