[Zope-CMF] Fwd: [imeme] Apache and cookies

Peter Simmons pete@bcmpweb.com
Tue, 1 Oct 2002 10:02:31 +1200


Hi,

Further to this so you don't go down the wrong path it seems that apache isn't
actually destroying the cookie because I found another way around it (much nicer
in terms of not breaking other stuff).

If I login via the direct zope port i.e. go to
http://www.thedomain.com:8080/login_form and log in and then go back to the
normal http port i.e. http://www.thedomain.com the cookie has been set and stays
set.

So (and correct me if I am wrong) apahce isn't eating the cookie so much as
something is stopping it getting set or it isn't getting set correctly. How do
cookies work? Are they based on the domain? maybe the domain cookie crumbler
trys to use when not directly on zope is different from the direct one? Does
anyone know how I could check this out?
-- 
Peter Simmons
BCMPweb Limited
pete@bcmpweb.com


Quoting Peter Simmons <pete@bcmpweb.com>:

> Forwarding this to everyone on this list in case someone knows what is going
> on.
> 
> In short when using apache as a proxy to a cmf site the __ac cookie seems to
> get
> eaten (for almost all users) if I get rid of apache and surf straight to zope
> I
> stay authenticated. (see below for more details).
> 
> Does anyone know of why/what apache is doing to lose the cookies? And why
> its
> not for everyone? Are there some special characters that are not allowed in
> cookies in apache that are allowed in zope or something? Maybe a size
> issue?
> 
> -- 
> Peter Simmons
> BCMPweb Limited
> pete@bcmpweb.com
> 
> 
> 
> 
> 
> ----- Forwarded message from Peter Simmons <pete@bcmpweb.com> -----
>     Date: Tue,  1 Oct 2002 09:16:39 +1200
>     From: Peter Simmons <pete@bcmpweb.com>
> Reply-To: Peter Simmons <pete@bcmpweb.com>
>  Subject: [imeme] Apache and cookies
>       To: Imeme Users List <imeme-users@lists.imeme.net>
> 
> hI,
> 
> I am using CMF (and plone sometimes) and as you may know it uses cookie
> authentication. I am having some problems with it not working for all users.
> 
> 
> When running the standard imeme setup (i.e. apache proxying to zope +
> others
> (logs,  mailman) almost all users try to login in but the __ac cookie does
> not
> stay set. 
> Specifically:
> 
> 1. they go to the login page fill in user name and password and click login.
> 
> 
> 2. They are then taken to a logged_in page and it appears they are logged
> in
> 
> 3. When they try to go to another page it appears they are no longer logged
> in
> 
> I did a lot of delving into the cookie crumbler code and worked out that
> the
> first request after you give login info is supposed to set a cookie "__ac"
> that
> contains an encoded (base64) string of username:password.
> 
> So I put code on the standard template (main_template) that shows me the
> cookies. It seems that for the logged_in page the cookie is set but aftet
> that
> the cookie is wiped.
> 
> As I was saying before for a couple of users it worked. So I thought it was
> a
> permissions thing and exaustively tried different permissions for the other
> users including making them exactly the same and in the same user folder
> nothing
> worked (and its not this see below).
> 
> I tried a how lot of other things too but no much point in going into
> detail.
> Lastly I tried going directly to port 8080 and it worked fine. So I tried
> stopping apache and running zope on port 80 and it still worked fine. This
> is
> how our zope is currently running which solves this problem but means logs,
> mailman and my wedav on port 80 redirects no longer work so long term I
> can't
> leave it like this.
> 
> Does anyone (and thanks for reading this far) know of why/what apache is
> doing
> to lose the cookies? And why its not for everyone? Are there some special
> characters that are not allowed in cookies in apache that are allowed in zope
> or
> soemthing? Maybe a size issue?
> 
> Thanks in advance,
> Pete
> -- 
> Peter Simmons
> BCMPweb Limited
> pete@bcmpweb.com
> 
> 
> 
> 
> 
> _______________________________________________
> http://lists.imeme.net/listinfo/imeme-users
> 
> 
> 
> ----- End forwarded message -----
> 
> 
> _______________________________________________
> Zope-CMF maillist  -  Zope-CMF@zope.org
> http://lists.zope.org/mailman/listinfo/zope-cmf
> 
> See http://collector.zope.org/CMF for bug reports and feature requests
> 
> 
>