[Twisted-Python] Does the default session expiry work?
I'm using twisted 8.2 and (after reading glyph's latest "Twisted in 60 seconds" entry), I've realized that my sessions never expire. I never added any session expiration code, but I thought that the default code expires after 15 minutes. In the below example, I modified twisted\web\server to make Session.sessionTimeout be 30 seconds (I also put a print statement in Session's ctor, as the log shows), then did two GETs separated by more than 30 seconds. As the log shows, it looks like the exact same session uid is being returned. I would expect it to be deleted by Session.expire, since time - lastModifiedTime > 30. Am I missing something? import sys from twisted.web import server, static from twisted.web.resource import Resource from twisted.web.server import Session, NOT_DONE_YET from twisted.internet import reactor, ssl from twisted.python import log class TestSessionResource(Resource): isLeaf = True def render_GET(self, request): session = request.getSession() print session.sessionTimeout print session.uid print session return "<html><body><p>Session Test</p></body></html>" root = TestSessionResource() reactor.listenTCP(9000, server.Site(root)) log.startLogging(sys.stdout) reactor.run() 2010-03-02 12:16:49-0600 [-] Log opened. 2010-03-02 12:16:52-0600 [HTTPChannel,0,127.0.0.1] making a new session!!! 2010-03-02 12:16:52-0600 [HTTPChannel,0,127.0.0.1] 30 2010-03-02 12:16:52-0600 [HTTPChannel,0,127.0.0.1] 338e4aa450f671b2f0115513737e643b 2010-03-02 12:16:52-0600 [HTTPChannel,0,127.0.0.1] <twisted.web.server.Session instance at 0x01042AD0> 2010-03-02 12:16:52-0600 [HTTPChannel,0,127.0.0.1] 127.0.0.1 - - [02/Mar/2010:18:16:51 +0000] "GET / HTTP/1.1" 200 45 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5" 2010-03-02 12:16:52-0600 [HTTPChannel,0,127.0.0.1] 30 2010-03-02 12:16:52-0600 [HTTPChannel,0,127.0.0.1] 338e4aa450f671b2f0115513737e643b 2010-03-02 12:16:52-0600 [HTTPChannel,0,127.0.0.1] <twisted.web.server.Session instance at 0x01042AD0> 2010-03-02 12:16:52-0600 [HTTPChannel,0,127.0.0.1] 127.0.0.1 - - [02/Mar/2010:18:16:51 +0000] "GET /favicon.ico HTTP/1.1" 200 45 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5" 2010-03-02 12:17:45-0600 [HTTPChannel,0,127.0.0.1] 30 2010-03-02 12:17:45-0600 [HTTPChannel,0,127.0.0.1] 338e4aa450f671b2f0115513737e643b 2010-03-02 12:17:45-0600 [HTTPChannel,0,127.0.0.1] <twisted.web.server.Session instance at 0x01042AD0> 2010-03-02 12:17:45-0600 [HTTPChannel,0,127.0.0.1] 127.0.0.1 - - [02/Mar/2010:18:17:44 +0000] "GET / HTTP/1.1" 200 45 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5" 2010-03-02 12:17:45-0600 [HTTPChannel,0,127.0.0.1] 30 2010-03-02 12:17:45-0600 [HTTPChannel,0,127.0.0.1] 338e4aa450f671b2f0115513737e643b 2010-03-02 12:17:45-0600 [HTTPChannel,0,127.0.0.1] <twisted.web.server.Session instance at 0x01042AD0> 2010-03-02 12:17:45-0600 [HTTPChannel,0,127.0.0.1] 127.0.0.1 - - [02/Mar/2010:18:17:44 +0000] "GET /favicon.ico HTTP/1.1" 200 45 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5"
On Tuesday 02 March 2010, markscottwright@gmail.com wrote:
Maybe you are encountering bug 3458? http://twistedmatrix.com/trac/ticket/3458 If so, upgrading Twisted would help. Bye, Maarten
On Tue, Mar 2, 2010 at 12:55 PM, Maarten ter Huurne <maarten@treewalker.org> wrote:
Thanks, that looks like a likely culprit. Please forgive me if this is more of a Trac than Twisted question, but how do I go from a trac ticket to a twisted version number? It's not clear to me from reading that ticket if 9.0 is good enough for me, or if I need to pull the svn tip. -- Mark Wright markscottwright@gmail.com
On Tuesday 02 March 2010, Mark Wright wrote:
