Re: SV: [Zope-dev] Small Alert - Temp Solution - more...
Stefane Fermigier (www.nuxeo.com) sent this answer this morning. -- Message transmis -- Subject: [[EMAIL PROTECTED]: Apache Week issue 287] Date: Sat, 16 Mar 2002 08:12:53 +0100 From: Stefane Fermigier [EMAIL PROTECTED] To: [EMAIL PROTECTED] - Forwarded message from Apache Week [EMAIL PROTECTED] - Proxy users thinking of upgrading to Apache 1.3.23 should be aware that there is a bug ([5]PR#9655) in the handling of responses which set more than one cookie, and may wish to wait for the 1.3.24 release before upgrading. - End forwarded message - -- Stéfane Fermigier, Tel: +33 (0)6 63 04 12 77 (mobile). http://nuxeo.com/ http://portalux.com/ http://aful.org/ Amazon: we patent the dot in .com --- -- Jean-Paul Smets-Solanes [EMAIL PROTECTED] - Nexedi (CEO) GPG Fingerprint: 40FF FA78 75AA 680D 8BB4 EEF9 539A 79CC CB8E 5F01 ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: SV: [Zope-dev] Small Alert - Temp Solution - more...
Le Samedi 9 Mars 2002 23:04, Dieter Maurer a écrit : Jean-Paul Smets writes: ... TCPWatch dumps demonstrating cookie problem for __ac cookie ... When I read the dumps correct then *ALL* Apache + __ac dumps lack the __ac cookie whether or nor VHM is used. Thus, I would say, VHM is out of suspicion. I agree. Now, Apache + Zope via mod_proxy is Zope via Medusa. I do not expect Zope to behave differently when Apache is there. As Zope (+ medusa) alone has the __ac cookie, this may indicate an Apache problem. You can verify that by using TCPWatch between Apache und Zope (rather than between your browser and Apache). OK. I'll test this. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope ) -- Jean-Paul Smets-Solanes [EMAIL PROTECTED] - Nexedi (CEO) GPG Fingerprint: 40FF FA78 75AA 680D 8BB4 EEF9 539A 79CC CB8E 5F01 ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: SV: [Zope-dev] Small Alert - Temp Solution - more...
Le Mercredi 6 Mars 2002 22:35, Dieter Maurer a écrit : Jean-Paul Smets writes: I could find out that certain cookie names work, some others do not Works Really strange. Could you use tcpwatch (or another TCP logger) to see whether the Zope response contains the cookie header. If not, this would be a Zope problem we could debug. If so, we have to look elsewhere. Here is the information. 5 cases are shown - Use of Apache + RewriteRule + VHM (CMF auth. cookie is __ac_erp5) - Use of Apache + RewriteRule + VHM (CMF auth. cookie is __ac) - Use of Medusa (CMF auth. cookie is __ac) - Use of Apache + RewriteRule w/o VHM (CMF auth. cookie is __ac_erp5) - Use of Apache + RewriteRule w/o VHM (CMF auth. cookie is __ac) The scenario is - go to http://www.erp5.org/login_form - look at what happens with tcpdump after filing the form and posting it In all cases, this leads to a login success. However, if the auth. cookie is not set (which happens in cases where Apache is used and aut. cookie is __ac), then we are in trouble... You will see that the Set-Cookie is different in the 5 cases My conclusion for now is that something could be wrong with the Apache rewriting process. Regards, JPS. Apache VHM Config VirtualHost erp5.org DocumentRoot /home/jp/public_html/erp5/ ServerName erp5.org ServerAlias www.erp5.org RewriteEngine On RewriteRule ^/(.*) http://localhost:9673/VirtualHostBase/http/www.erp5.org:80/erp5/VirtualHostRoot/$1 [L,P] #RewriteRule ^/(.*) http://localhost:9673/erp5/$1 [L,P] /VirtualHost __ac_erp5 + Apache + VHM 0x 4500 05dc 03cb 4000 3306 bbb5 d42b ed44E.@.3+.D 0x0010 c0a8 0083 0050 9843 a89d dbe3 a856 a8fb.P.C.V.. 0x0020 8010 1b00 1eda 0101 080a 0212 d894 0x0030 01f9 4691 4854 5450 2f31 2e31 2032 3030..F.HTTP/1.1.200 0x0040 204f 4b0d 0a44 6174 653a 2053 6174 2c20.OK..Date:.Sat,. 0x0050 3039 204d 6172 2032 3030 3220 3133 3a3309.Mar.2002.13:3 0x0060 353a 3533 2047 4d54 0d0a 5365 7276 65725:53.GMT..Server 0x0070 3a20 4170 6163 6865 2f31 2e33 2e32 3320:.Apache/1.3.23. 0x0080 2855 6e69 7829 2044 6562 6961 6e20 474e(Unix).Debian.GN 0x0090 552f 4c69 6e75 780d 0a43 6f6e 7465 6e74U/Linux..Content 0x00a0 2d4c 656e 6774 683a 2035 3734 340d 0a43-Length:.5744..C 0x00b0 6f6e 7465 6e74 2d54 7970 653a 2074 6578ontent-Type:.tex 0x00c0 742f 6874 6d6c 0d0a 4574 6167 3a20 0d0at/html..Etag:... 0x00d0 5365 742d 436f 6f6b 6965 3a20 5f5f 6163Set-Cookie:.__ac 0x00e0 5f65 7270 353d 2261 6e41 3659 5852 6862_erp5=anA6YXRhb 0x00f0 4746 7525 3041 223b 2050 6174 683d 2f0dGFu%0A;.Path=/. 0x0100 0a58 2d43 6163 6865 3a20 4d49 5353 2066.X-Cache:.MISS.f 0x0110 726f 6d20 6572 7035 2e6f 7267 0d0a 4b65rom.erp5.org..Ke 0x0120 6570 2d41 6c69 7665 3a20 7469 6d65 6f75ep-Alive:.timeou 0x0130 743d 3135 2c20 6d61 783d 3130 300d 0a43t=15,.max=100..C 0x0140 6f6e 6e65 6374 696f 6e3a 204b 6565 702donnection:.Keep- 0x0150 416c 6976 650d 0a0d 0a20 0a0a 3c68 746dAlive...htm 0x0160 6c3e 0a20 3c68 6561 643e 2020 0a20 203cl..head. 0x0170 7469 746c 653e 4552 5035 2043 6f6d 6d75titleERP5.Commu 0x0180 6e69 7479 3a20 4552 5035 2043 6f6d 6d75nity:.ERP5.Commu 0x0190 6e69 7479 3c2f 7469 746c 653e 0a20 203cnity/title... __ac + Apache + VHM 0x 4500 05dc 4d68 4000 3306 7218 d42b ed44E...Mh@.3.r..+.D 0x0010 c0a8 0083 0050 9845 b6c0 6432 b5b6 2c45.P.E..d2..,E 0x0020 8010 1b00 53bb 0101 080a 0213 29c6S.). 0x0030 01f9 97c1 4854 5450 2f31 2e31 2032 3030HTTP/1.1.200 0x0040 204f 4b0d 0a44 6174 653a 2053 6174 2c20.OK..Date:.Sat,. 0x0050 3039 204d 6172 2032 3030 3220 3133 3a3309.Mar.2002.13:3 0x0060 393a 3231 2047 4d54 0d0a 5365 7276 65729:21.GMT..Server 0x0070 3a20 4170 6163 6865 2f31 2e33 2e32 3320:.Apache/1.3.23. 0x0080 2855 6e69 7829 2044 6562 6961 6e20 474e(Unix).Debian.GN 0x0090 552f 4c69 6e75 780d 0a43 6f6e 7465 6e74U/Linux..Content 0x00a0 2d4c 656e 6774 683a 2035 3734 340d 0a43-Length:.5744..C 0x00b0 6f6e 7465 6e74 2d54 7970 653a 2074 6578ontent-Type:.tex 0x00c0 742f 6874 6d6c 0d0a 4574 6167 3a20 0d0at/html..Etag:... 0x00d0 5365 742d 436f 6f6b 6965 3a20 5f5f 6163Set-Cookie:.__ac 0x00e0 5f6e 616d 653d 226a 7022 3b20 4578 7069_name=jp;.Expi 0x00f0 7265 733d 5375 6e2c 2030 3920 4d61 7220res=Sun,.09.Mar. 0x0100 3230 3033 2031 333a 3339 3a32 3220 474d2003.13:39:22.GM 0x0110 543b 2050 6174 683d 2f0d 0a58 2d43 6163T;.Path=/..X-Cac 0x0120 6865 3a20 4d49 5353 2066 726f 6d20 6572he:.MISS.from.er 0x0130 7035 2e6f 7267 0d0a 4b65 6570 2d41 6c69
Re: SV: [Zope-dev] Small Alert - Temp Solution - more...
