Re: Weird hyperlink issue with Office and Django authentication

[Michel30]

Yes I agree, but if I understand it right then the article suggests
that the issue originates from the single sign-on mechanism, in this
case the Django authentication backend. This should be smart enough to
handle the multiple sessions.

Anyway I had a hard time finding anything related on the web including
a fix.
So for future reference, here it is.

On Aug 16, 2:35 pm, Konstantin Sushenko  wrote:
> as the article says, their sessions are independent of these used by
> the web server. the cookies are not shared between office sessions and
> web sessions. I think django has nothing to do with it.
>
> On Aug 16, 4:04 am, Michel30  wrote:
>
>
>
>
>
>
>
> > Hmm the workaround MS suggests actually works, so I have a
> > workaround :-)
>
> > But understanding why Django's authentication backend doesn't support
> > this would be good
>
> > On Aug 16, 9:10 am, Michel30  wrote:
>
> > > Addidtionally I found this kb article that I believe describes what is
> > > going on:http://support.microsoft.com/kb/899927/en-us
>
> > > On Aug 16, 8:59 am, Michel30  wrote:
>
> > > > I have made a CMS-like application to store and retrieve documents
> > > > using Django 1.3, mysql and Apache.
>
> > > > One requirement was that only authenticated users could use it and
> > > > that after closing the browser the session should be expired.
> > > > So, I implemented an LDAP authentication backend, set the
> > > > "SESSION_EXPIRE_AT_BROWSER_CLOSE" to True and added an @login_required
> > > > decorator to functions that need it.
> > > > And it is working great, just like it should.
>
> > > > Until using one feature that involves clicking on a hyperlink that is
> > > > supposed to open a document within the application in a browser.
> > > > This again works perfectly with every browser (firefix, chrome, IE) in
> > > > several flavors of versions.
> > > > With working I mean the document view opens, and this is important, as
> > > > long as the user was already logged in to the application he/she
> > > > doesn't have to log in again.
>
> > > > It is working until trying this from any office (2000/2003)
> > > > application. Then suddenly logging in is required every time
> > > > regardless if an session exists or not.
> > > > I did some investigating and found that clicking a hyperlink in an
> > > > Office application triggers three requests, and it looks like the
> > > > first one is missing the session cookie.
> > > > Apache log for a hyperlink in Open office:
>
> > > >     172.16.3.51 - - [15/Aug/2011:11:27:29 +0200] "GET /cgi-bin/DocDB/
> > > > ShowDocument?docid=20916=8 HTTP/1.1" 200 3603 "-" "Mozilla/5.0
> > > > (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"
>
> > > > and the same document from Word:
>
> > > >     172.16.3.51 - - [15/Aug/2011:11:26:09 +0200] "GET /cgi-bin/DocDB/
> > > > ShowDocument?docid=20916=8 HTTP/1.1" 302 496 "-" "Mozilla/4.0
> > > > (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR
> > > > 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
> > > > 3.5.30729; .NET4.0C; .NET4.0E)"
>
> > > >     172.16.3.51 - - [15/Aug/2011:11:26:09 +0200] "GET /login/?next=/
> > > > cgi-bin/DocDB/ShowDocument%3Fdocid%3D20916%26version%3D8 HTTP/1.1" 200
> > > > 3269 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/
> > > > 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
> > > > 3.5.30729; .NET4.0C; .NET4.0E)"
>
> > > >     172.16.3.51 - - [15/Aug/2011:11:26:10 +0200] "GET /login/?next=/
> > > > cgi-bin/DocDB/ShowDocument%3Fdocid%3D20916%26version%3D8 HTTP/1.1" 200
> > > > 3278 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/
> > > > 5.0"
>
> > > > Note the different status '200 = OK'  for OO and '302 Found' for Word.
> > > > Also the length of the first returned object differ: 496 vs 3603.
>
> > > > I am not sure where to point the finger to, or how to proceed and
> > > > resolve it... So I'd appreciate some help a lot.
> > > > Thanks,
> > > > Michel

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Weird hyperlink issue with Office and Django authentication

[Konstantin Sushenko]

as the article says, their sessions are independent of these used by
the web server. the cookies are not shared between office sessions and
web sessions. I think django has nothing to do with it.

