Session id error in v1.9.9

Hey all, I'm upgrading my version of prodigy finally from 1.4.2 (I know, the dark ages) to 1.9.9 (shiny and new!). I was getting an error like

"INFO: - "GET /project HTTP/1.1" 403 Forbidden"

I tracked it down to prodigy/ There is a function called "get_project" that calls assert_known_session with one argument, None. This is on line 362. Then the function assert_known_session then checks that whatever was passed in is not None, but if it IS None then it returns an exception (which is what I got).

If I just completely comment out the assert_known_session(None) line, everything works.

So my question is, is there something in my own app I need to tweak so this will work, or is it just a small bug on your side (always passing NONE to that function)? Hope that all made sense! Thanks!

Thanks for the super detailed report and the digging! This is very strange :thinking: And you don't have the PRODIGY_ALLOWED_SESSIONS environment variable set, by any chance? If you run the following in your environment, what does it return?

from prodigy.util import get_valid_sessions

The logic here is supposed to check that the session ID used in named multi-user sessions is valid, if the user defines a list of allowed sessions. So if you set PRODIGY_ALLOWED_SESSIONS=alexis,ines, only those names are allowed as ?session= and everything else raises an error, which prevents inconsistent sessions due to typos etc. But if no allowed sessions are set, that logic shouldn't raise.

1 Like

That was exactly it, thank you! I did have that variable set in the environment from some earlier experimenting. :woman_facepalming:

1 Like