[Dspace-tech] DSpace 1.4 Authentication problems
Hi, We are running DSpace 1.4 andI have just noticed a seriousissue with the authentication. We are using thedefault implementation with the email address/password based login. I have noticed that whenI logoutand then click to go onto any other page on our DSpace site it comes up in the top left corner that I am still logged in.For example if I click to logout and get the 'thank you for logging out' message,return to the homepage and thenclick the mydspace link itcomes upwithmy dspace account details instead of the login box requesting a username and password. Only If I click on refresh after logging out it does it then seem to then log me. It happens in both Internet Explorer and Firefox. I have deleted cookies and it has not made any difference.Ithink this is only a recent problem and we have recently changed our DSpace URL. Wehaven't been able to find out what is causing the problem and I wondered if anyone else had experienced the same sort of thing? ThanksCarolynGroomILSS:LearningTechnologist(LibraryandRepositoryTechnologies)GeorgeLauderLibraryCarnegieCollegeHalbeathRoadDunfermlineKY118DY - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] DSpace 1.4 Authentication problems
On Dec 19, 2007 10:30 AM, [EMAIL PROTECTED] wrote: We are running DSpace 1.4 and I have just noticed a serious issue with the authentication. We are using the default implementation with the email address/password based login. I have noticed that when I logout and then click to go onto any other page on our DSpace site it comes up in the top left corner that I am still logged in. I suspect that this is the browser cache at work; I often have it return authentication-required visited pages after I log out or my session expires. I'm not sure what DSpace could do about that except for no-cache tricks that break the Back button entirely (which would be a bad, bad idea). I'm willing to be wrong, though -- if you log out, go back to your My DSpace page, and then click on something requiring authentication (such as starting a new submission), does it let you do it? If so, then there is definitely a problem! Dorothea -- Dorothea Salo[EMAIL PROTECTED] Digital Repository Librarian AIM: mindsatuw University of Wisconsin Rm 218, Memorial Library (608) 262-5493 - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] DSpace 1.4 Authentication problems
On Wed, Dec 19, 2007 at 04:58:49PM +, Dorothea Salo wrote: On Dec 19, 2007 10:30 AM, [EMAIL PROTECTED] wrote: We are running DSpace 1.4 and I have just noticed a serious issue with the authentication. We are using the default implementation with the email address/password based login. I have noticed that when I logout and then click to go onto any other page on our DSpace site it comes up in the top left corner that I am still logged in. I suspect that this is the browser cache at work; I often have it return authentication-required visited pages after I log out or my session expires. I'm not sure what DSpace could do about that except for no-cache tricks that break the Back button entirely (which would be a bad, bad idea). Yes this is correct; it's a browser issue. After you log out, you are actually logged out, but (eg) firefox will try to be clever about not re-requesting pages that it has cached. Of course, if you try to do anything that requires you being logged in, you will be prompted to do so; your browser can't subvert that process. Most apps try to get around this by asking you to shut down your browser (which would clear the cache), but DSpace doesn't bother. You could modify the logged-out.jsp to include this message if you feel it's important for your repository. The only potential issue is that someone could potentially *see* what you were looking at before you logged out; they wouldn't be able to *do* anything though. cheers, Jim -- James Rutherford | Hewlett-Packard Limited registered Office: Research Engineer | Cain Road, HP Labs | Bracknell, Bristol, UK | Berks +44 117 312 7066 | RG12 1HN. [EMAIL PROTECTED] | Registered No: 690597 England The contents of this message and any attachments to it are confidential and may be legally privileged. If you have received this message in error, you should delete it from your system immediately and advise the sender. To any recipient of this message within HP, unless otherwise stated you should consider this message and attachments as HP CONFIDENTIAL. - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] DSpace 1.4 Authentication problems
Hi,DSpace is letting me carry out activities that require authentication like a new submissionafter logging out. I did log in with another username and then logged out and now it is displaying my username as being logged in on some pages and the other username onother pages despite me clicking the logout link on both. I also went onto another PC and when I went onto our DSpace site and clicked on the communities/collections site it was displaying my username as being logged in. I have not used this PC since yesterday. We run DSpace as an internal repository butthe materialsin it are password protected.It seems really random and we don't know what to do about it. Anyhelp would be appreciated.ThanksCarolynGroomILSS:LearningTechnologist(LibraryandRepositoryTechnologies)GeorgeLauderLibraryCarnegieCollegeHalbeathRoadDunfermlineKY118DYPleaseconsidertheenvironmentbeforeprintingthisemail[EMAIL PROTECTED] wrote: -To: dspace-tech@lists.sourceforge.netFrom: "Dorothea Salo" [EMAIL PROTECTED]Sent by: [EMAIL PROTECTED]Date: 19/12/2007 04:58PMSubject: Re: [Dspace-tech] DSpace 1.4 Authentication problemsOn Dec 19, 2007 10:30 AM, [EMAIL PROTECTED] wrote: We are running DSpace 1.4 and I have just noticed a serious issue with the authentication. We are using the default implementation with the email address/password based login. I have noticed that when I logout and then click to go onto any other page on our DSpace site it comes up in the top left corner that I am still logged in.I suspect that this is the browser cache at work; I often have itreturn authentication-required visited pages after I log out or mysession expires. I'm not sure what DSpace could do about that exceptfor no-cache tricks that break the Back button entirely (which wouldbe a bad, bad idea).I'm willing to be wrong, though -- if you log out, go back to your MyDSpace page, and then click on something requiring authentication(such as starting a new submission), does it let you do it? If so,then there is definitely a problem!Dorothea-- Dorothea Salo[EMAIL PROTECTED]Digital Repository Librarian AIM: mindsatuwUniversity of WisconsinRm 218, Memorial Library(608) 262-5493-SF.Net email is sponsored by:Check out the new SourceForge.net Marketplace.It's the best place to buy or sell servicesfor just about anything Open Source.http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace___DSpace-tech mailing listDSpace-tech@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/dspace-tech - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
