From 4fe6e0545a2d6d449ac3c654df0dee12d0c5bd87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gina=20H=C3=A4u=C3=9Fge?= Date: Thu, 28 Sep 2017 16:23:27 +0200 Subject: [PATCH] Also include script name in cookie name Otherwise we might run into trouble if we have an OctoPrint instance running on / and /octoprint2 for example - the browser will send cookies for both instances to the /octoprint2 instance and whatever gets processed last will overwrite the value before in Tornado's cookie processing. This of course will nuke the login session in case of the / cookie being sent or processed last. Appending the path/script root to the cookie name solves this, similar to how we circumvented an identical problem caused by browsers not distinguishing between ports for cookies. Solves an issue reported by @mgrl in #2095 --- src/octoprint/server/util/flask.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/octoprint/server/util/flask.py b/src/octoprint/server/util/flask.py index 682b9053..87bf9944 100644 --- a/src/octoprint/server/util/flask.py +++ b/src/octoprint/server/util/flask.py @@ -455,9 +455,12 @@ class OctoPrintFlaskRequest(flask.Request): We need this because cookies are not port-specific and we don't want to overwrite our session and other cookies from one OctoPrint instance on our machine with those of another - one who happens to listen on the same address albeit a different port. + one who happens to listen on the same address albeit a different port or script root. """ - return "_P" + self.server_port + result = "_P" + self.server_port + if self.script_root: + return result + "_R" + self.script_root.replace("/", "|") + return result class OctoPrintFlaskResponse(flask.Response):