[rt-users] SelfService users need to login twice
ktm at rice.edu
ktm at rice.edu
Fri May 13 12:43:28 EDT 2011
On Fri, May 13, 2011 at 12:36:55PM -0400, Kevin Falcone wrote:
> On Fri, May 13, 2011 at 11:18:52AM -0500, ktm at rice.edu wrote:
> > On Fri, May 13, 2011 at 11:56:19AM -0400, Kevin Falcone wrote:
> > > On Fri, May 13, 2011 at 10:37:44AM -0500, ktm at rice.edu wrote:
> > > > On Fri, May 13, 2011 at 10:27:05AM -0500, ktm at rice.edu wrote:
> > > > > Hi,
> > > > >
> > > > > I am investigating a problem with the SelfService login page where
> > > > > unprivileged users must login two times in a row for it to succeed.
> > > > > I found this thread:
> > > > >
> > > > > http://www.gossamer-threads.com/lists/rt/users/90794
> > > > >
> > > > > and I think that my issue is the same. Unfortunately, I cannot
> > > > > find the original patch for 3.8.0 - 3.8.5 that I applied. Does
> > > > > anyone have a copy of the patch or an idea on how to debug this.
> > > > >
> > > > > Regards,
> > > > > Ken
> > > > >
> > > >
> > > > I had to make the same change to:
> > > >
> > > > share/html/Elements/SetupSessionCookie
> > > >
> > > > as described in the thread to eliminate the double login.
> > > > Like the original thread, I am curious if there is a problem
> > > > with this fix or a better one? I am running 3.8.5.
> > >
> > > I'm not sure which fix you're referencing, since my sha1 in that
> > > thread was for the 3.6 fix, which was a backport of
> > > 84022062cec889f1cabf1d4a10e28b7b66addf23 from 3.8
> > >
> > > This was a fix for users going to http://rt.server/ and logging in and
> > > losing the cookie when being redirected by mod_perl to
> > > http://rt.server/SelfService/
> > >
> > > Again, not sure what fix you applied, so it's hard to comment further.
> > >
> > > -kevin
> >
> > It was the 3.8 session fixation patch.
>
> So, that fixed the double login or caused it?
>
> -kevin
It caused it. I removed the second half of the test in the unless
just like the mention in the thread. Then it worked again, but
with what consequences?
Ken
More information about the rt-users
mailing list