Ticket #1186 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

[TiddlyWeb] using cookies on the same server over two instances

Reported by: jdlrobson Owned by: cdent
Priority: major Milestone:
Component: tiddlyweb Version:
Severity: medium Keywords: tiddlyweb
Cc:

Description

I am now running 2 instances on apache under localhost but different ports.

I have found that when I login to one of these instances using cookie authentication and then visit the other instance I get the following error: "400 Bad Request: ('malformed cookie: tiddlyweb_user',)"

I'm assuming this is something to do with the secret being different. Could it fail more graciously/silently? Or could we develop a way for adding the domain to the cookie?

Change History

Changed 2 years ago by cdent

  • priority changed from undefined to major
  • status changed from new to assigned
  • severity changed from low to medium

Changed 2 years ago by cdent

  • status changed from assigned to closed
  • resolution set to fixed

The issue here is not with the domain being set on on the cookie. That is set to the current request's host automatically.

What missing is the the cookie does have anything in it that distinguishes the port where the cookie came from. The new Set-Cookie2 spec specifies support port, but is not well supported in browsers. The original "Set-Cookie", which TiddlyWeb uses, has no support for path.

A workaround that you can use is to host at least one of the involved TiddlyWeb servers on a server_prefix path. That path will be included in the cookie information.

Another workaround is to use different hostnames for servers (and also different ports) where both hostnames point to localhost.

Note: See TracTickets for help on using tickets.