[Zope] Help with session data and redirects

Chris McDonough chrism@zope.com
15 Apr 2003 13:24:52 -0400


FWIW, a workaround for this issue that I just thought of is to put the a
session key in the redirect URL of createSessionAndRedirect:

session = context.REQUEST.SESSION
sessionObjName = 'redirectTest'
session.set(sessionObjName, sessionText)
url = context['view_session_obj.pt'].absolute_url()
dummy = context.ZopeTime().timeTime()
browserid = session.getContainerKey()
return context.REQUEST.RESPONSE.redirect(
    '%s?dummy=%s&_ZopeId=%s' % (url, dummy, browser_id)
    )

The cookie still won't be set under your configuration, but the session
machinery exercised by the target of the redirect should always find the
browser id in the form namespace instead.

- C

On Tue, 2003-04-15 at 13:06, Chris McDonough wrote:
> That makes me suspect that something about PCGI or IIS is not passing
> along the session's set-cookie header to the browser in the initial
> redirect response.  You may want to use something like (under UNIX or
> Cygwin):
> 
> wget -S
> http://your.servers.pcgi.hostname/createSessionAndRedirect?sessionText=foo
> 
> This will print the headers of the response (you may want to do this in
> a temp directory, it also saves the files).  If you don't see a
> set-cookie header, something is stripping it out.
> 
> It works the "second time around" because the set-cookie header is sent
> in the response that contains the rendered view_session_obj.pt script
> (as a result of accessing REQUEST.SESSION in that script).  Thereafter,
> the browser sends a cookie header along with every request.
> 
> So if you can verify this, the bug becomes "set-cookie headers are not
> passed along to browsers when PCGI and/or IIS is used and the response
> also contains a redirect header".  Not that I know how to solve this,
> but at least we could have a hypothesis. ;-)
> 
> - C
> 
> On Tue, 2003-04-15 at 12:36, Brad Powell wrote:
> > Zope 2.6.1 running under IIS on a Windows 2000 Server, with PCGI.
> > Client browser is IE v5.50.4522.1800 running on Windows 2000 Professional. 
> >  Also tried with Mozilla 1.0 under Debian.
> > 
> > Gathering this info for you made me think about the PCGI interface, and I 
> > discovered something interesting.  The redirect works great when I'm going 
> > direct to Zope port 8080 (not using PCGI).  It manifests the initial 
> > request problem when using the PCGI interface.  In fact, that's why 
> > Konqueror worked.  I was going direct to port 8080 when I was trying 
> > Konqueror.
> > 
> > Brad
> > 
> > 
> > 
> > 
> > 
> > Chris McDonough <chrism@zope.com>
> > 04/15/2003 11:12 AM
> > 
> >         To:     Brad Powell/PPCO@Phillips
> >         cc:     zope@zope.org
> >         Subject:        Re: [Zope] Help with session data and redirects
> > 
> > 
> > I'm afraid I can't reproduce this behavior.  Which
> > browser(s)/platform(s) does it occur under?
> > 
> > On Tue, 2003-04-15 at 12:06, Brad Powell wrote:
> > > Thanks, Chris, for the quick reply.  I tried both of your suggestions: 
> > the 
> > > random query string and the setHeader statements in the ZPT.  They both 
> > > improved the situation in that requests after the initial one are now 
> > > returned properly.  However, the very first request still returns the 
> > "Problem: no session object (redirectTest)" message.  By the way, instead 
> > of a response.redirect, if I return the page 
> > > template directly in the script with a statement like "return 
> > > container['view_session_obj.pt']()", it works perfectly.  Unfortunately, 
> > I 
> > > need the redirect because of the way my actual page template works.
> > > 
> > > Brad
> > > 