On Aug 16, 4:04 am, Michel30  wrote:
> Hmm the workaround MS suggests actually works, so I have a
> workaround :-)
>
> But understanding why Django's authentication backend doesn't support
> this would be good
>
> On Aug 16, 9:10 am, Michel30  wrote:
>
>
>
>
>
>
>
> > Addidtionally I found this kb article that I believe describes what is
> > going on:http://support.microsoft.com/kb/899927/en-us
>
> > On Aug 16, 8:59 am, Michel30  wrote:
>
> > > I have made a CMS-like application to store and retrieve documents
> > > using Django 1.3, mysql and Apache.
>
> > > One requirement was that only authenticated users could use it and
> > > that after closing the browser the session should be expired.
> > > So, I implemented an LDAP authentication backend, set the
> > > "SESSION_EXPIRE_AT_BROWSER_CLOSE" to True and added an @login_required
> > > decorator to functions that need it.
> > > And it is working great, just like it should.
>
> > > Until using one feature that involves clicking on a hyperlink that is
> > > supposed to open a document within the application in a browser.
> > > This again works perfectly with every browser (firefix, chrome, IE) in
> > > several flavors of versions.
> > > With working I mean the document view opens, and this is important, as
> > > long as the user was already logged in to the application he/she
> > > doesn't have to log in again.
>
> > > It is working until trying this from any office (2000/2003)
> > > application. Then suddenly logging in is required every time
> > > regardless if an session exists or not.
> > > I did some investigating and found that clicking a hyperlink in an
> > > Office application triggers three requests, and it looks like the
> > > first one is missing the session cookie.
> > > Apache log for a hyperlink in Open office:
>
> > >     172.16.3.51 - - [15/Aug/2011:11:27:29 +0200] "GET /cgi-bin/DocDB/
> > > ShowDocument?docid=20916=8 HTTP/1.1" 200 3603 "-" "Mozilla/5.0
> > > (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"
>
> > > and the same document from Word:
>
> > >     172.16.3.51 - - [15/Aug/2011:11:26:09 +0200] "GET /cgi-bin/DocDB/
> > > ShowDocument?docid=20916=8 HTTP/1.1" 302 496 "-" "Mozilla/4.0
> > > (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR
> > > 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
> > > 3.5.30729; .NET4.0C; .NET4.0E)"
>
> > >     172.16.3.51 - - [15/Aug/2011:11:26:09 +0200] "GET /login/?next=/
> > > cgi-bin/DocDB/ShowDocument%3Fdocid%3D20916%26version%3D8 HTTP/1.1" 200
> > > 3269 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/
> > > 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
> > > 3.5.30729; .NET4.0C; .NET4.0E)"
>
> > >     172.16.3.51 - - [15/Aug/2011:11:26:10 +0200] "GET /login/?next=/
> > > cgi-bin/DocDB/ShowDocument%3Fdocid%3D20916%26version%3D8 HTTP/1.1" 200
> > > 3278 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/
> > > 5.0"
>
> > > Note the different status '200 = OK'  for OO and '302 Found' for Word.
> > > Also the length of the first returned object differ: 496 vs 3603.
>
> > > I am not sure where to point the finger to, or how to proceed and
> > > resolve it... So I'd appreciate some help a lot.
> > > Thanks,
> > > Michel

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Weird hyperlink issue with Office and Django authentication

[Michel30]

Hmm the workaround MS suggests actually works, so I have a
workaround :-)

But understanding why Django's authentication backend doesn't support
this would be good

