#5671 defect new
HTTPAuthSessionWrapper calls Request.finish() on closed connection
|Reported by:||tomsheffler||Owned by:|
|Component:||web||Keywords:||auth, deferred, closed connection|
When a credentials checker raises an exception in the deferred returned from requestAvatarId, an exception is sometimes raises rather than a '401 unauthorized' response generated.
This condition can be recreated under the following conditions
- the exception is raised after a time delay
- the client requesting the authorization is not strictly HTTP/1.1 compliant, or is otherwise misbehaving
The attached server and examples recreate the problem. See the comments at the top of the attached server, serv3.py, for shell command stimuli that illustrate the conditions.