Hello, I'm having a hard time testing my Pyramid project authentication and authorization with Webtest. The problem is, I believe, is that my cookie auth_tkt is never sent to the server and this makes the authentication impossible.
Here are my query and response when I am manually testing with Firefox: GET /login?user=Pierre HTTP/1.1 Host: localhost:6543 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/ 37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr-CA,fr;q=0.8,fr-FR;q=0.6,en-US;q=0.4,en;q=0.2 Accept-Encoding: gzip, deflate Cookie: csrftoken=rD5qbfw2SXHc6XeeZDdaZWD292EuMMKX Connection: keep-alive Cache-Control: max-age=0 HTTP/1.1 200 OK Content-Length: 0 Content-Type: text/html; charset=UTF-8 Date: Sat, 25 Apr 2015 21:11:49 GMT Server: waitress Set-Cookie: 'auth_tkt'="08f6c31471ffbc1f7d7064ebc71e9c4a553c0315UGllcnJl!userid_type:b64unicode"; Max-Age=2592000; Path=/; expires=2592000; secure; HttpOnly Set-Cookie: 'auth_tkt'="08f6c31471ffbc1f7d7064ebc71e9c4a553c0315UGllcnJl!userid_type:b64unicode"; Domain=localhost; Max-Age=2592000; Path=/; expires=2592000; secure; HttpOnly Set-Cookie: 'auth_tkt'="08f6c31471ffbc1f7d7064ebc71e9c4a553c0315UGllcnJl!userid_type:b64unicode"; Domain=.localhost; Max-Age=2592000; Path=/; expires=2592000; secure; HttpOnly You can see there is a Set-Cookie in the response. But if I query again, the cookie auth_tkt is not send to the server. GET /login?user=Pierre HTTP/1.1 Host: localhost:6543 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/ 37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr-CA,fr;q=0.8,fr-FR;q=0.6,en-US;q=0.4,en;q=0.2 Accept-Encoding: gzip, deflate Cookie: csrftoken=rD5qbfw2SXHc6XeeZDdaZWD292EuMMKX Connection: keep-alive In my config file I have: auth.secret = 'some secret' auth.token = 'auth_tkt' auth.secure = False # Session valid 30 days: auth.timeout = 2592000 auth.reissue_time = None # Session will expire after timeout auth.max_age = 2592000 And in the code I have: config.set_authentication_policy( AuthTktAuthenticationPolicy(secret=settings["auth.secret"], callback=_get_groups, cookie_name=settings["auth.token"], secure=settings["auth.secure"], include_ip=False, timeout=settings["auth.timeout"], reissue_time=settings["auth.reissue_time"], max_age=settings["auth.max_age"], path="/", http_only=True, wild_domain=True, debug=False)) I am using Pyramid 1.5.4 with Python 2.7.3 on Debian 7 AMD64. What do you think I might be doing wrong? -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.