Jean-Paul Smets writes: ... TCPWatch dumps demonstrating cookie problem for __ac cookie ... When I read the dumps correct then *ALL* Apache + __ac dumps lack the __ac cookie whether or nor VHM is used. Thus, I would say, VHM is out of suspicion. Now, Apache + Zope via mod_proxy is Zope via Medusa. I do not expect Zope to behave differently when Apache is there. As Zope (+ medusa) alone has the __ac cookie, this may indicate an Apache problem. You can verify that by using TCPWatch between Apache und Zope (rather than between your browser and Apache). Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: SV: [Zope-dev] Small Alert - Temp Solution - more...
Jean-Paul Smets wrote: I could find out that certain cookie names work, some others do not Works __ac_ __ac_ra __ac_rak1 __ac_nex1 __ac_erp5 Does not work __ac __ac_rack1 __ac_rack12 Really strange. What browser are you using? Strange things like this happen for me occasionally after a Mozilla upgrade, but I just delete the cookies for the site and everything goes back to normal. I figure someone at Netscape is just fiddling with the cookie code. :-) OTOH, the only way a loop on the login page can happen is if you're not allowed to access the login page, or perhaps one of its images. Maybe something is caching authentication in a non-thread-safe way. In fact, the last hotfix addressed something like this, didn't it? Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: SV: [Zope-dev] Small Alert - Temp Solution - more...
Jean-Paul Smets writes: I could find out that certain cookie names work, some others do not Works Really strange. Could you use tcpwatch (or another TCP logger) to see whether the Zope response contains the cookie header. If not, this would be a Zope problem we could debug. If so, we have to look elsewhere. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: SV: [Zope-dev] Small Alert - Temp Solution
I started debugging Zope. I found that the various methods in CookieCrumbler are called and should normally set a cookie for auth_cookie. However, under VHM operation, this does not happen when auth_cookie == '__ac' I changed the name of the authentication cookie to __ac_erp5 in the CMF (www.erp5.org is the site I am working on). Everything works fine now. I have absolutely no idea what it can mean. As a reminder, I had no problems for 6 months and suddenly, after a small upgrade, all this strange behaviour started. JPS. -- Jean-Paul Smets-Solanes [EMAIL PROTECTED] - Nexedi (CEO) GPG Fingerprint: 40FF FA78 75AA 680D 8BB4 EEF9 539A 79CC CB8E 5F01 ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: SV: [Zope-dev] Small Alert - Temp Solution - more...
I could find out that certain cookie names work, some others do not Works __ac_ __ac_ra __ac_rak1 __ac_nex1 __ac_erp5 Does not work __ac __ac_rack1 __ac_rack12 Really strange. JPS. -- Jean-Paul Smets-Solanes [EMAIL PROTECTED] - Nexedi (CEO) GPG Fingerprint: 40FF FA78 75AA 680D 8BB4 EEF9 539A 79CC CB8E 5F01 ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )