Safari and multiple trac projects with different authentication

[valankar@…]

I am only able to reproduce this problem with Safari. It seems to work fine with Firefox. I am using Trac 0.9, Safari 1.3.1.

I have 2 Trac projects setup, one called splash and another called splash_old. In the Trac permissions I require authenticated users for all permissions. I have setup htpasswd files to auth the 'login' method. In the htpasswd for splash, I have a user testuser. In the htpasswd for splash_old, I have a user valankar. I have removed all cookies from my browser.

When I go to the splash project, I login as testuser and can work with the project fine. I then go to the splash_old project and do not have permissions. I then click on login. I enter valankar with my password. It then just goes to the same page not logged in (i.e. with the login link still visible). It essentially seems to ignore what I entered. If I click login again, it no longer prompts me, and just reloads the same page, again not logged in.

If I do the exact same sequence with Firefox, it works fine. I can switch between projects and for splash it shows I'm logged in as testuser, and for splash_old, it shows I'm logged in as valankar.

So it seems something related to Safari. I looked at the HTTP requests the browser is making, and I notice at the login click on the 2nd project in Safary, it sends this:

Cookie: trac_auth=36b8db01607d7ab36506ad97d38196b3; trac_auth=eb167bd6b57b7a5dae9a3dee48ef13b2

Note there are 2 trac_auth cookies. The same request in Firefox only has one trac_auth cookie sent in the request. I am guessing this is the culprit.

Is this a bug in Safari? Is there any way around it?

Thanks,

Viraj.

[valankar@…]

A quick fix for this (for modpython at least) is doing something like this before loading the cookies:

# Remove second instance of trac_auth cookies = re.sub(r'(.*trac_auth.*); trac_auth=\w+', r'\1',

self.req.headers_inCookie?)

self.incookie.load(cookies)

This makes only the first trac_auth cookie to be used, which is the proper one based on the spec described here:

http://wp.netscape.com/newsref/std/cookie_spec.html

[valankar@…]

Here is a link to a Python bug report related to this and the Cookie module.

[cboos]

Hm, if this is not happening anymore with more recent versions of Safari, maybe we could close this one...

[cboos]

Assuming this is not an issue anymore... please reopen if the issue is still valid.

[michael.maier@…]

I have had exactly the same problem using Safari 2.0.4 (419.3) and Trac 0.10.5dev, using multiple trac projects in a virtual host. Also, submitting any settings from the settings page resulted in a bad request error "Missing or invalid form token. Do you have cookies enabled?".

But I found a solution giving a hint for a possible reason for this error: The trac environment folder contained one space character; after renaming the directory the error no longer occurs, login works just fine, submitting settings and so on.

[sid]

So you resolved it by getting rid of spaces in your trac environment folder. Thanks for the feedback, Michael.

Sounds like worksforme then.

[epeterson@…]

I'm having this exact same problem still with Trac 10.3 and Safari. No space in my environment folder.

[cboos]

Make sure you're using a recent version of Safari (3.1), as it looks like it's a Safari bug.

[cboos]

Please reopen if the problem still exist with recent Safari version (or other browsers).