[Zope-dev] IIS / login bug

seb bacon seb@jamkit.com
Thu, 11 Jul 2002 10:05:08 +0100


There is a bug in IIS[1] which causes cookies to be dropped during a 
redirect.  The result in the CMF is that a login fails when it is 
combined with a redirect, as happens following an attempted access of a 
forbidden resource when using the CookieCrumbler.

Now, I'm not too familiar with the pcgi mechanism, or IIS, and not 
having my own  Windows development machine makes debugging a bit 
problematic.  So I'd appreciate advice from IIS / pcgi savants (there 
must be some, somewhere ;-)

M$ says the workaround is to rename the zope.pcgi script to 
nhp-zope.pcgi, which indicates to IIS that it should pass on all HTTP 
headers untouched.  The problem here is that the ZPublisher defers to 
the server to produce some of the relevant HTTP headers, namely the 
protocol version / status header ('HTTP/1.1 200 OK').  Without this 
header, browsers display all the headers as if they are part of the body.

My solution is to alter the pcgi_publisher.py script so that it passes 
the publish_module a ZServerHTTPResponse object - which *will* add all 
the relevant server headers [2].

However, altering the pcgi_publisher script seems to have no effect, 
whatsoever, on anything.

Should my approach work?  Are there better workarounds?

Thanks,

seb

--

References

[1] http://support.microsoft.com/default.aspx?scid=kb;EN-US;q176113

[2] pcgi_publisher.py patch (watch for line wraps)

*** pcgi_publisher.py   Thu Sep  7 17:40:07 2000
--- nhp-pcgi_publisher.py       Thu Jul 11 09:56:42 2002
***************
*** 294,306 ****
           ### IIS hack to fix broken PATH_INFO
           ### taken from Mike Fletcher's win_cgi_module_publisher
           import string
           if env.has_key('SERVER_SOFTWARE') and 
string.find(env['SERVER_SOFTWARE'],'Microsoft-IIS') != -1:
               script = 
filter(None,string.split(string.strip(env['SCRIPT_NAME']),'/'))
               path = 
filter(None,string.split(string.strip(env['PATH_INFO']),'/'))
               env['PATH_INFO'] = string.join(path[len(script):],'/')
!
           try:
! 
self.publish_module(self.moduleName,stdin=stdin,stdout=stdout,stderr=stderr,environ=env)
           except:
               self.fatalError("unable to publish module")

--- 294,308 ----
           ### IIS hack to fix broken PATH_INFO
           ### taken from Mike Fletcher's win_cgi_module_publisher
           import string
+         from ZServer.HTTPResponse import ZServerHTTPResponse
+         iis-nhp-response = None
           if env.has_key('SERVER_SOFTWARE') and 
string.find(env['SERVER_SOFTWARE'],'Microsoft-IIS') != -1:
               script = 
filter(None,string.split(string.strip(env['SCRIPT_NAME']),'/'))
               path = 
filter(None,string.split(string.strip(env['PATH_INFO']),'/'))
               env['PATH_INFO'] = string.join(path[len(script):],'/')
!             iis-nhp-response = ZServerHTTPResponse(stdout=stdout, 
stderr=stderr)
           try:
! 
self.publish_module(self.moduleName,stdin=stdin,stdout=stdout,stderr=stderr,environ=env,response=iis-nhp-response)
           except:
               self.fatalError("unable to publish module")