[rt-users] Persistent Sessions
Ole Craig
ocraig at stillsecure.com
Mon Jun 12 12:10:45 EDT 2006
On Mon, 2006-06-12 at 17:46 +0200, Stefan Lesicnik wrote:
> Hi Guys,
>
> I hope someone can help me. I have two computers both running Gentoo
> Linux, PHP 5.1.2 / 5.1.4, perl 5.8.8, perl fcgi 0.67 and RT 3.4.5.
>
> The one machine is using perl, the other using fastcgi. I am
> experiencing pretty much the same problem on both machines. I log into
> the system fine, and when I click on a menu option, i get returned to
> the login page. I have tried this both from Mozilla Firefox and IE.
>
> The machine running fastcgi seems a lot better, and I only get returned
> to login when i click on the general queue and select a ticket in the
> queue. The other machine running perl returns me to the login page if i
> click anything.
[...]
Stefan -
Sounds like maybe a cookie issue? I had a similar problem at one
point, which turned out to be a combination of
* the presence of a couple of firefox settings and
* the absence of anything like a mind on my part.
(I'm hoping the latter condition was temporary. :-)
Under the "privacy" tab of Firefox's preferences dialogue, I had
set "allow sites to set cookies...UNLESS I have removed cookies set by
the site." During a troubleshooting session, I had explicitly removed a
cookie set by RT (because I thought I was getting a cached login.)
Because I had explicitly removed a cookie set by my RT site, firefox
wasn't setting any more cookies from them. Thus, I would get this
behavior (my actions parenthesized):
1. login page displayed
2. (enter uname/pw)
3. login to RT accepted, RT-at-a-glance page displayed
4. (click on a ticket, say #1234)
5. login page displayed
6. (mutter, grumble, enter uname/pw)
7. login to RT accepted, ticket #1234 displayed
8. (click on basics)
9. login page displayed
10. (howl, curse, excessive keyboard abuse while entering uname/pw)
11. login to RT accepted, basics for #1234 displayed
[ &etcetera ad frustratiam ]
When I unset firefox's "unless I have removed cookies set by
this site" preference, the problem went away.
--
/Ole Craig
Security Engineer
303-381-3802 (main support hotline)
303-381-3824 (my direct line)
303-381-3801 (fax)
www.stillsecure.com
. . .
More information about the rt-users
mailing list