[rt-users] SelfService users need to login twice

ktm at rice.edu ktm at rice.edu
Fri May 13 12:43:28 EDT 2011


On Fri, May 13, 2011 at 12:36:55PM -0400, Kevin Falcone wrote:
> On Fri, May 13, 2011 at 11:18:52AM -0500, ktm at rice.edu wrote:
> > On Fri, May 13, 2011 at 11:56:19AM -0400, Kevin Falcone wrote:
> > > On Fri, May 13, 2011 at 10:37:44AM -0500, ktm at rice.edu wrote:
> > > > On Fri, May 13, 2011 at 10:27:05AM -0500, ktm at rice.edu wrote:
> > > > > Hi,
> > > > > 
> > > > > I am investigating a problem with the SelfService login page where
> > > > > unprivileged users must login two times in a row for it to succeed.
> > > > > I found this thread:
> > > > > 
> > > > > http://www.gossamer-threads.com/lists/rt/users/90794
> > > > > 
> > > > > and I think that my issue is the same. Unfortunately, I cannot
> > > > > find the original patch for 3.8.0 - 3.8.5 that I applied. Does
> > > > > anyone have a copy of the patch or an idea on how to debug this.
> > > > > 
> > > > > Regards,
> > > > > Ken
> > > > > 
> > > > 
> > > > I had to make the same change to:
> > > > 
> > > > share/html/Elements/SetupSessionCookie
> > > > 
> > > > as described in the thread to eliminate the double login.
> > > > Like the original thread, I am curious if there is a problem
> > > > with this fix or a better one? I am running 3.8.5.
> > > 
> > > I'm not sure which fix you're referencing, since my sha1 in that
> > > thread was for the 3.6 fix, which was a backport of 
> > > 84022062cec889f1cabf1d4a10e28b7b66addf23 from 3.8
> > > 
> > > This was a fix for users going to http://rt.server/ and logging in and
> > > losing the cookie when being redirected by mod_perl to
> > > http://rt.server/SelfService/
> > > 
> > > Again, not sure what fix you applied, so it's hard to comment further.
> > > 
> > > -kevin
> > 
> > It was the 3.8 session fixation patch.
> 
> So, that fixed the double login or caused it?
> 
> -kevin

It caused it. I removed the second half of the test in the unless
just like the mention in the thread. Then it worked again, but 
with what consequences?

Ken



More information about the rt-users mailing list