[Mailman-Users] mm2.1 cookie problem?

Barry A. Warsaw barry at python.org
Tue Jan 7 01:42:25 CET 2003

>>>>> "BF" == Bryan Fullerton <bryanf at samurai.com> writes:

    BF> Yup, I have no doubt that it's because I'm mixing 2.0 and
    BF> 2.1. And yup, I've been upgrading individual lists as per the
    BF> UPGRADING instructions. Here's the rewrite rule I used for the
    BF> 2.1 list:

    |          RewriteRule ^/mailman/(.*)/(trawler-world-list-help.*) \
    |                  /home/mailman-2.1/cgi-bin/$1/$2 \
    |                  [T=application/x-httpd-cgi]

Very interesting.  I wonder if this could be some Apache bug or other?
We're running 1.3.27 on python.org so I don't have direct experience
with this bug on Apache 2.0

    BF> It's only been a problem so far with this one set of lists,
    BF> where the list names are all very similar (and also rather
    BF> long). And the 2.0 lists are fine, it's only been affecting
    BF> the one I moved to 2.1. (I did move about a dozen other lists,
    BF> which are all working perfectly, but they have no sibling
    BF> lists with similar names still in 2.0)

That's an interesting clue!

    BF> Did something change with the cookie handling between 2.0 and
    BF> 2.1? (besides "yes, everything" :).

Other than everything, no nothing. :)
    BF> I note that the list/login delimiter in the cookie name is now
    BF> + instead of : - is that somehow throwing off the new parser? 
    BF> I briefly looked at SecurityManager.py and Cgi/admin.py, but I
    BF> haven't yet been able to figure out if the cookie parsing
    BF> stuff is entirely Mailman code, or if it's using cookie stuff
    BF> from Python too (though my Python version is the same for both
    BF> - hrm).

The colons did cause problems with Python's Cookie.py, as that module
stood back in Oct 2001.  I think the change was made when we zapped
Mailman's own copy of Cookie.py for the one in Python's standard
library.  Sure, there could be a bug there, although I haven't seen
any other reports of problems.

Mailman crafts the key used to look up the cookie data (essentially a
dictionary), by using the list's internal name, `+', and an
"authcontext", which for the admin screens is `admin'.

    BF> I suspect that my list-owner using IE on WinME didn't really
    BF> need to reboot

    BF>  - I'll get him to try deleting the cookie
    BF> manually for his 2.0 list and see if that helps.

Okay.  Also, what version of Python are you using?  I've seen the
problem with Python 2.1.3, but I don't recall seeing it since I've
upgraded python.org's Mailman 2.1 to run on Python 2.2.2.


More information about the Mailman-Users mailing list