[Box Backup-dev] Trac 0.10?

James O'Gorman boxbackup-dev at fluffy.co.uk
Fri Oct 13 00:09:39 BST 2006


Chris Wilson wrote:
> Hi James,
> 
> On Thu, 12 Oct 2006, James O'Gorman wrote:
> 
>>> Another thing is the login appears to be done by IP address not
>>> cookie (or maybe both?). The IP address is awkward because it means
>>> you get logged out every other page with load balanced proxies.
>>
>> Ugh. I think I had noticed that but hadn't paid much attention to it.
>> I'll try and have a look into that. (I think it's basically just
>> htpasswd - does htpasswd normally do this?)
> 
> htpasswd does not. The browser will send the username and password to
> the server with every request after you've logged in.
> 
> Trac does set a "trac_auth" cookie in the browser, so I think the
> authentication is not as simple as htpasswd (i.e. trac has some "clever"
> ideas about what to do with users authenticated by the server).

Ah, found the offending code. It does indeed use your IP address:

   cursor.execute("INSERT INTO auth_cookie (cookie,name,ipnr,time) "
                  "VALUES (%s, %s, %s, %s)", (cookie, remote_user,
                  req.remote_addr, int(time.time())))

(in web/auth.py)

I'll have a dig around to see if it's changable. One of the problems
with changing the actual Trac code is that it seems to be compiled, and
not being a Python person, I haven't the foggiest how you "compile" Python.

James



More information about the Boxbackup-dev mailing list