What I am seeing (comparing firefox to chrome) is that chrome is ignoring the set-cookie it gets from the login.action and doesn't use it in the redirected request.
So for example POST /hmis/dhis-web-commons-security/login.action HTTP/1.1 Host: hmis.moh.gov.rw Connection: keep-alive Content-Length: 36 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Origin: https://hmis.moh.gov.rw Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36 Content-Type: application/x-www-form-urlencoded Referer: https://hmis.moh.gov.rw/hmis/dhis-web-commons/security/login.action;jsessionid=9AAEAFA84230F8727E1A6B77D80B2C01 Accept-Encoding: gzip, deflate Accept-Language: en-GB,en-US;q=0.8,en;q=0.6 Cookie: JSESSIONID=9AAEAFA84230F8727E1A6B77D80B2C01 produces this response HTTP/1.1 302 Found Server: nginx/1.4.6 (Ubuntu) Date: Tue, 19 Jul 2016 22:15:16 GMT Content-Length: 0 Connection: keep-alive X-XSS-Protection: 1; mode=block X-Frame-Options: DENY X-Content-Type-Options: nosniff Set-Cookie: JSESSIONID=2065911121DF703529E7F9CBDB526AF6; Path=/hmis/; HttpOnly Location: https://hmis.moh.gov.rw/hmis (Note the set-cookie) Now when firefox follows the redirect it includes that cookie and the user logs in successfully, but chrome produces the following response to the 302: GET /hmis HTTP/1.1 Host: hmis.moh.gov.rw Connection: keep-alive Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36 Referer: https://hmis.moh.gov.rw/hmis/dhis-web-commons/security/login.action;jsessionid=9AAEAFA84230F8727E1A6B77D80B2C01 Accept-Encoding: gzip, deflate, sdch Accept-Language: en-GB,en-US;q=0.8,en;q=0.6 As you see chrome has ignored the Cookie. It looks very similar to an old "misbehaviour" in chrome described here : https://bugs.chromium.org/p/chromium/issues/detail?id=150066. Like there is something about the response which chrome doesn't like and hence silently drops the cookie. That's all I can say for now. On 19 July 2016 at 22:46, Bob Jolliffe <bobjolli...@gmail.com> wrote: > Not really related, but those double GETs I see probably indicate that you > are redirecting to http and that in turn to https. Can you check that in > developer tools? > > On 19 July 2016 at 22:30, Olav Poppe <olav.po...@me.com> wrote: > >> The two servers I’m currently experiencing this with is using >> dhis2-tools, and I assume the one Tony wrote about earlier is using the >> same. >> >> As for logs, catalina.out shows the following: >> * WARN 2016-07-19 21:18:41,983 Authentication event >> *AuthenticationSuccessEvent*: olavpo; details: >> org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: >> RemoteIpAddress: 127.0.0.1; SessionId: 2FD09C6C6D9D1DEE16E8E38A8F7A38DE >> (LoggerListener.java [tomcat-http-9]) >> * WARN 2016-07-19 21:18:41,984 Authentication event >> SessionFixationProtectionEvent: olavpo; details: >> org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: >> RemoteIpAddress: 127.0.0.1; SessionId: 2FD09C6C6D9D1DEE16E8E38A8F7A38DE >> (LoggerListener.java [tomcat-http-9]) >> * WARN 2016-07-19 21:18:41,984 Authentication event >> InteractiveAuthenticationSuccessEvent: olavpo; details: >> org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: >> RemoteIpAddress: 127.0.0.1; SessionId: 2FD09C6C6D9D1DEE16E8E38A8F7A38DE >> (LoggerListener.java [tomcat-http-9]) >> * INFO 2016-07-19 21:18:41,987 'olavpo' update >> org.hisp.dhis.user.UserCredentials, name: Olav Poppe, uid: R8ZvjXptEW2 >> (AuditLogUtil.java [tomcat-http-9]) >> >> And nginx access.log the following (nothing in error.log): >> 1.76.8.51 - - [19/Jul/2016:21:28:02 +0000] "GET >> /dhis/dhis-web-commons-stream/ping.action?