I suspected as much. Thanks for testing it for us. Mark
On Fri, Sep 16, 2011 at 5:25 AM, Gareth Waller <[email protected]> wrote: > Hi Mark, > I re-tested with both Firefox and Safari using the ROOT context on Tomcat 7 > (with the default Tomcat config > i.e. sessionCookiePathUsesTrailingSlash="true") and I couldn't replicate the > issue - the login worked as expected. The session cookie was correctly being > set with a path="/". > So in other words, the login problem isn't found if XMLUI is the default > webapp using a default Tomcat 7 config. > Gareth > > On 15 Sep 2011, at 17:03, Mark Diggory wrote: > > Forwarding to list... > > On Sep 15, 2011 9:02 AM, "Mark Diggory" <[email protected]> wrote: >> This is a great analysis. Thanks for doing this. Another question. If you >> place DSpace in the ROOT context, does this issue continue to occur there >> as >> well? >> On Sep 15, 2011 8:40 AM, "Gareth Waller" <[email protected]> wrote: >>> Hello All, >>> >>> I tested logging into the DSpace 1.7.2 XMLUI with Tomcat 7 and found the >> following results: >>> >>> Firefox 3.6.21 on Mac worked >>> Safari 5.1 didn't work >>> >>> When I say didn't work - what actually happened was: >>> >>> 1. Browser requests password-login >>> 2. Tomcat returns page >>> 3. Browser posts credentials >>> 4. Tomcat issues a 302 redirect to /xmlui >>> 5. Browser requests /xmlui >>> 6. The user should now be logged in and see the menu options down the >>> side >> - this didn't happen for Safari. >>> >>> Looking at a packet snoop of both Firefox and Safari there was an >> important difference. Safari did *not* send up the session id cookie after >> the redirect but Firefox did. Tomcat therefore handed back a fresh session >> id cookie to Safari and DSpace didn't think the user was logged in. >>> >>> The reason this is occurring is due to the path on the cookie. >>> >>> In Tomcat 5, the path on the cookie is "/xmlui" >>> In Tomcat 7 the path on the cookie is "/xmlui/" >>> >>> *Note the trailing slash above. >>> >>> This is due to a setting in Tomcat 7 on the Context >> "sessionCookiePathUsesTrailingSlash" - see >> http://tomcat.apache.org/tomcat-7.0-doc/config/context.html >>> >>> Setting "sessionCookiePathUsesTrailingSlash" to "true" in the <tomcat >> home>/conf/context.xml solved the problem for Safari. >>> >>> ie. >>> >>> <Context sessionCookiePathUsesTrailingSlash='false'> >>> </Context> >>> >>> I think this is a "bug" in Safari as Firefox correctly sends the cookie >>> to >> "/xmlui" with a cookie path set to "/xmlui/". >>> >>> This may be the case for other browsers too e.g. IE. I don't have IE so >> can't test. >>> >>> In short - to solve XMLUI login problem (on Safari at least) for Tomcat >>> 7, >> set sessionCookiePathUsesTrailingSlash to false in the Tomcat context. >>> >>> Gareth >>> >>> >>> >>> >>> On 15 Sep 2011, at 09:44, Robin Taylor wrote: >>> >>>> Hi all, >>>> >>>> A number of people have recently reported problems using the DSpace >>>> XMLUI with Tomcat 7 (see https://jira.duraspace.org/browse/DS-959 ). >>>> Clearly we need to resolve this problem as soon as possible. Whilst a >>>> number of people are already investigating, many hands make light work. >>>> Any comments, ideas, suggestions you may have would be much appreciated, >>>> so please feel free to reply to this email or add them to the Jira >>>> issue. >>>> >>>> Thanks, Robin. >>>> >>>> >>>> >>>> >> >> ------------------------------------------------------------------------------ >>>> Doing More with Less: The Next Generation Virtual Desktop >>>> What are the key obstacles that have prevented many mid-market >>>> businesses >>>> from deploying virtual desktops? How do next-generation virtual desktops >>>> provide companies an easier-to-deploy, easier-to-manage and more >> affordable >>>> virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/ >>>> _______________________________________________ >>>> Dspace-devel mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/dspace-devel >>>> >>> >>> >>> -- >>> Gareth Waller >>> EDINA >>> The University of Edinburgh >>> Causewayside House >>> 160 Causewayside >>> Edinburgh >>> EH9 1PR >>> >>> Email: [email protected] >>> Skype: edina_gwaller >>> >>> EDINA: http://edina.ac.uk >>> Jorum: http://www.jorum.ac.uk >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> The University of Edinburgh is a charitable body, registered in >>> Scotland, with registration number SC005336. >>> >>> >>> >> >> ------------------------------------------------------------------------------ >>> Doing More with Less: The Next Generation Virtual Desktop >>> What are the key obstacles that have prevented many mid-market businesses >>> from deploying virtual desktops? How do next-generation virtual desktops >>> provide companies an easier-to-deploy, easier-to-manage and more >> affordable >>> virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/ >>> _______________________________________________ >>> Dspace-devel mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/dspace-devel > > -- > Gareth Waller > EDINA > The University of Edinburgh > Causewayside House > 160 Causewayside > Edinburgh > EH9 1PR > > Email: [email protected] > Skype: edina_gwaller > > EDINA: http://edina.ac.uk > Jorum: http://www.jorum.ac.uk > -- Mark R. Diggory @mire - www.atmire.com 2888 Loker Avenue East - Suite 305 - Carlsbad - CA - 92010 Esperantolaan 4 - Heverlee 3001 - Belgium ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA http://p.sf.net/sfu/rim-devcon-copy2 _______________________________________________ Dspace-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-devel