> > > 
> > > 
> > > 
> > > 
> > > Chris McDonough <chrism@zope.com>
> > > 04/15/2003 10:18 AM
> > > 
> > >         To:     Brad Powell/PPCO@Phillips
> > >         cc:     zope@zope.org
> > >         Subject:        Re: [Zope] Help with session data and redirects
> > > 
> > > 
> > > Under Mozilla 1.3 on Linux, when running your test (e.g. when visiting
> > > /createSessionAndRedirect?sessionText=456), I immediately get:
> > > 
> > > ## Page Template "view_session_obj.pt" ##
> > > 
> > > 456
> > > 
> > > Like you, I suspect this may be a browser issue. 
> > > 
> > > To verify, cause the createSessionAndRedirect to generate a "random"
> > > query string like this:
> > > 
> > > session = context.REQUEST.SESSION
> > > sessionObjName = 'redirectTest'
> > > session.set(sessionObjName, sessionText)
> > > return
> > > 
> > context.REQUEST.RESPONSE.redirect(context["view_session_obj.pt"].absolute_url() 
> > 
> > > + '?abc=%s' % context.ZopeTime().timeTime())
> > > 
> > > This should prevent browsers from returning a cached page.  A more
> > > permanent solution would be to set a Pragma: No-Cache or Cache-Control:
> > > No-Cache HTTP header within "view_session_obj.pt".
> > > 
> > > - C
> > > 
> > > 
> > > On Tue, 2003-04-15 at 10:58, Brad Powell wrote:
> > > > I have a problem where session data does not appear to be updated when 
> > 
> > > the 
> > > > setting of the session data is followed by a response.redirect in a 
> > > Python 
> > > > script.  A browser refresh is required to get the correct data 
> > > displayed. 
> > > > This happens on both Zope v2.5.1 and v2.6.1.  It also happens with IE 
> > > and 
> > > > Mozilla browsers; but, interestingly, it does not occur with the 
> > > Konqueror 
> > > > browser.  This led me to believe it was a browser issue, but no matter 
> > 
> > > > what options I try in IE, I cannot get it to work.  I thought it might 
> > 
> > > be 
> > > > an issue with the browser cache settings, but, again, no matter what I 
> > 
> > > try 
> > > > I get the same result.
> > > > 
> > > > I've included a test script and page template that demonstrates this 
> > > > problem. When I go to url "sessionCreateAndRedirect?sessionText=123", 
> > I 
> > > > get the message, "Problem: no session object (redirectTest)."  If I 
> > then 
> > > 
> > > > refresh the browser, I get "123" displayed, which is the correct 
> > > response. 
> > > >  Subsequent calls to the url with different values for sessionText 
> > > returns 
> > > > the previous session value, until I do a browser refresh.
> > > > 
> > > > Any assistance, guidance, wisdom, etc. on this matter would be greatly 
> > 
> > > > appreciated.
> > > > 
> > > > 
> > > > ## Script (Python) "sessionCreateAndRedirect"
> > > > ##parameters=sessionText
> > > > ##
> > > > session = context.REQUEST.SESSION
> > > > sessionObjName = 'redirectTest'
> > > > session.set(sessionObjName, sessionText)
> > > > return 
> > > > 
> > > 
> > context.REQUEST.RESPONSE.redirect(context["view_session_obj.pt"].absolute_url())
> > > > 
> > > > ## Page Template "view_session_obj.pt"
> > > > ##
> > > > <html>
> > > >   <head>
> > > >     <title tal:content="template/title">The title</title>
> > > >   </head>
> > > >   <body>
> > > >     <tal:block define="global sesObj request/SESSION/redirectTest | 
> > > > nothing"></tal:block>
> > > >     <p tal:condition="not:sesObj">Problem: no session object 
> > > > (redirectTest).</p>
> > > >     <p tal:condition="sesObj" tal:content="sesObj">session obj 
> > > > contents</p>
> > > >   </body>
> > > > </html>
> > > > 
> > > > 
> > > > Brad
> > > 
> > > 
> > > 
> > > 
> > 
> > 
> > 
> > 
> 
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )