UT3 WebAdmin Bug Tracker


Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000071 [UT3 WebAdmin] Back end minor always 2009-06-07 00:10 2009-06-08 15:44
Reporter Flash View Status public  
Assigned To elmuerte
Priority normal Resolution open  
Status confirmed   Product Version v1.15
Summary 0000071: Cookies not including port info
Description When using the chat console with "Auto update chat log" ticked, Webadmin apparently uses cookies with a sessionid to track who I am to decide how much chat to send between polls.

These cookies don't include the gameport information, merely the domain (as IP) and the path (always the same)

Example:
Set-Cookie3: sessionid=030767E52355215C0AF605090C5C072A; path="/ServerAdmin/"; domain=85.236.xxx.xxx; path_spec; discard; version=0
Set-Cookie3: sessionid=2227632146CE1A6A0C5D761B284F78D9; path="/ServerAdmin/"; domain=85.236.xxx.xxx; path_spec; discard; version=0
Set-Cookie3: sessionid=397070D4602F4F790FB7121839571165; path="/ServerAdmin/"; domain=85.236.xxx.xxx; path_spec; discard; version=0

This means any cookies from the same IP overwrite each other's sessionid's, making webadmin issue the browser a new one, and it not remembering at which point that client started viewing chat.

This means if you have two or more consoles up to two or more servers SHARING THE SAME IP - it won't work.
Additional Information I encountered this trying to write a webscraping script in perl to export chat from the webadmin chat console to IRC. (There only seems to be one IRC reporter available and it has significant drawbacks)

Unfortunately, this has hit a dead end with the above issue. It works fine for individual servers, but multiples force different sessionid's to be assigned to the same ip. I can probably get around it by using different cookie jars in LWP but figured it could be something you might like to fix on your side.

Ofc, if you know of a better way to get chat from a ut3 server, I'd *love* to know!
Tags No tags attached.
Attached Files

- Relationships

-  Notes
(0000115)
elmuerte (administrator)
2009-06-08 15:44

This is a limitation of cookies. There is actually no way limit cookies to a given port. There has been an updated RFC for cookies (rfc2965), which contains a feature to limit on ports. But that this RFC hasn't been (widely) adopted, according to various post on the internet only Opera 9 implemented Set-Cookie2. I don't know where you got the idea of Set-Cookie3, but I doubt that's implemented by most browsers.

So, there's only one possible solution for the cookie problem, and that's to prefix/suffix the cookie names with the port number (or some other unique id).

ps, The chat console doesn't use any information stored in the session. It just creates a new session every time (because authentication information is stored in a different cookie).

pps, Using the webadmin to redirect the chat to IRC isn't the best approach. There is quite some overhead involved that you could easily scrap (i.e. the whole authentication/authorization part of the webadmin).

- Issue History
Date Modified Username Field Change
2009-06-07 00:10 Flash New Issue
2009-06-07 00:10 Flash Status new => assigned
2009-06-07 00:10 Flash Assigned To => elmuerte
2009-06-08 15:44 elmuerte Note Added: 0000115
2009-06-08 15:44 elmuerte Status assigned => confirmed


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker