[xwiki-notifications] [Issue] Commented: (XE-91) Cannot log in

Wed, 20 Feb 2008 19:18:25 -0800 

    [ 
http://jira.xwiki.org/jira/browse/XE-91?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_23146
 ] 

Sergiu Dumitriu commented on XE-91:
-----------------------------------

The problem was caused by a mismatch in the cookie domains. For example:

0. Assume the wiki is hosted on wiki.host.net
1. Setup the cookies to be set on *.host.net
2. Login in the wiki
3. Setup the cookies to be set on wiki.host.net
4. Try to logout from the wiki and fail

At step 2, a cookie is sent to the client, marked as valid for all subdomains 
of host.net

At step 4, the server requests that all login cookies valid for wiki.host.net 
to be deleted. Since the cookies set at step 2 are at a more general level, 
then the client cannot delete them.

So these steps lead to the "cannot logout" behavior. For the "cannot login" 
behavior, just change the encryption cookies or the user password, or delete 
that user completely. In that case the client will keep sending the deprecated 
cookies, which the server cannot delete.

> Cannot log in
> -------------
>
>                 Key: XE-91
>                 URL: http://jira.xwiki.org/jira/browse/XE-91
>             Project: XWiki Enterprise
>          Issue Type: Bug
>    Affects Versions: 1.1 M3
>         Environment: xwiki 1.1 M3 standalone
> fedora 7 server
> firefox 2.0.0.4, firefox 2.0.0.5 and IE 6
>            Reporter: BJ Quinn
>         Attachments: xwiki_errors.log, xwiki_errors.log
>
>
> Cannot log in on 1.1 M3 using standalone version.
> At login screen, if you type in a username and password and click login, the 
> screen simply refreshes and clears out your login information.  You end up 
> back at the login screen with no error, and not logged in.
> This happens with the Admin account and any other account you register.
> This is a pristine 1.1 M3 installation, no changes have been made other than 
> changing the port to 80 in the startup script.  This is installed on a Fedora 
> 7 server.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.xwiki.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        
_______________________________________________
notifications mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/notifications

Reply via email to