[Box Backup-dev] Trac 0.10?
James O'Gorman
boxbackup-dev at fluffy.co.uk
Fri Oct 13 00:09:39 BST 2006
Chris Wilson wrote:
> Hi James,
>
> On Thu, 12 Oct 2006, James O'Gorman wrote:
>
>>> Another thing is the login appears to be done by IP address not
>>> cookie (or maybe both?). The IP address is awkward because it means
>>> you get logged out every other page with load balanced proxies.
>>
>> Ugh. I think I had noticed that but hadn't paid much attention to it.
>> I'll try and have a look into that. (I think it's basically just
>> htpasswd - does htpasswd normally do this?)
>
> htpasswd does not. The browser will send the username and password to
> the server with every request after you've logged in.
>
> Trac does set a "trac_auth" cookie in the browser, so I think the
> authentication is not as simple as htpasswd (i.e. trac has some "clever"
> ideas about what to do with users authenticated by the server).
Ah, found the offending code. It does indeed use your IP address:
cursor.execute("INSERT INTO auth_cookie (cookie,name,ipnr,time) "
"VALUES (%s, %s, %s, %s)", (cookie, remote_user,
req.remote_addr, int(time.time())))
(in web/auth.py)
I'll have a dig around to see if it's changable. One of the problems
with changing the actual Trac code is that it seems to be compiled, and
not being a Python person, I haven't the foggiest how you "compile" Python.
James
More information about the Boxbackup-dev
mailing list