LinkinStars commented on issue #667: URL: https://github.com/apache/answer/issues/667#issuecomment-2864942749
> I am experiencing yet another version of the same issue: this time it looks like its connected to how the user logs in (email+password VS google). > > 1. My instance has login required ON > 2. I am using domain name (not IP) to access > 3. Users who login with username and password see the images OK > 4. Users who login with Google (using the google connector plugin) do not see the image (instead they get the 403 error) > > Additional info: > > * If a non-existing user logs in with google (so their account is created at that moment), they **can not** see the image. If they log out, the admin sets a password for them and they log back in with email and password, the **can** see the image. > * If a user is created with email and password and logs in with email and password they **can** see the image. If they log out and log in with google, they **can not** see the image anymore. > * A user who cannot see the image is not able to see it both in the posts and directly accessing the URL (redirect to 403) > * Regarding cookies: I observed that if the same user logs in with email+password first receives a certain cookie X. Using curl with this cookie retrieves the image OK (HTTP 200). If the user logs out and back in with Google **they keep the same cookie** but now the same curl command fails (302 to the 403 page). > * Also, sometimes if the user logs in with email+password, logs out and backin with google the image seems to load ok, but it's only "cached", and after a few refresh/cache clean/Shift+R it gets back to the usual erorr 403. Curl instead seems to fail immediately > * All behaviors are reproduceable in Chrome and Firefox on multiple PCs > > [@LinkinStars](https://github.com/LinkinStars) let me know if I should open a separate issue for this or if you need more details. > > Edit: added more info regarding behaviour with cookies @Giorgio-Bonvicini-R4P Thank you very much for such a perfect description. It is significant for us! I confirm that you are describing a different issue. The cause of this issue is that cookies are not being set correctly after logging in with a third party. If you could please help us by submitting a new issue, so that we can follow up and fix this issue. Thanks again for your feedback. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@answer.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
