Support Forum

http://noc.postnuke.com/t...02&group_id=5&atid=101
We had several reports of login problems with .8 RC3. Please test your installations with as many browsers as possible. We have no clue at all, if this problem really exists and if it exists, what it is related to.
This is the last big bug before the final release! So if you want a quick final, put all your energy into this!

-----
best regards from Kiel, sailing city

Steffen Voss

Member of the PostNuke Steering Committee
Follow The Zikulan at Twitter

The only login problem I've been able to found is related to this topic: http://community.postnuke...pic-54177-start-15.htm
If you have the caching enabled, after some logout/login or wrong password, you won't be able to login again until the cache expires (I suppose).

I cannot see any problem without the caching system enabled...
Do we know if the two guys who reported the bug are using PN with or without the caching enabled?

nope, the cache is disabled
currently i have two broken sites and Dave has others...

The problems seems related with the Cookies in some environments...

-----
- Mateo T. -
Mis principios... son mis fines

Is it possibile to know more or less the server configuration?

Are you able to reproduce the error?

Do you get any error? What?



edited by: Arthens, Mar 25, 2008 - 06:10 PM

We are looking deep with Chris hildebrandt (slam) about this issue,
by now seems that some servers randomly gets the cookie duplication.

There's no error message, because the session is lost as consequence of the dummy cookie.
I've tested a lot and move some code on SessionUtil to try solutions, but no total luck. I still have a cookie with path "/" that overrides my good cookie that has the path "/PostNuke08/" (when my site is located in a subfolder called /PostNuke08)...

-----
- Mateo T. -
Mis principios... son mis fines

Arthens

I cannot see any problem without the caching system enabled...
Do we know if the two guys who reported the bug are using PN with or without the caching enabled?

Well, I can reproduce the error on my server, without caching enabled. Chris, seems very knowledgeable about apache, and while my server is not perfect, it seems adequate.. with no fatal problems. I am not the only one with the issue, of course, but I have many relationships within the PN community so, my server has become the primary focus of the investigation, as it is accessible. But the issue is 'reproducible' and demonstrable, and severe.

I guess since there is a bug report, and it is documented in the forums, we do not really have an idea of how wide spread the issue is.

I will try to contact those who have had login issues, and see if we can gather more data.

If anyone is having this issue, please let us know.



-----
David Pahl
Zikula Support Team

David, can you give me access to your server, so that I may try it out and see if I can figure out something? Please mail me: jw at fjeldgruppen dot dk

AmmoDump

Well, I can reproduce the error on my server

Well, How?

I mean... is the issue evident or you have to do something particular for reproduce it?
I'd like to reproduce it too for trying to help.

What we got:

I newer SVN (but I first had issues with pre-RC3 SVNs)
A subdomain which contains the PN install.
A cookie is produced for the for the subdomain (expected) and the root domain (not expected). The subdomain cookie is good, as long as not logged out.
Upon trying to login for a second time, we get an auth failure, due to the root cookie.
If the root cookie is deleted, login will pass.
But the root cookie is created again.

This happens on very different versions of apache/php/mysql.

There is some speculation as to why(ish)... but nothing we can confirm.



-----
David Pahl
Zikula Support Team

I don't know if it could be related, but everytime I login and logout... I have a cookie created, but never deleted.
After nine login and logout I have nine cookies.

This is what happens:

1) I open http://www.fjeldgruppen.dk and get one POSTNUKESID cookie issued. Login works.

2) I open fjeldgruppen.dk and get a new POSTNUKESID cookie issued. Login works.

3) Back to http://www.fjeldgruppen.dk where I now POST TWO POSTNUKESID cookies (one for each domain). Login FAILS.

So apparently either PHP og PostNuke chokes on the fact that there are two POSTNUKESID cookies.

Maybe a solution would be to postfix POSTNUKESID with the sub-domoain? Then the session cookie names would be "POSTNUKESID" and "POSTNUKESID-www".

I cannot always repeat this. I assume this is because the sequece of the two POSTNUKESID cookies changes - sometimes the correct one comes first, some times it does not. But I am not sure about this.

can you redirect all requests to the 'www' subdomain for testing purposes?

a simple .htaccess will do the job:

Quote

# rewrite to www
RewriteCond %{HTTP_HOST} !^www\.fjeldgruppen.\.dk$
RewriteRule ^(.*)$ http://www.fjeldgruppen.dk/ [L,R=301]

-----
regards from germany
..::[Zikula Application Framework]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::..

Lars: now I am not able to use fjeldgruppen.dk due to the redirect which always lands me on http://www.fjeldgruppen.dk. I assume this is what you wanted.

The result is that I never get a cookie for fjeldgruppen.dk (without http://www.) - and now it works, I am unable to reproduce the error, and I never send more than one cookie.

So this "works for me" - but it does not solve the issue when you have multiple websites on multiple sub-domains.