diff --git a/IPython/frontend/html/notebook/handlers.py b/IPython/frontend/html/notebook/handlers.py
index 6f953fc..600861d 100644
--- a/IPython/frontend/html/notebook/handlers.py
+++ b/IPython/frontend/html/notebook/handlers.py
@@ -41,15 +41,16 @@ except ImportError:
class AuthenticatedHandler(web.RequestHandler):
"""A RequestHandler with an authenticated user."""
def get_current_user(self):
- password = self.get_secure_cookie("password")
- if password is None:
- # cookie doesn't exist, or is invalid. Clear to prevent repeated
- # 'Invalid cookie signature' warnings.
- self.clear_cookie('password')
- self.clear_cookie("user_id")
- if self.application.password and self.application.password != password:
- return None
- return self.get_secure_cookie("user") or 'anonymous'
+ user_id = self.get_secure_cookie("user")
+ if user_id == '':
+ user_id = 'anonymous'
+ if user_id is None:
+ # prevent extra Invalid cookie sig warnings:
+ self.clear_cookie('user')
+ if not self.application.password:
+ user_id = 'anonymous'
+ return user_id
+
class NBBrowserHandler(AuthenticatedHandler):
@web.authenticated
@@ -64,8 +65,9 @@ class LoginHandler(AuthenticatedHandler):
self.render('login.html', user_id=user_id)
def post(self):
- self.set_secure_cookie("user", self.get_argument("name", default=u''))
- self.set_secure_cookie("password", self.get_argument("password", default=u''))
+ pwd = self.get_argument("password", default=u'')
+ if self.application.password and pwd == self.application.password:
+ self.set_secure_cookie("user", self.get_argument("name", default=u''))
url = self.get_argument("next", default="/")
self.redirect(url)
@@ -176,13 +178,10 @@ class AuthenticatedZMQStreamHandler(ZMQStreamHandler):
self.on_message = self.on_first_message
def get_current_user(self):
- password = self.get_secure_cookie("password")
- if password is None:
- # clear cookies, to prevent future Invalid cookie signature warnings
- self._cookies = Cookie.SimpleCookie()
- if self.application.password and self.application.password != password:
- return None
- return self.get_secure_cookie("user") or 'anonymous'
+ user_id = self.get_secure_cookie("user")
+ if user_id == '' or (user_id is None and not self.application.password):
+ user_id = 'anonymous'
+ return user_id
def _inject_cookie_message(self, msg):
"""Inject the first message, which is the document cookie,