[rt-users] SelfService users need to login twice

[Kevin Falcone]

On Fri, May 13, 2011 at 11:18:52AM -0500, ktm at rice.edu wrote:
> On Fri, May 13, 2011 at 11:56:19AM -0400, Kevin Falcone wrote:
> > On Fri, May 13, 2011 at 10:37:44AM -0500, ktm at rice.edu wrote:
> > > On Fri, May 13, 2011 at 10:27:05AM -0500, ktm at rice.edu wrote:
> > > > Hi,
> > > > 
> > > > I am investigating a problem with the SelfService login page where
> > > > unprivileged users must login two times in a row for it to succeed.
> > > > I found this thread:
> > > > 
> > > > http://www.gossamer-threads.com/lists/rt/users/90794
> > > > 
> > > > and I think that my issue is the same. Unfortunately, I cannot
> > > > find the original patch for 3.8.0 - 3.8.5 that I applied. Does
> > > > anyone have a copy of the patch or an idea on how to debug this.
> > > > 
> > > > Regards,
> > > > Ken
> > > > 
> > > 
> > > I had to make the same change to:
> > > 
> > > share/html/Elements/SetupSessionCookie
> > > 
> > > as described in the thread to eliminate the double login.
> > > Like the original thread, I am curious if there is a problem
> > > with this fix or a better one? I am running 3.8.5.
> > 
> > I'm not sure which fix you're referencing, since my sha1 in that
> > thread was for the 3.6 fix, which was a backport of 
> > 84022062cec889f1cabf1d4a10e28b7b66addf23 from 3.8
> > 
> > This was a fix for users going to http://rt.server/ and logging in and
> > losing the cookie when being redirected by mod_perl to
> > http://rt.server/SelfService/
> > 
> > Again, not sure what fix you applied, so it's hard to comment further.
> > 
> > -kevin
> 
> It was the 3.8 session fixation patch.

So, that fixed the double login or caused it?

-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110513/72c94218/attachment.sig>