_=1468963693718 HTTP/1.1" 200 34 " >> https://XXX/dhis/dhis-web-dataentry/index.action >> <https://xxx/dhis/dhis-web-dataentry/index.action>" "Mozilla/5.0 >> (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) >> Chrome/53.0.2785.8 Safari/537.36" >> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "POST >> /staging/dhis-web-commons-security/login.action HTTP/1.1" 302 0 " >> https://XXX/staging/dhis-web-commons/security/login.action >> <https://xxx/staging/dhis-web-commons/security/login.action>" >> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, >> like Gecko) Chrome/51.0.2704.106 Safari/537.36" >> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET /staging HTTP/1.1" >> 301 193 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) >> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36" >> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET /staging HTTP/1.1" >> 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) >> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36" >> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET >> /staging/dhis-web-commons/security/login.action HTTP/1.1" 301 193 "-" >> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, >> like Gecko) Chrome/51.0.2704.106 Safari/537.36" >> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET >> /staging/dhis-web-commons/security/login.action HTTP/1.1" 200 1439 "-" >> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, >> like Gecko) Chrome/51.0.2704.106 Safari/537.36" >> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET >> /staging/api/staticContent/logo_front HTTP/1.1" 302 0 " >> https://XXX/staging/dhis-web-commons/security/login.action >> <https://xxx/staging/dhis-web-commons/security/login.action>" >> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, >> like Gecko) Chrome/51.0.2704.106 Safari/537.36" >> 41.76.8.51 - - [19/Jul/2016:21:28:33 +0000] "GET >> /dhis/dhis-web-commons-stream/ping.action?_=1468963724720 HTTP/1.1" 200 34 " >> https://XXX/dhis/dhis-web-dataentry/index.action >> <https://xxx/dhis/dhis-web-dataentry/index.action>" "Mozilla/5.0 >> (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) >> Chrome/53.0.2785.8 Safari/537.36" >> >> And I can also add that I have the same issue with Chrome Canary. >> >> Olav >> >> >> >> >> 19. jul. 2016 kl. 20.27 skrev Steven Uggowitzer <whoto...@gmail.com>: >> >> Jason, what aspects of the Nginx config? >> I have at least a dozen sites running with same parameters (using include >> blocks) and only the ones with 2.24 seem to be having this issue. >> >> Would it help to post those parameters? What did you conclude was >> causing the problem when you last encountered it? >> >> S >> >> >> -------------------------- >> Steven Uggowitzer >> eSHIfT Partner Network, Entuura Ventures Ltd >> Tel: +41 22 366 1920 >> Mob: +41 79 719 4180 >> Skype: fendant123 >> LinkedIn: http://ch.linkedin.com/in/stevenuggowitzer >> >> On 19 July 2016 at 19:17, Jason Pickering <jason.p.picker...@gmail.com> >> wrote: >> >>> I have seen this before as well, but never like it has been described >>> here. In my case, it was related to an incorrect nginx config. >>> >>> Is there something common here? Are all of you using dhis-tools, or >>> homebaked nginx configurations? >>> >>> Does the browser/Tomcat/nginx log provide any useful information? >>> >>> Do you observe the same thing if you attempt to hit DHIS2 directly >>> without going through the reverse proxy? >>> >>> Regards, >>> Jason >>> >>> >>> On Tue, Jul 19, 2016 at 6:45 PM, Steven Uggowitzer <whoto...@gmail.com> >>> wrote: >>> >>>> It's for Chrome and Safari here. >>>> One interesting symptom: when logging in with correct username and >>>> password the resulting URL includes jsessionid, but bounces back to the >>>> login screen, versus incorrect authentication parameters result in "Wrong >>>> username or password". See attached screen shot for comparison: >>>> >>>> >>>> <Screen Shot 2016-07-19 at 18.43.18.png> >>>> >>>> -------------------------- >>>> Steven Uggowitzer >>>> eSHIfT Partner Network, Entuura Ventures Ltd >>>> Tel: +41 22 366 1920 >>>> Mob: +41 79 719 4180 >>>> Skype: fendant123 >>>> LinkedIn: http://ch.linkedin.com/in/stevenuggowitzer >>>> >>>> On 19 July 2016 at 18:04, Bob Jolliffe <bobjolli...@gmail.com> wrote: >>>> >>>>> Is this only in chrome? >>>>> >>>>> On 19 July 2016 at 17:01, Olav Poppe <olav.po...