Can there be a mix of http and https here? At least this was confusing this cookie on the curriki side in some network configurations where the http and https endpoints are different due to local network configs (3g optimizers, hotspot networks).
Paul > Clemens Klein-Robbenhaar <mailto:[email protected]> > 9 March 2016 at 14:29 > The code where this happens is in: > > https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/user/impl/xwiki/MyPersistentLoginManager.java#L564 > > I have to admit that I do not know much about that corner of XWiki code > > > some random pointers: > > There is some hint that switching IP's might cause the problem, as in: > > http://jira.xwiki.org/browse/XWIKI-2463 > > so maybe setting: > > xwiki.authentication.useip=false > > in WEB-INF/xwiki.cfg could help. > > > Then, you can set > > xwiki.authentication.protection=none > > which should make the problem go away, but of course at the cost that > the authenticator does not check the cookie is encrypted with the > given key in xwiki.cfg. > > > Aside of that I remember having a similar problem some time ago after > changing the xwiki.authentication.validationKey / > xwiki.authentication.encryptionKey in xwiki.cfg; > but that vanished after clearing *all* cookies in the browser once. As > I understood your users have already done this, so it is probably not > related to this problem. > > > > ----- Ursprüngliche Nachricht ----- > Von: Tobias Kirchhofer > Am: Wednesday, 09.03.2016, 13:40 > An: Xwiki Users > Betreff: Re: [xwiki-users] Login cookie validation hash mismatch! > Cookies have been tampered with > > > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > Tobias Kirchhofer <mailto:[email protected]> > 9 March 2016 at 13:40 > This is the message which appears after 30 minutes: > > <http://xwiki.475771.n2.nabble.com/file/n7598389/screenshot_53.png> > > "You do not have permission to view the document or to perform that > action." > > The we have to actively logout and close the browser window. By opening a > new window and navigating to the wiki we can login again. > > Our developers say this is most likely a bug in the application. How > can we > debug this one? > > > > > > -- > View this message in context: > http://xwiki.475771.n2.nabble.com/Login-cookie-validation-hash-mismatch-Cookies-have-been-tampered-with-tp7598282p7598389.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > Tobias Kirchhofer <mailto:[email protected]> > 3 March 2016 at 12:48 > We set up a new Box with a fresh install of a 7.4.1 version. While > configuring and testing (permissions) everything all was perfect and > clean. > Then we migrated the pages from the old wiki (also 7.4.1 - we wanted a > fresh > install) - precisely only content pages, nothing else. Then we > switched the > IP for the old domain and all of our LDAP user populated the new wiki, one > by one. > > Since the fresh start all users experience the trouble that after the > end of > the tomcat session (30 minutes) a re-login is required. After re-login a > XWiki message appears "you do not have the appropriate rights" (or > similar). > Deletion of the cookie ~or closing the browser window and login again > reestablishes normal functions until the tomcat session is over again. > > catalina.out: 2016-03-03 11:55:26,813 > [https://wiki.sub.domain/xwiki/bin/view/Main/] WARN > u.i.x.MyPersistentLoginManager - Login cookie validation hash mismatch! > Cookies have been tampered with > > Research in this forum did bring up discussions about the mess from > 2010 and > bevor without any valuable pointers. > > We updated to 7.4.2 without any change for the situation. > > The site ist secure with a nginx proxy. > > Any ideas? > > > > -- > View this message in context: > http://xwiki.475771.n2.nabble.com/Login-cookie-validation-hash-mismatch-Cookies-have-been-tampered-with-tp7598282.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
