[pylons-discuss] Authentication problem - auth_tkt cookie not return

[Pierre Thibault]

Hello,

I'm having a hard time testing my Pyramid project authentication and 
authorization with Webtest. The problem is, I believe, is that my cookie 
auth_tkt is never sent to the server and this makes the authentication 
impossible.

Here are my query and response when I am manually testing with Firefox:

GET /login?user=Pierre HTTP/1.1 
Host: localhost:6543 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/
37.0 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Accept-Language: fr-CA,fr;q=0.8,fr-FR;q=0.6,en-US;q=0.4,en;q=0.2 
Accept-Encoding: gzip, deflate 
Cookie: csrftoken=rD5qbfw2SXHc6XeeZDdaZWD292EuMMKX 
Connection: keep-alive 
Cache-Control: max-age=0 
 
HTTP/1.1 200 OK 
Content-Length: 0 
Content-Type: text/html; charset=UTF-8 
Date: Sat, 25 Apr 2015 21:11:49 GMT 
Server: waitress 
Set-Cookie: 
'auth_tkt'="08f6c31471ffbc1f7d7064ebc71e9c4a553c0315UGllcnJl!userid_type:b64unicode";
 
Max-Age=2592000; Path=/; expires=2592000; secure; HttpOnly 
Set-Cookie: 
'auth_tkt'="08f6c31471ffbc1f7d7064ebc71e9c4a553c0315UGllcnJl!userid_type:b64unicode";
 
Domain=localhost; Max-Age=2592000; Path=/; expires=2592000; secure; 
HttpOnly 
Set-Cookie: 
'auth_tkt'="08f6c31471ffbc1f7d7064ebc71e9c4a553c0315UGllcnJl!userid_type:b64unicode";
 
Domain=.localhost; Max-Age=2592000; Path=/; expires=2592000; secure; 
HttpOnly 



You can see there is a Set-Cookie in the response.

But if I query again, the cookie auth_tkt is not send to the server.

GET /login?user=Pierre HTTP/1.1 
Host: localhost:6543 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/
37.0 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Accept-Language: fr-CA,fr;q=0.8,fr-FR;q=0.6,en-US;q=0.4,en;q=0.2 
Accept-Encoding: gzip, deflate 
Cookie: csrftoken=rD5qbfw2SXHc6XeeZDdaZWD292EuMMKX 
Connection: keep-alive 

In my config file I have:

auth.secret = 'some secret'
auth.token = 'auth_tkt' auth.secure = False
 # Session valid 30 days:
auth.timeout = 2592000 auth.reissue_time = None
# Session will expire after timeout
auth.max_age = 2592000

And in the code I have:

config.set_authentication_policy(
     AuthTktAuthenticationPolicy(secret=settings["auth.secret"],
                                 callback=_get_groups,
                                 cookie_name=settings["auth.token"],
                                 secure=settings["auth.secure"],
                                 include_ip=False,
                                 timeout=settings["auth.timeout"],
                                 reissue_time=settings["auth.reissue_time"],
                                 max_age=settings["auth.max_age"],
                                 path="/", http_only=True,
                                 wild_domain=True,
                                 debug=False))

I am using Pyramid 1.5.4 with Python 2.7.3 on Debian 7 AMD64.

What do you think I might be doing wrong?

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/d/optout.