Hello, When someone has an expired session from an HTTP Authentification, this message is displayed in logs: 2007/10/19 13:24 CEST [HTTPChannel,2,127.0.0.1] expired session HTTP AUTH: romain:PASSWORD To not show password, we can use this patch: *** guard.py 2007-10-19 14:01:22.000000000 +0200 --- guard.py.last 2007-10-19 14:01:17.000000000 +0200 *************** class SessionWrapper: *** 335,341 **** cookie = request.getCookie(self.cookieKey) # support HTTP auth, no redirections userpass = request.getUser(), request.getPassword() ! httpAuthSessionKey = 'HTTP AUTH: %s:%s' % userpass for sessionKey in cookie, httpAuthSessionKey: if sessionKey in self.sessions: --- 335,341 ---- cookie = request.getCookie(self.cookieKey) # support HTTP auth, no redirections userpass = request.getUser(), request.getPassword() ! httpAuthSessionKey = 'HTTP AUTH: %s' % request.getUser() for sessionKey in cookie, httpAuthSessionKey: if sessionKey in self.sessions: But if the httpAuthSessionKey is used as uniq key in session dict, I don't know if you consider that the username can be an uniq key. So, an other way is to remove the log line which isn't really important: *** guard.py 2007-10-19 15:29:50.000000000 +0200 --- guard.py.last 2007-10-19 14:01:17.000000000 +0200 *************** class GuardSession(components.Componenti *** 141,147 **** def expire(self): """Expire/logout of the session. """ ! log.msg("expired session %s" % str(self.uid)) del self.guard.sessions[self.uid] # Logout of all portals --- 141,147 ---- def expire(self): """Expire/logout of the session. """ ! #log.msg("expired session %s" % str(self.uid)) del self.guard.sessions[self.uid] # Logout of all portals Regards, -- Romain Bignon - http://vaginus.org http://www.inl.fr
participants (1)
-
Romain Bignon