[
https://jira.duraspace.org/browse/DS-959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22483#comment-22483
]
Mark Diggory commented on DS-959:
---------------------------------
Reposing from list:
Hello All,
I tested logging into the DSpace 1.7.2 XMLUI with Tomcat 7 and found the
following results:
Firefox 3.6.21 on Mac worked
Safari 5.1 didn't work
When I say didn't work - what actually happened was:
1. Browser requests password-login
2. Tomcat returns page
3. Browser posts credentials
4. Tomcat issues a 302 redirect to /xmlui
5. Browser requests /xmlui
6. The user should now be logged in and see the menu options down the side -
this didn't happen for Safari.
Looking at a packet snoop of both Firefox and Safari there was an important
difference. Safari did *not* send up the session id cookie after the redirect
but Firefox did. Tomcat therefore handed back a fresh session id cookie to
Safari and DSpace didn't think the user was logged in.
The reason this is occurring is due to the path on the cookie.
In Tomcat 5, the path on the cookie is "/xmlui"
In Tomcat 7 the path on the cookie is "/xmlui/"
*Note the trailing slash above.
This is due to a setting in Tomcat 7 on the Context
"sessionCookiePathUsesTrailingSlash" - see
http://tomcat.apache.org/tomcat-7.0-doc/config/context.html
Setting "sessionCookiePathUsesTrailingSlash" to "true" in the <tomcat
home>/conf/context.xml solved the problem for Safari.
ie.
<Context sessionCookiePathUsesTrailingSlash='false'>
</Context>
I think this is a "bug" in Safari as Firefox correctly sends the cookie to
"/xmlui" with a cookie path set to "/xmlui/".
This may be the case for other browsers too e.g. IE. I don't have IE so can't
test.
In short - to solve XMLUI login problem (on Safari at least) for Tomcat 7, set
sessionCookiePathUsesTrailingSlash to false in the Tomcat context.
Gareth
- Show quoted text -
--
Gareth Waller
EDINA
The University of Edinburgh
Causewayside House
160 Causewayside
Edinburgh
EH9 1PR
Email: [email protected]
Skype: edina_gwaller
EDINA: http://edina.ac.uk
Jorum: http://www.jorum.ac.uk
> XMLUI login failure when using Tomcat 7.0.16
> --------------------------------------------
>
> Key: DS-959
> URL: https://jira.duraspace.org/browse/DS-959
> Project: DSpace
> Issue Type: Bug
> Components: XMLUI
> Affects Versions: 1.7.2
> Environment: Based on discussion on 'dspace-tech', seems to affect
> the following browsers:
> * IE
> * Chrome
> * Safari
> * Opera
> Reporter: Stuart Lewis
> Priority: Major
> Fix For: 1.8.0
>
>
> See: http://dspace.2283337.n4.nabble.com/Login-and-IE8-td3671944.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.duraspace.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
http://p.sf.net/sfu/rim-devcon-copy2
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
