Hi Mark,
I re-tested with both Firefox and Safari using the ROOT context on Tomcat 7
(with the default Tomcat config i.e. sessionCookiePathUsesTrailingSlash="true")
and I couldn't replicate the issue - the login worked as expected. The session
cookie was correctly being set with a path="/".
So in other words, the login problem isn't found if XMLUI is the default webapp
using a default Tomcat 7 config.
Gareth
On 15 Sep 2011, at 17:03, Mark Diggory wrote:
> Forwarding to list...
>
> On Sep 15, 2011 9:02 AM, "Mark Diggory" <[email protected]> wrote:
> > This is a great analysis. Thanks for doing this. Another question. If you
> > place DSpace in the ROOT context, does this issue continue to occur there as
> > well?
> > On Sep 15, 2011 8:40 AM, "Gareth Waller" <[email protected]> wrote:
> >> Hello All,
> >>
> >> I tested logging into the DSpace 1.7.2 XMLUI with Tomcat 7 and found the
> > following results:
> >>
> >> Firefox 3.6.21 on Mac worked
> >> Safari 5.1 didn't work
> >>
> >> When I say didn't work - what actually happened was:
> >>
> >> 1. Browser requests password-login
> >> 2. Tomcat returns page
> >> 3. Browser posts credentials
> >> 4. Tomcat issues a 302 redirect to /xmlui
> >> 5. Browser requests /xmlui
> >> 6. The user should now be logged in and see the menu options down the side
> > - this didn't happen for Safari.
> >>
> >> Looking at a packet snoop of both Firefox and Safari there was an
> > important difference. Safari did *not* send up the session id cookie after
> > the redirect but Firefox did. Tomcat therefore handed back a fresh session
> > id cookie to Safari and DSpace didn't think the user was logged in.
> >>
> >> The reason this is occurring is due to the path on the cookie.
> >>
> >> In Tomcat 5, the path on the cookie is "/xmlui"
> >> In Tomcat 7 the path on the cookie is "/xmlui/"
> >>
> >> *Note the trailing slash above.
> >>
> >> This is due to a setting in Tomcat 7 on the Context
> > "sessionCookiePathUsesTrailingSlash" - see
> > http://tomcat.apache.org/tomcat-7.0-doc/config/context.html
> >>
> >> Setting "sessionCookiePathUsesTrailingSlash" to "true" in the <tomcat
> > home>/conf/context.xml solved the problem for Safari.
> >>
> >> ie.
> >>
> >> <Context sessionCookiePathUsesTrailingSlash='false'>
> >> </Context>
> >>
> >> I think this is a "bug" in Safari as Firefox correctly sends the cookie to
> > "/xmlui" with a cookie path set to "/xmlui/".
> >>
> >> This may be the case for other browsers too e.g. IE. I don't have IE so
> > can't test.
> >>
> >> In short - to solve XMLUI login problem (on Safari at least) for Tomcat 7,
> > set sessionCookiePathUsesTrailingSlash to false in the Tomcat context.
> >>
> >> Gareth
> >>
> >>
> >>
> >>
> >> On 15 Sep 2011, at 09:44, Robin Taylor wrote:
> >>
> >>> Hi all,
> >>>
> >>> A number of people have recently reported problems using the DSpace
> >>> XMLUI with Tomcat 7 (see https://jira.duraspace.org/browse/DS-959 ).
> >>> Clearly we need to resolve this problem as soon as possible. Whilst a
> >>> number of people are already investigating, many hands make light work.
> >>> Any comments, ideas, suggestions you may have would be much appreciated,
> >>> so please feel free to reply to this email or add them to the Jira
> >>> issue.
> >>>
> >>> Thanks, Robin.
> >>>
> >>>
> >>>
> >>>
> > ------------------------------------------------------------------------------
> >>> Doing More with Less: The Next Generation Virtual Desktop
> >>> What are the key obstacles that have prevented many mid-market businesses
> >>> from deploying virtual desktops? How do next-generation virtual desktops
> >>> provide companies an easier-to-deploy, easier-to-manage and more
> > affordable
> >>> virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
> >>> _______________________________________________
> >>> Dspace-devel mailing list
> >>> [email protected]
> >>> https://lists.sourceforge.net/lists/listinfo/dspace-devel
> >>>
> >>
> >>
> >> --
> >> Gareth Waller
> >> EDINA
> >> The University of Edinburgh
> >> Causewayside House
> >> 160 Causewayside
> >> Edinburgh
> >> EH9 1PR
> >>
> >> Email: [email protected]
> >> Skype: edina_gwaller
> >>
> >> EDINA: http://edina.ac.uk
> >> Jorum: http://www.jorum.ac.uk
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> --
> >> The University of Edinburgh is a charitable body, registered in
> >> Scotland, with registration number SC005336.
> >>
> >>
> >>
> > ------------------------------------------------------------------------------
> >> Doing More with Less: The Next Generation Virtual Desktop
> >> What are the key obstacles that have prevented many mid-market businesses
> >> from deploying virtual desktops? How do next-generation virtual desktops
> >> provide companies an easier-to-deploy, easier-to-manage and more
> > affordable
> >> virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
> >> _______________________________________________
> >> Dspace-devel mailing list
> >> [email protected]
> >> https://lists.sourceforge.net/lists/listinfo/dspace-devel
--
Gareth Waller
EDINA
The University of Edinburgh
Causewayside House
160 Causewayside
Edinburgh
EH9 1PR
Email: [email protected]
Skype: edina_gwaller
EDINA: http://edina.ac.uk
Jorum: http://www.jorum.ac.uk
------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
http://p.sf.net/sfu/rim-devcon-copy2
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
