Kevin, I need a little more information: 1) Is this repeatable every time (with the refresh after the gateway error always succeeding)? 2) Do you always see the "invalid cookie length" message, with the length always being off by 1? 3) Can you send a copy of the cookie file with the invalid length?
Thanks, -Matt Matthew J. Smith University of Connecticut UITS [email protected] ________________________________________ From: Kevin Richter [[email protected]] Sent: Tuesday, May 31, 2011 8:54 AM To: [email protected] Subject: Re: [cas-user] Bug with mod_auth_cas Great. Big big thanks! But... I think I have encountered a secound issue: I am logged in into the CAS and open the (same) website https://secretsite.de/index.php Everything is perfect, the website gets displayed. Now I open https://cas.secretsite.de/cas/logout and logout. As I said before, the mod_auth_cas at secretsite.de is configured with "CASIdleTimeout 60". Now my experiment: I was waiting five minutes and opened the site https://secretsite.de/index.php for a second time. Now I am getting an error "Bad Gateway" from the reverse proxy. The log files in the reverse proxy contain: [Tue May 31 13:29:31 2011] [error] [client 147.172.x.y] (70014)End of file found: proxy: error reading status line from remote server typo3-int [Tue May 31 13:29:31 2011] [error] [client 147.172.x.y] proxy: Error reading from remote server returned by /index.php The only traffic from this second buggy website call is this: https://secretsite.de/index.php GET /index.php HTTP/1.1 Host: secretsite.de User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 DNT: 1 Pragma: no-cache, no-cache Cookie: MOD_AUTH_CAS_S=46e572e344e95ae42537e7ed5a24d86b Connection: keep-alive Cache-Control: no-cache HTTP/1.1 200 OK Date: Tue, 31 May 2011 11:29:30 GMT Server: Apache Vary: accept-language,accept-charset Accept-Ranges: bytes Content-Type: text/html; charset=iso-8859-1 Content-Language: de Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked I dont see a line in the respone beginning with "Content-Length: ...". Why does there no data, no redirect have been sent? The log files of mod_auth_cas contain: [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(1745): [client 147.172.x.y] Entering cas_authenticate() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(1473): [client 147.172.x.y] entering isValidCASCookie() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(791): [client 147.172.x.y] entering readCASCacheFile() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(1264): [client 147.172.x.y] entering deleteCASCacheFile() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(791): [client 147.172.x.y] entering readCASCacheFile() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(1501): [client 147.172.x.y] Cookie '46e572e344e95ae42537e7ed5a24d86b' is expired, deleting [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(946): [client 147.172.x.y] entering CASCleanCache() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(988): [client 147.172.x.y] Beginning cache clean [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(1006): [client 147.172.x.y] Processing cache file 'sess_bnofgn4qa9jhfrs7dvhgb4n6n2' [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(791): [client 147.172.x.y] entering readCASCacheFile() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(796): [client 147.172.x.y] Invalid cache cookie length for 'sess_bnofgn4qa9jhfrs7dvhgb4n6n2', (expecting 32, got 31) [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(1022): [client 147.172.x.y] Removing corrupt cache entry 'sess_bnofgn4qa9jhfrs7dvhgb4n6n2' [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(1264): [client 147.172.x.y] entering deleteCASCacheFile() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(791): [client 147.172.x.y] entering readCASCacheFile() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(796): [client 147.172.x.y] Invalid cache cookie length for 'sess_bnofgn4qa9jhfrs7dvhgb4n6n2', (expecting 32, got 31) Is this cookies issue the problem? Normally I would expect, that the second call of https://secretsite.de/index.php redirects me to the CAS login site, because of the logout five minutes before. But I get this "Bad Gateway" issue. If I reload the site (=a third time, after the bad gateway error), I am getting redirected to the login, indeed! And everything works... Do you have any ideas? cu Kevin Am 31.05.2011 14:11, schrieb Smith, Matthew J.: > Got it. There is an extra URL encode in the CASRootProxiedAs codepath. > We'll whip up a patch against trunk. > > -Matt > > Matthew J. Smith > University of Connecticut UITS > [email protected] -- <BR> You are currently subscribed to [email protected] as: [email protected] <BR> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- <BR> You are currently subscribed to [email protected] as: [email protected] <BR> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
