Hello,

When someone has an expired session from an HTTP Authentification, this message is displayed in logs:

2007/10/19 13:24 CEST [HTTPChannel,2,127.0.0.1] expired session HTTP AUTH: romain:PASSWORD

To not show password, we can use this patch:

*** guard.py 2007-10-19 14:01:22.000000000 +0200 --- guard.py.last 2007-10-19 14:01:17.000000000 +0200 *************** class SessionWrapper: *** 335,341 **** cookie = request.getCookie(self.cookieKey) # support HTTP auth, no redirections userpass = request.getUser(), request.getPassword() ! httpAuthSessionKey = 'HTTP AUTH: %s:%s' % userpass

for sessionKey in cookie, httpAuthSessionKey: if sessionKey in self.sessions: --- 335,341 ---- cookie = request.getCookie(self.cookieKey) # support HTTP auth, no redirections userpass = request.getUser(), request.getPassword() ! httpAuthSessionKey = 'HTTP AUTH: %s' % request.getUser()

for sessionKey in cookie, httpAuthSessionKey: if sessionKey in self.sessions:

But if the httpAuthSessionKey is used as uniq key in session dict, I don't know if you consider that the username can be an uniq key.

So, an other way is to remove the log line which isn't really important:

*** guard.py 2007-10-19 15:29:50.000000000 +0200 --- guard.py.last 2007-10-19 14:01:17.000000000 +0200 *************** class GuardSession(components.Componenti *** 141,147 **** def expire(self): """Expire/logout of the session. """ ! log.msg("expired session %s" % str(self.uid)) del self.guard.sessions[self.uid]

# Logout of all portals --- 141,147 ---- def expire(self): """Expire/logout of the session. """ ! #log.msg("expired session %s" % str(self.uid)) del self.guard.sessions[self.uid]

# Logout of all portals

Regards,