[Python-bugs-list] [ python-Bugs-468948 ] urllib2, basic authentication, & 302
noreply@sourceforge.net
noreply@sourceforge.net
Tue, 09 Oct 2001 10:21:49 -0700
Bugs item #468948, was opened at 2001-10-07 21:19
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=468948&group_id=5470
Category: Python Library
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Jeffrey C. Ollie (jcollie)
Assigned to: Nobody/Anonymous (nobody)
Summary: urllib2, basic authentication, & 302
Initial Comment:
I've found a bug in how urllib2 handles
authentication. The crux of the problem is that the
AbstractBasicAuthHandler.__current_realm is basically
a global variable. I discovered the bug because I
needed to use HTTP basic authentication and the HTTP
If-Modified-Since header. Since the HTTP server
returns a 302 error if the requested URL has not
changed the line of code that resets
AbstractBasicAuthHandler.__current_realm back to None
never gets executed because an exception will be
raised when the retrieval is retried. I suspect that
this bug would also cause problems in multi-threaded
code. The digest authentication appears to have
similar problems.
The solution that I found is to get rid of the
__current_realm attribute and prevent infinite retries
by checking for the presence of an Authenticate: header
in the request object that exactly matches the
Authenticate: header that would be added.
The bug exists in 2.1.1, 2.2a4 and the current CVS.
Patch attached.
----------------------------------------------------------------------
>Comment By: Jeffrey C. Ollie (jcollie)
Date: 2001-10-09 10:21
Message:
Logged In: YES
user_id=37310
Oops, that patch that I attached is reversed, use -R!
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=468948&group_id=5470