[rt-users] v3.6.1 / Logged out issues

Frances Albemuth frances.cincinattus at gmail.com
Wed Aug 23 21:51:54 EDT 2006


 Alright, so I checked into this per your advice, and here's what
happened.  I recorded the current cookies, moved everything back to
unsecured HTTP, dumped the mason cache, restarted httpd, cleared my
cookies, tried to duplicate the problem.  Well, the problem was
notably worse - every click led to the log in screen.  I figured
Apache::Session might be confused after all of this, so I tried to
logout via the web UI (to dump my session).  I received this error:

error:          Could not remove file: Permission denied at
/usr/lib/perl5/site_perl/5.8.5/Apache/Session/Store/File.pm line 106.
context:
...
102:    $self->{opened} = 0;
103:    }
104:
105:    if (-e $directory.'/'.$session->{data}->{_session_id}) {
106:    unlink ($directory.'/'.$session->{data}->{_session_id}) ||
107:    die "Could not remove file: $!";
108:    }
109:    else {
110:    die "Object does not exist in the data store";
...
code stack:     /usr/lib/perl5/site_perl/5.8.5/Apache/Session/Store/File.pm:106
/usr/lib/perl5/site_perl/5.8.5/Apache/Session.pm:515o
/usr/lib/perl5/site_perl/5.8.5/Apache/Session/File.pm:40
/usr/lib/perl5/site_perl/5.8.5/HTML/Mason/Request.pm:1249

 So, I reverted everything back to secured http (because it was an
easy thing to try), and the problem persisted.  I tracked down a
couple of files in /tmp that were owned by the apache user, dumped
those along with /tmp/fcgi, dumped the mason cache, dumped my cookies
again, and restarted httpd.  So far, I've been unable to duplicate the
problem.  It's likely that somewhere in all this there was human error
on my part.  I'm fairly certain (though I don't recall trying to
logout before -- bad habits and all) that this error didn't occur
until I jostled everything around in hopes of figuring out what was
different about the cookies being handed out.  One thing of note: I
initially noticed (using SSL) that I was receiving a number of
cookies; one for rt.*.443, one for rt.*.80, and a couple relating to
specific pages (Quick Search, et al).  Afterwards, I received a single
cookie for rt.*.443.  Let me know if there's anything else I should
investigate that I might shed light or provide useful data (if indeed
this has anything to do with the infinite login issue).

 Thanks,

 -FC

On 8/23/06, Jesse Vincent <jesse at bestpractical.com> wrote:
>
>
>
> On Wed, Aug 23, 2006 at 11:14:08AM -0700, Frances Albemuth wrote:
> >  The more I poke and prod the issue, the more I'm beginning to think
> > this is actually The Infinite Login Bug(tm).  I've therefore attempted
> > most of the troubleshooting suggested in the infinite login thread,
> > but so far to no avail.  The only thing that seems to separate my case
> > is the fact that it appears to work normally if I disable SSL.
> > Unfortunately, SSL is a necessity in environment.  I'm keeping my
> > fingers crossed for suggestions...
>
> Can you tell us about what RT is doing differently with cookies acorss
> your secure and insecure sites?
>



More information about the rt-users mailing list