RE: Unexpected user log off

Tue, 08 Sep 2009 06:46:27 -0700 

Hi Scott,



You are right, we are switching between http and https and that seems creating 
the problem.

We found the exception details in the Debug.log file.


2009-09-08 06:18:40,944 (http-0.0.0.0-8443-3) [        JSSESupport.java:89 
:DEBUG] Error getting client certs
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    at 
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
    at 
org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87)
    at 
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141)
    at 
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1011)
    at org.apache.coyote.Request.action(Request.java:352)
    at org.apache.catalina.connector.Request.getAttribute(Request.java:896)
    at 
org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:263)
    at 
org.ofbiz.webapp.control.LoginWorker.check509CertLogin(LoginWorker.java:748)
    at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source)
    at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:92)
    at org.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:78)
    at org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:592)
    at 
org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:280)
    at org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:201)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
    at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:259)
    at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
    at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
    at 
org.ofbiz.catalina.container.CrossSubdomainSessionValve.invoke(CrossSubdomainSessionValve.java:44)
    at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
    at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
    at 
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Thread.java:619)
2009-09-08 06:18:40,947 (http-0.0.0.0-8443-3) [      
LoginServices.java:362:INFO ] [LoginServices.userLogin] : Invalid User : User 
not found.
2009-09-08 06:18:40,949 (http-0.0.0.0-8443-3) [    
TransactionUtil.java:295:INFO ] [TransactionUtil.rollback] transaction rolled 
back
2009-09-08 06:18:40,949 (http-0.0.0.0-8443-3) [     
RequestHandler.java:593:INFO ] Ran Event 
[java:org.ofbiz.securityext.login.LoginEvents#storeLogin] from [request], 
result is [error]



Thank you,

Kishore







-----Original Message-----
From: Scott Gray [mailto:[email protected]]
Sent: Tuesday, September 08, 2009 4:23 PM
To: [email protected]
Subject: Re: Unexpected user log off



Hi Kishore



Two possibilities come to mind (there could be others):

1.  We faced a similar problem where page resources such as javascript

or css files had their urls encoded and for some reason that was

causing the browser to not send any cookies with the resource

requests.  Check the source of some of your pages and see if any of

the src or href attributes in the header are being encoded.

2.  Does your application switch between http and https?  If a session

is initiated via an https request then the session cookie will only be

valid for https requests and any http requests will cause a new

session to be created.



The best thing you can try and do is to find a pattern in the session

loss which should help point to the cause.



Regards

Scott



HotWax Media

http://www.hotwaxmedia.com



On 8/09/2009, at 10:40 PM, Kishore Pagadala wrote:



> Hi All,

>

> We are facing a strange problem with our application:

> Even if user logged into the application, suddenly user will be

> logged off and taken to login page during any activity.

>

> We are using Ofbiz Version: release 9.0.4

>

> Did anyone faced this problem before ?

> Any help would be appreciated.

>

>

> Regards,

> Kishore

>

>

>

>

> http://www.mindtree.com/email/disclaimer.html






________________________________
http://www.mindtree.com/email/disclaimer.html

Reply via email to