I don't know of a guaranteed algorithm to find out in which release a fix is included. If someone knows, please enlighten me. I think SVN does not make this easy, since it copies changes around instead of linking to the original patch. Some searching turns up the following though: tags / releases / twisted-8.2.0 was created 2008-12-28 tags / releases / twisted-9.0.0 was created 2009-11-25 Jean-Paul merged the fix for ticket #3458 to trunk in revision r26133, which was committed 2009-01-28. So I would expect 9.0.0 to be the first release with the fix. Bye, Maarten
Hi Starting twistd xmpp-router and trying to connect to it with a component from the wokkel examples """ An XMPP Ping server as an external server-side component. This ping server assumes the domain C{'ping'}. """ import sys from twisted.python import log from twisted.application import app, service, internet from twisted.internet import reactor from wokkel import component from wokkel.ping import PingHandler # Configuration parameters EXT_HOST = 'localhost' EXT_PORT = 5347 SECRET = 'secret' DOMAIN = 'ping' LOG_TRAFFIC = True # Set up the Twisted application application = service.Application("Ping Component") router = component.Router() pingComponent = component.Component(EXT_HOST, EXT_PORT, DOMAIN, SECRET) pingComponent.logTraffic = LOG_TRAFFIC pingComponent.setServiceParent(application) pingHandler = PingHandler() pingHandler.setHandlerParent(pingComponent) produces the following traceback: 2010-03-03 19:24:28+0100 [XmlStream,0,127.0.0.1] Unhandled Error Traceback (most recent call last): File "\proj\Python-2.5.2\stackless-2.5.2-r63812\Modules\pyexpat.c", line 656, in EndElement ("(N)", string_intern(self, name))) File "C:\proj\twisted\twisted\words\xish\domish.py", line 797, in _onEndElement self.ElementEvent(self.currElem) File "C:\proj\twisted\twisted\words\xish\xmlstream.py", line 107, in onElement self.dispatch(element) File "C:\proj\twisted\twisted\words\xish\utility.py", line 317, in dispatch callbacklist.callback(obj) --- <exception caught here> --- File "C:\proj\twisted\twisted\words\xish\utility.py", line 107, in callback methodwrapper(*args, **kwargs) File "C:\proj\twisted\twisted\words\xish\utility.py", line 27, in __call__ self.method(*nargs, **nkwargs) File "C:\proj\twisted\twisted\words\protocols\jabber\component.py", line 171, in onElement self.onHandshake(unicode(element)) File "C:\proj\twisted\twisted\words\protocols\jabber\component.py", line 187, in onHandshake unicode(self.secret)) File "C:\proj\twisted\twisted\words\protocols\jabber\xmlstream.py", line 52, in hashPassword raise TypeError("The session identifier must be a unicode object") exceptions.TypeError: The session identifier must be a unicode object After some fiddling around it seems that the code at line 282 in twisted\words\protocols\jabber\xmlstream.py presets the sid of the stream to a str instead of a unicode(str). After changing line 282 from self.xmlstream.sid = randbytes.secureRandom(8).encode('hex') to self.xmlstream.sid = unicode(randbytes.secureRandom(8).encode('hex')) everything works as advertised. Is there somebody around who could tell me what to do with this fix, I'm certainly a beginner diddling with XMPP. Thanks a bunch, Werner
On Wed, Mar 3, 2010 at 1:56 PM, Werner Thie <wthie@thiengineering.ch> wrote:
Hello Werner, I do not know anything about twisted.words, but you should file a bug report in trac: http://twistedmatrix.com/trac/report Just out of curiosity, I did look at xmlstream and the whole unicode type checking seems unnecessary considering how the values are used: input = u"%s%s" % (sid, password) Why sid and password have to be unicode objects and not just basestring beats me. -Drew
On Wed, 2010-03-03 at 14:32 -0500, Drew Smathers wrote:
Yes, this is a problem I noticed the other day as well. A ticket, assigned to me, is in order.