@me.com> wrote: >>>>> >>>>>> I can confirm that I now see the same issue in non-2.22 as well. Very >>>>>> strange behavior - I can at times log in, but is then logged off when >>>>>> navigation between different modules. >>>>>> >>>>>> >>>>>> >>>>>> 19. jul. 2016 kl. 15.28 skrev Olav Poppe <olav.po...@me.com>: >>>>>> >>>>>> Forwarding to user list. Not 2.24 issue then it seems. >>>>>> >>>>>> Olav >>>>>> >>>>>> >>>>>> >>>>>> Videresendt melding: >>>>>> >>>>>> *Fra: *ifeanyiok...@yahoo.com >>>>>> *Emne: **Re: [Dhis2-users] Browser not working* >>>>>> *Dato: *19. juli 2016 kl. 15.19.34 GMT >>>>>> *Til: *Olav Poppe <olav.po...@me.com> >>>>>> >>>>>> Just to add that I'm using version 2.22 build 22086 >>>>>> >>>>>> >>>>>> *From: *Olav Poppe >>>>>> *Sent: *Tuesday, 19 July 2016 16:08 >>>>>> *To: *ifeanyiok...@yahoo.com >>>>>> *Cc: *Bob Jolliffe; Ntawuyirusha Emmanuel; DHIS Users >>>>>> *Subject: *Re: [Dhis2-users] Browser not working >>>>>> >>>>>> Hi, I can add that I have the same problem on two different servers: >>>>>> logging in with Chrome (or Safari) does not work, Firefox works fine. >>>>>> Instances are both 2.24 build. Nginx 1.4.6 are running on both servers. >>>>>> Both servers have other non-2.24 instances that does not have the same >>>>>> problem. >>>>>> >>>>>> To add to the problem, the DHIS 2 top menu does not work in Firefox, >>>>>> e.g. nothing works…Not sure if that’s a general problem or not. Again, >>>>>> menu >>>>>> works in non-24 instances. >>>>>> >>>>>> Regards >>>>>> Olav >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> 19. jul. 2016 kl. 14.41 skrev ifeanyiok...@yahoo.com: >>>>>> >>>>>> Dear Bob, >>>>>> I am having this same issue to with Chrome. After entering the log in >>>>>> credentials, it opens a page with API data and does not log in. If I am >>>>>> lucky and have a data entry page open, then I can log in at the prompt >>>>>> and >>>>>> that works. >>>>>> Our instance is set to load the dashboard as the opening page. >>>>>> >>>>>> Have to keep struggling with it till it eventually logs in. >>>>>> >>>>>> Thanks >>>>>> Original Message >>>>>> From: Bob Jolliffe >>>>>> Sent: Tuesday, 19 July 2016 14:58 >>>>>> To: Ntawuyirusha Emmanuel >>>>>> Cc: dhis2-users >>>>>> Subject: Re: [Dhis2-users] Browser not working >>>>>> >>>>>> Hi Emmanuel >>>>>> >>>>>> I am following up on a separate thread. I'll copy you into that. >>>>>> >>>>>> I see it is a problem, seemingly related to chrome mishandling the >>>>>> JSESSIONID cookie so even though the credentials are tested and dhis2 >>>>>> logs a successful authentication, the browser cookie doesn't match the >>>>>> session id in dhis and so you don't get in. I am really not sure why >>>>>> What I also don't know is what might have changed to cause this to >>>>>> happen. I am assuming you didn't just wake up one morning and this >>>>>> started to happen. There has been some change to nginx configuration >>>>>> or dhis2 upgrade or something similar. >>>>>> >>>>>> On 19 July 2016 at 14:40, Ntawuyirusha Emmanuel <ntawe...@gmail.com> >>>>>> wrote: >>>>>> >>>>>> i tried to uninstall and reinstall it again but the issue is still >>>>>> remaining, Note that this is happening to all users using Goggle >>>>>> Chrome as >>>>>> most of them are familiar with it. >>>>>> >>>>>> Regards >>>>>> >>>>>> On Mon, Jul 18, 2016 at 7:49 PM, Knut Staring <knu...@gmail.com> >>>>>> wrote: >>>>>> >>>>>> >>>>>> Maybe try to reinstall Chrome. >>>>>> >>>>>> Knut >>>>>> >>>>>> >>>>>> On Tuesday, July 19, 2016, Ntawuyirusha Emmanuel <ntawe...@gmail.com> >>>>>> wrote: >>>>>> >>>>>> >>>>>> Thank you Bob, >>>>>> >>>>>> I tried to use New Incognito windows and Clear browsing data but the >>>>>> issue is remaining for Google Chrome , actually when we restart the >>>>>> server >>>>>> the username and password work only once and then after the problem >>>>>> persist. >>>>>> we are still waiting for your support. >>>>>> >>>>>> Regards >>>>>> >>>>>> On Mon, Jul 18, 2016 at 12:42 PM, Bob Jolliffe <bobjolli...@gmail.com >>>>>> > >>>>>> wrote: >>>>>> >>>>>> >>>>>> oops, forgot users ... >>>>>> >>>>>> ---------- Forwarded message ---------- >>>>>> From: Bob Jolliffe <bobjolli...