Also include script name in cookie name

Otherwise we might run into trouble if we have an OctoPrint instance running on / and /octoprint2 for example - the browser will send cookies for both instances to the /octoprint2 instance and whatever gets processed last will overwrite the value before in Tornado's cookie processing. This of course will nuke the login session in case of the / cookie being sent or processed last. Appending the path/script root to the cookie name solves this, similar to how we circumvented an identical problem caused by browsers not distinguishing between ports for cookies. Solves an issue reported by @mgrl in #2095
2017-09-28 16:23:27 +02:00 · 2017-09-28 16:23:27 +02:00 · 4fe6e0545a
commit 4fe6e0545a
parent c84e199e87
1 changed files with 5 additions and 2 deletions
--- a/src/octoprint/server/util/flask.py
+++ b/src/octoprint/server/util/flask.py
@ -455,9 +455,12 @@ class OctoPrintFlaskRequest(flask.Request):

 		We need this because cookies are not port-specific and we don't want to overwrite our
 		session and other cookies from one OctoPrint instance on our machine with those of another
-		one who happens to listen on the same address albeit a different port.
+		one who happens to listen on the same address albeit a different port or script root.
 		"""
-		return "_P" + self.server_port
+		result = "_P" + self.server_port
+		if self.script_root:
+			return result + "_R" + self.script_root.replace("/", "|")
+		return result


 class OctoPrintFlaskResponse(flask.Response):