Skip Menu |

This queue is for tickets about the LWP-Authen-Negotiate CPAN distribution.

Report information
The Basics
Id: 120723
Status: open
Priority: 0/
Queue: LWP-Authen-Negotiate
People
Owner: Nobody in particular
Requestors: A.Guertin [...] F5.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Thu Mar 23 14:33:15 2017 A.Guertin [...] F5.com - Ticket created
Subject: Wrong/multiple cookies sent with retry GET request
Date: Thu, 23 Mar 2017 18:31:45 +0000
To: "bug-LWP-Authen-Negotiate [...] rt.cpan.org" <bug-LWP-Authen-Negotiate [...] rt.cpan.org>
From: Alec Guertin <A.Guertin [...] F5.com>
I have a case where in the 401 from the backend that prompts the client for credentials, it updates the value of a cookie. However, the following code in the authenticate() subroutine causes an issue: if ( $status->major == GSS_S_COMPLETE or $status->major == GSS_S_CONTINUE_NEEDED ) { LWP::Debug::debug( 'successfull $ctx->init()'); my $referral = $request->clone; $referral->header( $auth_header => "Negotiate ".encode_base64($otoken,"")); return $ua->request( $referral, $arg, $size, $response ); } This code creates the new GET request by cloning the original. This means that the old “Cookie” header with the old value of the cookie is placed in the new request. LWP::UserAgent then also adds the new value of the cookie from its cookie jar and two copies of the cookie with different values are sent. Only the new value should be sent. I think this may need to be special-cased to remove the “Cookie” header from $referral and just let LWP::UserAgent add the cookies from the cookie jar.
  Fri Mar 01 11:13:14 2019 ppisar [...] redhat.com - Correspondence added
Dne Čt 23.bře.2017 14:33:15, A.Guertin@F5.com napsal(a): Show quoted text
> I have a case where in the 401 from the backend that prompts the > client for credentials, it updates the value of a cookie. However, the > following code in the authenticate() subroutine causes an issue: > > if ( $status->major == GSS_S_COMPLETE > or $status->major == GSS_S_CONTINUE_NEEDED ) { > LWP::Debug::debug( 'successfull $ctx->init()'); > my $referral = $request->clone; > $referral->header( $auth_header => "Negotiate > ".encode_base64($otoken,"")); > return $ua->request( $referral, $arg, $size, $response ); > } > > This code creates the new GET request by cloning the original. This > means that the old “Cookie” header with the old value of the cookie is > placed in the new request. LWP::UserAgent then also adds the new value > of the cookie from its cookie jar and two copies of the cookie with > different values are sent. Only the new value should be sent. I think > this may need to be special-cased to remove the “Cookie” header from > $referral and just let LWP::UserAgent add the cookies from the cookie > jar.
Maybe the issue is how LWP::UserAgent updates cookie jar <https://github.com/libwww-perl/libwww-perl/issues/5>.
  Fri Mar 01 11:13:15 2019 The RT System itself - Status changed from 'new' to 'open'