For the gory details, see http://twistedmatrix.com/trac/ticket/3847. The short version is that digest authentication requires UTF-8 encoded input and GTK sets Python's default encoding to UTF-8. Before these checks, using non-ASCII characters in passwords would fail in some cases. As both the session id and password can use the full range of unicode, it makes sense to require that explicitly. ralphm
On Wed, 2010-03-03 at 22:25 +0100, Ralph Meijer wrote:
I created http://twistedmatrix.com/trac/ticket/4345 for this. ralphm
On Tuesday 02 March 2010, markscottwright@gmail.com wrote:
Maybe you are encountering bug 3458? http://twistedmatrix.com/trac/ticket/3458 If so, upgrading Twisted would help. Bye, Maarten
On Tue, Mar 2, 2010 at 12:55 PM, Maarten ter Huurne <maarten@treewalker.org> wrote:
Thanks, that looks like a likely culprit. Please forgive me if this is more of a Trac than Twisted question, but how do I go from a trac ticket to a twisted version number? It's not clear to me from reading that ticket if 9.0 is good enough for me, or if I need to pull the svn tip. -- Mark Wright markscottwright@gmail.com
On Tuesday 02 March 2010, Mark Wright wrote:
I don't know of a guaranteed algorithm to find out in which release a fix is included. If someone knows, please enlighten me. I think SVN does not make this easy, since it copies changes around instead of linking to the original patch. Some searching turns up the following though: tags / releases / twisted-8.2.0 was created 2008-12-28 tags / releases / twisted-9.0.0 was created 2009-11-25 Jean-Paul merged the fix for ticket #3458 to trunk in revision r26133, which was committed 2009-01-28. So I would expect 9.0.0 to be the first release with the fix. Bye, Maarten
Hi Starting twistd xmpp-router and trying to connect to it with a component from the wokkel examples """ An XMPP Ping server as an external server-side component. This ping server assumes the domain C{'ping'}. """ import sys from twisted.python import log from twisted.application import app, service, internet from twisted.internet import reactor from wokkel import component from wokkel.ping import PingHandler # Configuration parameters EXT_HOST = 'localhost' EXT_PORT = 5347 SECRET = 'secret' DOMAIN = 'ping' LOG_TRAFFIC = True # Set up the Twisted application application = service.Application("Ping Component") router = component.Router() pingComponent = component.Component(EXT_HOST, EXT_PORT, DOMAIN, SECRET) pingComponent.logTraffic = LOG_TRAFFIC pingComponent.setServiceParent(application) pingHandler = PingHandler() pingHandler.setHandlerParent(pingComponent) produces the following traceback: 2010-03-03 19:24:28+0100 [XmlStream,0,127.0.0.1] Unhandled Error Traceback (most recent call last): File "\proj\Python-2.5.2\stackless-2.5.2-r63812\Modules\pyexpat.c", line 656, in EndElement ("(N)", string_intern(self, name))) File "C:\proj\twisted\twisted\words\xish\domish.py", line 797, in _onEndElement self.ElementEvent(self.currElem) File "C:\proj\twisted\twisted\words\xish\xmlstream.py", line 107, in onElement self.dispatch(element) File "C:\proj\twisted\twisted\words\xish\utility.py", line 317, in dispatch callbacklist.callback(obj) --- <exception caught here> --- File "C:\proj\twisted\twisted\words\xish\utility.py", line 107, in callback methodwrapper(*args, **kwargs) File "C:\proj\twisted\twisted\words\xish\utility.py", line 27, in __call__ self.method(*nargs, **nkwargs) File "C:\proj\twisted\twisted\words\protocols\jabber\component.py", line 171, in onElement self.onHandshake(unicode(element)) File "C:\proj\twisted\twisted\words\protocols\jabber\component.py", line 187, in onHandshake unicode(self.secret)) File "C:\proj\twisted\twisted\words\protocols\jabber\xmlstream.py", line 52, in hashPassword raise TypeError("The session identifier must be a unicode object") exceptions.TypeError: The session identifier must be a unicode object After some fiddling around it seems that the code at line 282 in twisted\words\protocols\jabber\xmlstream.py presets the sid of the stream to a str instead of a unicode(str). After changing line 282 from self.xmlstream.sid = randbytes.secureRandom(8).encode('hex') to self.xmlstream.sid = unicode(randbytes.secureRandom(8).encode('hex')) everything works as advertised. Is there somebody around who could tell me what to do with this fix, I'm certainly a beginner diddling with XMPP. Thanks a bunch, Werner
On Wed, Mar 3, 2010 at 1:56 PM, Werner Thie <wthie@thiengineering.ch> wrote:
Hello Werner, I do not know anything about twisted.words, but you should file a bug report in trac: http://twistedmatrix.com/trac/report Just out of curiosity, I did look at xmlstream and the whole unicode type checking seems unnecessary considering how the values are used: input = u"%s%s" % (sid, password) Why sid and password have to be unicode objects and not just basestring beats me. -Drew
On Wed, 2010-03-03 at 14:32 -0500, Drew Smathers wrote:
Yes, this is a problem I noticed the other day as well. A ticket, assigned to me, is in order.
For the gory details, see http://twistedmatrix.com/trac/ticket/3847. The short version is that digest authentication requires UTF-8 encoded input and GTK sets Python's default encoding to UTF-8. Before these checks, using non-ASCII characters in passwords would fail in some cases. As both the session id and password can use the full range of unicode, it makes sense to require that explicitly. ralphm
On Wed, 2010-03-03 at 22:25 +0100, Ralph Meijer wrote:
I created http://twistedmatrix.com/trac/ticket/4345 for this. ralphm
participants (7)
-
Drew Smathers -
Glyph Lefkowitz -
Maarten ter Huurne -
Mark Wright -
markscottwright@gmail.com
-
Ralph Meijer -
Werner Thie