@gmail.com> >>>>>> Date: 18 July 2016 at 11:40 >>>>>> Subject: Re: [Dhis2-users] Browser not working >>>>>> To: Emmanuel Ntawuyirusha <ntawe...@gmail.com> >>>>>> >>>>>> >>>>>> Hi Emmanuel >>>>>> >>>>>> If it works with firefox then it is really likely to be a chrome cache >>>>>> issue. Try and login with chrome incognito mode. If that works then >>>>>> you can be reasonably sure. >>>>>> >>>>>> If so, then try ... >>>>>> >>>>>> https://www.dhis2.org/tutorials/how-to-really-clear-browser-cache >>>>>> >>>>>> Bob >>>>>> >>>>>> On 18 July 2016 at 11:08, Emmanuel Ntawuyirusha <ntawe...@gmail.com> >>>>>> wrote: >>>>>> >>>>>> Deal all, we are facing the issue of using Google Chrome, when using >>>>>> username and password there is a message saying wrong username and >>>>>> password. >>>>>> But it is working well with Mozilla Firefox. We tried to clean cash >>>>>> but >>>>>> nothing improved >>>>>> Does any one know what to do to fix this problem. >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Mailing list: https://launchpad.net/~dhis2-users >>>>>> Post to : dhis2-users@lists.launchpad.net >>>>>> Unsubscribe : https://launchpad.net/~dhis2-users >>>>>> More help : https://help.launchpad.net/ListHelp >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Mailing list: https://launchpad.net/~dhis2-users >>>>>> Post to : dhis2-users@lists.launchpad.net >>>>>> Unsubscribe : https://launchpad.net/~dhis2-users >>>>>> More help : https://help.launchpad.net/ListHelp >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Mr. Emmanuel NTAWUYIRUSHA* >>>>>> HMIS/MOH >>>>>> Telephone: *+250 788408772* >>>>>> Email: ntawe...@gmail.com >>>>>> "Do Good. Do It Well." >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Knut Staring >>>>>> Dept. of Informatics, University of Oslo >>>>>> Norway: +4791880522 >>>>>> Skype: knutstar >>>>>> http://dhis2.org >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Mr. Emmanuel NTAWUYIRUSHA* >>>>>> HMIS/MOH >>>>>> Telephone: *+250 788408772* >>>>>> Email: ntawe...@gmail.com >>>>>> "Do Good. Do It Well." >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Mailing list: https://launchpad.net/~dhis2-users >>>>>> Post to : dhis2-users@lists.launchpad.net >>>>>> Unsubscribe : https://launchpad.net/~dhis2-users >>>>>> More help : https://help.launchpad.net/ListHelp >>>>>> >>>>>> _______________________________________________ >>>>>> Mailing list: https://launchpad.net/~dhis2-users >>>>>> Post to : dhis2-users@lists.launchpad.net >>>>>> Unsubscribe : https://launchpad.net/~dhis2-users >>>>>> More help : https://help.launchpad.net/ListHelp >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Mailing list: https://launchpad.net/~dhis2-users >>>>>> Post to : dhis2-users@lists.launchpad.net >>>>>> Unsubscribe : https://launchpad.net/~dhis2-users >>>>>> More help : https://help.launchpad.net/ListHelp >>>>>> >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Mailing list: https://launchpad.net/~dhis2-users >>>>> Post to : dhis2-users@lists.launchpad.net >>>>> Unsubscribe : https://launchpad.net/~dhis2-users >>>>> More help : https://help.launchpad.net/ListHelp >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Mailing list: https://launchpad.net/~dhis2-users >>>> Post to : dhis2-users@lists.launchpad.net >>>> Unsubscribe : https://launchpad.net/~dhis2-users >>>> More help : https://help.launchpad.net/ListHelp >>>> >>>> >>> >>> >>> -- >>> Jason P. Pickering >>> email: jason.p.picker...@gmail.com >>> tel:+46764147049 >>> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~dhis2-users >> Post to : dhis2-users@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~dhis2-users >> More help : https://help.launchpad.net/ListHelp >> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~dhis2-users >> Post to : dhis2-users@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~dhis2-users >> More help : https://help.launchpad.net/ListHelp >> >> >
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-users Post to : dhis2-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-users More help : https://help.launchpad.net/ListHelp