[Zope-CMF] Fwd: [imeme] Apache and cookies
Sidnei da Silva
sidnei@x3ng.com
Mon, 30 Sep 2002 19:03:38 -0300
Apache versions 1.3.23 and 1.3.24 were 'eating' cookies when more than
one was sent out. For example, with CMF. This was fixed in apache
version 1.3.26.
[]'s
On Tue, Oct 01, 2002 at 09:42:46AM +1200, Peter Simmons wrote:
| Forwarding this to everyone on this list in case someone knows what is going on.
|
| In short when using apache as a proxy to a cmf site the __ac cookie seems to get
| eaten (for almost all users) if I get rid of apache and surf straight to zope I
| stay authenticated. (see below for more details).
|
| Does anyone know of why/what apache is doing to lose the cookies? And why its
| not for everyone? Are there some special characters that are not allowed in
| cookies in apache that are allowed in zope or something? Maybe a size issue?
|
| --
| Peter Simmons
| BCMPweb Limited
| pete@bcmpweb.com
|
|
|
|
|
| ----- Forwarded message from Peter Simmons <pete@bcmpweb.com> -----
| Date: Tue, 1 Oct 2002 09:16:39 +1200
| From: Peter Simmons <pete@bcmpweb.com>
| Reply-To: Peter Simmons <pete@bcmpweb.com>
| Subject: [imeme] Apache and cookies
| To: Imeme Users List <imeme-users@lists.imeme.net>
|
| hI,
|
| I am using CMF (and plone sometimes) and as you may know it uses cookie
| authentication. I am having some problems with it not working for all users.
|
| When running the standard imeme setup (i.e. apache proxying to zope + others
| (logs, mailman) almost all users try to login in but the __ac cookie does not
| stay set.
| Specifically:
|
| 1. they go to the login page fill in user name and password and click login.
|
| 2. They are then taken to a logged_in page and it appears they are logged in
|
| 3. When they try to go to another page it appears they are no longer logged in
|
| I did a lot of delving into the cookie crumbler code and worked out that the
| first request after you give login info is supposed to set a cookie "__ac" that
| contains an encoded (base64) string of username:password.
|
| So I put code on the standard template (main_template) that shows me the
| cookies. It seems that for the logged_in page the cookie is set but aftet that
| the cookie is wiped.
|
| As I was saying before for a couple of users it worked. So I thought it was a
| permissions thing and exaustively tried different permissions for the other
| users including making them exactly the same and in the same user folder nothing
| worked (and its not this see below).
|
| I tried a how lot of other things too but no much point in going into detail.
| Lastly I tried going directly to port 8080 and it worked fine. So I tried
| stopping apache and running zope on port 80 and it still worked fine. This is
| how our zope is currently running which solves this problem but means logs,
| mailman and my wedav on port 80 redirects no longer work so long term I can't
| leave it like this.
|
| Does anyone (and thanks for reading this far) know of why/what apache is doing
| to lose the cookies? And why its not for everyone? Are there some special
| characters that are not allowed in cookies in apache that are allowed in zope or
| soemthing? Maybe a size issue?
|
| Thanks in advance,
| Pete
| --
| Peter Simmons
| BCMPweb Limited
| pete@bcmpweb.com
|
|
|
|
|
| _______________________________________________
| http://lists.imeme.net/listinfo/imeme-users
|
|
|
| ----- End forwarded message -----
|
|
| _______________________________________________
| Zope-CMF maillist - Zope-CMF@zope.org
| http://lists.zope.org/mailman/listinfo/zope-cmf
|
| See http://collector.zope.org/CMF for bug reports and feature requests
--
Sidnei da Silva (dreamcatcher) <sidnei@x3ng.com.br>
X3ng Web Technology <http://www.x3ng.com.br>
GNU/Linux user 257852
Debian GNU/Linux 3.0 (Sid) 2.4.18 ppc
Linux is obsolete
-- Andrew Tanenbaum