Re: [Django] #10560: with SESSION_COOKIE_DOMAIN = '.localhost' cookie problem (development server)

2011-04-10 Thread Django 
#10560: with SESSION_COOKIE_DOMAIN = '.localhost' cookie problem (development
server)
-+-
   Reporter: |Owner:  nobody
  sergey.kish@…  |   Status:  closed
   Type: |Component:  HTTP handling
  Uncategorized  | Severity:  Normal
  Milestone: | Keywords:  cookie, localhost,
Version:  1.0|  settings
 Resolution:  invalid|Has patch:  0
   Triage Stage: |  Needs tests:  0
  Unreviewed |
Needs documentation:  0  |
Patch needs improvement:  0  |
-+-
Changes (by estebistec):

 * type:   => Uncategorized
 * severity:   => Normal


Comment:

 As promised, patch provided on new ticket #15797.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #10560: with SESSION_COOKIE_DOMAIN = '.localhost' cookie problem (development server)

2011-03-28 Thread Django 
#10560: with SESSION_COOKIE_DOMAIN = '.localhost' cookie problem (development
server)
-+-
   Reporter: |Owner:  nobody
  sergey.kish@…  |Milestone:
 Status:  closed |  Version:  1.0
  Component:  HTTP   | Keywords:  cookie, localhost,
  handling   |  settings
 Resolution:  invalid|Has patch:  0
   Triage Stage: |  Needs tests:  0
  Unreviewed |
Needs documentation:  0  |
Patch needs improvement:  0  |
-+-

Comment (by anonymous):

 BTW, sorry if that was worded strongly. That was meant along the lines of
 "how things should functionaly be", not "what you should do for me." It's
 on my TODO list to supply a patch for this (both an addition to the doc
 and to raise an InvalidConfig exception when .localhost is given as a
 session- or csrf-cookie.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #10560: with SESSION_COOKIE_DOMAIN = '.localhost' cookie problem (development server)

2011-03-25 Thread Django 
#10560: with SESSION_COOKIE_DOMAIN = '.localhost' cookie problem (development
server)
-+-
   Reporter: |Owner:  nobody
  sergey.kish@…  |Milestone:
 Status:  closed |  Version:  1.0
  Component:  HTTP   | Keywords:  cookie, localhost,
  handling   |  settings
 Resolution:  invalid|Has patch:  0
   Triage Stage: |  Needs tests:  0
  Unreviewed |
Needs documentation:  0  |
Patch needs improvement:  0  |
-+-

Comment (by cummingscs@…):

 So this isn't a bug in Django, but I would say that not only should you
 add that note in documentation but the dev server should either warn or
 error (invalid config) when .localhost is specified as either the session-
 cookie or csrf-cookie domain. Yes this is "the way the internet works",
 but it's easy to not realize this and waste some time thinking that it
 might/should work.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #10560: with SESSION_COOKIE_DOMAIN = '.localhost' cookie problem (development server)

2009-03-20 Thread Django 
#10560: with SESSION_COOKIE_DOMAIN = '.localhost' cookie problem (development
server)
+---
  Reporter:  sergey.k...@gmail.com  | Owner:  nobody
 
Status:  closed | Milestone:
 
 Component:  HTTP handling  |   Version:  1.0   
 
Resolution:  invalid|  Keywords:  cookie, 
localhost, settings
 Stage:  Unreviewed | Has_patch:  0 
 
Needs_docs:  0  |   Needs_tests:  0 
 
Needs_better_patch:  0  |  
+---
Changes (by mtredinnick):

  * status:  new => closed
  * needs_better_patch:  => 0
  * resolution:  => invalid
  * needs_tests:  => 0
  * needs_docs:  => 0

Comment:

 This isn't a bug in Django. It's a security feature for cookies that every
 browser implements. There are restrictions on what you can set for a
 domain so that you can't, for example, set a cookie for all of ".com".
 Things like the domain must contain two components in most situations (or
 more sometimes to avoid setting a cookie for all of ".com.au").

 See [http://my.opera.com/yngve/blog/show.dml/267415 here] or
 [https://wiki.mozilla.org/Gecko:Effective_TLD_Service here] for some
 discussion around this. There aren't any hard and fast standards for
 cookies (even the RFCs aren't implemented fully), but the browser
 manufacturers are all converging on the same standards.

 We could maybe add a note to the documentation about this for people doing
 testing, although it's really out of scope for Django (since it's not at
 all Django-specific; that's just the way the internet works).

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~--~~~~--~~--~--~---

[Django] #10560: with SESSION_COOKIE_DOMAIN = '.localhost' cookie problem (development server)

2009-03-20 Thread Django 
#10560: with SESSION_COOKIE_DOMAIN = '.localhost' cookie problem (development
server)
-+--
 Reporter:  sergey.k...@gmail.com|   Owner:  nobody
   Status:  new  |   Milestone:
Component:  HTTP handling| Version:  1.0   
 Keywords:  cookie, localhost, settings  |   Stage:  Unreviewed
Has_patch:  0|  
-+--
 I used SESSION_COOKIE_DOMAIN = '.localhost' to share cookie between
 subdomains and get error "Looks like your browser isn't configured to
 accept cookies..."

 {{{
 #!sh
 ~$ cat /etc/hosts
 127.0.0.1   localhost
 127.0.0.1   london.localhost
 127.0.0.1   beatsimple.com
 127.0.0.1   london.beatsimple.com
 }}}

 But with SESSION_COOKIE_DOMAIN = '.beatsimple.com' all works good

 Ubuntu/8.10 (intrepid) Firefox/3.0.7 Django version 1.0.2 final

 Development server is running at http://127.0.0.1:8000/

 Test project is an empty generated Django project. I only configured db
 (sqlite3), enabled admin and set SESSION_COOKIE_DOMAIN variable. Server
 doesn't set cookie, as I understand it is HTTP problem.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~--~~~~--~~--~--~---