[rt-users] repetitive browser authentication

Kevin Falcone falcone at bestpractical.com
Thu Mar 17 12:25:24 EDT 2011


On Thu, Mar 17, 2011 at 09:10:08AM -0700, Mark A Bentley wrote:
> 
> I've observed the same thing with my RT 3.8.4 install.  I've not taken the

There have been two sets of changes to the login code since 3.8.4,
including one since 3.8.8, so debugging on 3.8.4 is hard.

Hopefully you've patched your RT for the various security problems
since 3.8.4

-kevin

> time to look into it further, but I have noticed that if I authenticate, and
> then wait for the page to fully load, usually I don't have to re-auth.  The
> issue seems to happen when I'm too impatient for the initial "RT at a glance"
> page to load, and click one of the other links on the page.
> 
> I am using RT::Authen::ExternalAuth, but this issue doesn't seem to
> be specific to external accounts.  I see the same behavior when
> logging in
> as a local RT user, such as "root".
> 
> Not sure if that helps identify what the issue might be.  I'd be willing
> to assist in troubleshooting this if anyone wants to throw some more
> questions or test cases my way...
> 
>    --Mark
> 
> 
> On Thu, 17 Mar 2011, Obando, David DE - EV wrote:
> >Hi,
> >
> >I don't use different hostname. I just tested with clicking the RT links in two "new-ticket-notification"-mails:
> >1. clicking the first ticketlink and authenticating
> >2. clicking the second ticketlink and I have to authenticate again
> >
> >Regard,
> >David
> >
> >-----Ursprüngliche Nachricht-----
> >Von: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] Im Auftrag von Kevin Falcone
> >Gesendet: Donnerstag, 17. März 2011 15:30
> >An: rt-users at lists.bestpractical.com
> >Betreff: Re: [rt-users] repetitive browser authentication
> >
> >On Thu, Mar 17, 2011 at 01:51:55PM +0100, Obando, David DE - EV wrote:
> >>   Dear all,
> >>
> >>   I installed a new system with RT 3.8.8. I'm wondering why I have to authenticate again after
> >>   successful authentication.
> >>
> >>   Example: I login to rt RT webinterface and in a second step I click an RT link in an e-mail to
> >>   a new ticket. A new browser tab opens and I have to authenticate again.
> >>
> >>   Tested in FF and IE.
> >>   Any ideas how I can change setting so authentication is only needed once per session?
> >
> >This usually happens when you have different hostnames that alias to RT so the cookies aren't compatible.
> >
> >-kevin
> >
> 
> -- 
> Mark A Bentley
> CTO Lab Systems Support
> AT&T Mobility, Redmond, WA
> Email:  mark.bentley at att.com
> 425-702-3072 (desk) / 425-702-2826 (fax)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110317/d8fb5e9e/attachment.sig>


More information about the rt-users mailing list