[xwiki-notifications] [Issue] Commented: (XWIKI-1774) authentication failed using several web server an several redline in front of tomcat server

Mon, 19 Nov 2007 12:22:46 -0800 

    [ 
http://jira.xwiki.org/jira/browse/XWIKI-1774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_19734
 ] 

Sergiu Dumitriu commented on XWIKI-1774:
----------------------------------------

The problem is that somewhere the IP of the actual client is replaced by the IP 
of one of the front servers. The real IP is stored in the X-Forwarded-For HTTP 
header, but we can't use it as the SecurityFilter code does not use. I filled a 
bug report to the SecurityFilter project, but I don't expect it to be fixed, as 
that project didn't have a release in almost 3 years.

We can either document this bug+workaround while waiting for a fix in 
SecurityFilter (or use our own patched version), or look for an alternative.

> authentication failed using several web server an several redline in front of 
> tomcat server
> -------------------------------------------------------------------------------------------
>
>                 Key: XWIKI-1774
>                 URL: http://jira.xwiki.org/jira/browse/XWIKI-1774
>             Project: XWiki Platform
>          Issue Type: Bug
>          Components: Rights Management
>    Affects Versions: 1.0, 1.1.1
>         Environment: linux RHEL 4.4 / HP DL385 / tomcat 5.5.23 apache 2.0.59 
> /mysql 5.0
>            Reporter: Eric Grandjean
>            Priority: Critical
>
> using 2 redline server in front of 2 apache server in front of 1 tomcat server
> user lost authentication 
> we have the following message in catalina.out
> when we authentifie 
> !remember-me cookie validation hash mismatch! 
> !remember-me cookie has been tampered with! 
> !remember-me cookie is being deleted!
>  we of course remove cookies ( client side )
> using 1 redline server in front of 1 apache server in front fo 1 tomcat server
> every thing works fine

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.xwiki.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        
_______________________________________________
notifications mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/notifications

Reply via email to