On Aug 16, 9:10 am, Michel30  wrote:
> Addidtionally I found this kb article that I believe describes what is
> going on:http://support.microsoft.com/kb/899927/en-us
>
> On Aug 16, 8:59 am, Michel30  wrote:
>
>
>
>
>
>
>
> > I have made a CMS-like application to store and retrieve documents
> > using Django 1.3, mysql and Apache.
>
> > One requirement was that only authenticated users could use it and
> > that after closing the browser the session should be expired.
> > So, I implemented an LDAP authentication backend, set the
> > "SESSION_EXPIRE_AT_BROWSER_CLOSE" to True and added an @login_required
> > decorator to functions that need it.
> > And it is working great, just like it should.
>
> > Until using one feature that involves clicking on a hyperlink that is
> > supposed to open a document within the application in a browser.
> > This again works perfectly with every browser (firefix, chrome, IE) in
> > several flavors of versions.
> > With working I mean the document view opens, and this is important, as
> > long as the user was already logged in to the application he/she
> > doesn't have to log in again.
>
> > It is working until trying this from any office (2000/2003)
> > application. Then suddenly logging in is required every time
> > regardless if an session exists or not.
> > I did some investigating and found that clicking a hyperlink in an
> > Office application triggers three requests, and it looks like the
> > first one is missing the session cookie.
> > Apache log for a hyperlink in Open office:
>
> >     172.16.3.51 - - [15/Aug/2011:11:27:29 +0200] "GET /cgi-bin/DocDB/
> > ShowDocument?docid=20916=8 HTTP/1.1" 200 3603 "-" "Mozilla/5.0
> > (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"
>
> > and the same document from Word:
>
> >     172.16.3.51 - - [15/Aug/2011:11:26:09 +0200] "GET /cgi-bin/DocDB/
> > ShowDocument?docid=20916=8 HTTP/1.1" 302 496 "-" "Mozilla/4.0
> > (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR
> > 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
> > 3.5.30729; .NET4.0C; .NET4.0E)"
>
> >     172.16.3.51 - - [15/Aug/2011:11:26:09 +0200] "GET /login/?next=/
> > cgi-bin/DocDB/ShowDocument%3Fdocid%3D20916%26version%3D8 HTTP/1.1" 200
> > 3269 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/
> > 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
> > 3.5.30729; .NET4.0C; .NET4.0E)"
>
> >     172.16.3.51 - - [15/Aug/2011:11:26:10 +0200] "GET /login/?next=/
> > cgi-bin/DocDB/ShowDocument%3Fdocid%3D20916%26version%3D8 HTTP/1.1" 200
> > 3278 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/
> > 5.0"
>
> > Note the different status '200 = OK'  for OO and '302 Found' for Word.
> > Also the length of the first returned object differ: 496 vs 3603.
>
> > I am not sure where to point the finger to, or how to proceed and
> > resolve it... So I'd appreciate some help a lot.
> > Thanks,
> > Michel

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Weird hyperlink issue with Office and Django authentication

[Michel30]

Addidtionally I found this kb article that I believe describes what is
going on:
http://support.microsoft.com/kb/899927/en-us


On Aug 16, 8:59 am, Michel30  wrote:
> I have made a CMS-like application to store and retrieve documents
> using Django 1.3, mysql and Apache.
>
> One requirement was that only authenticated users could use it and
> that after closing the browser the session should be expired.
> So, I implemented an LDAP authentication backend, set the
> "SESSION_EXPIRE_AT_BROWSER_CLOSE" to True and added an @login_required
> decorator to functions that need it.
> And it is working great, just like it should.
>
> Until using one feature that involves clicking on a hyperlink that is
> supposed to open a document within the application in a browser.
> This again works perfectly with every browser (firefix, chrome, IE) in
> several flavors of versions.
> With working I mean the document view opens, and this is important, as
> long as the user was already logged in to the application he/she
> doesn't have to log in again.
>
> It is working until trying this from any office (2000/2003)
> application. Then suddenly logging in is required every time
> regardless if an session exists or not.
> I did some investigating and found that clicking a hyperlink in an
> Office application triggers three requests, and it looks like the
> first one is missing the session cookie.
> Apache log for a hyperlink in Open office:
>
>     172.16.3.51 - - [15/Aug/2011:11:27:29 +0200] "GET /cgi-bin/DocDB/
> ShowDocument?docid=20916=8 HTTP/1.1" 200 3603 "-" "Mozilla/5.0
> (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"
>
> and the same document from Word:
>
>     172.16.3.51 - - [15/Aug/2011:11:26:09 +0200] "GET /cgi-bin/DocDB/
> ShowDocument?docid=20916=8 HTTP/1.1" 302 496 "-" "Mozilla/4.0
> (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR
> 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
> 3.5.30729; .NET4.0C; .NET4.0E)"
>
>     172.16.3.51 - - [15/Aug/2011:11:26:09 +0200] "GET /login/?next=/
> cgi-bin/DocDB/ShowDocument%3Fdocid%3D20916%26version%3D8 HTTP/1.1" 200
> 3269 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/
> 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
> 3.5.30729; .NET4.0C; .NET4.0E)"
>
>     172.16.3.51 - - [15/Aug/2011:11:26:10 +0200] "GET /login/?next=/
> cgi-bin/DocDB/ShowDocument%3Fdocid%3D20916%26version%3D8 HTTP/1.1" 200
> 3278 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/
> 5.0"
>
> Note the different status '200 = OK'  for OO and '302 Found' for Word.
> Also the length of the first returned object differ: 496 vs 3603.
>
> I am not sure where to point the finger to, or how to proceed and
> resolve it... So I'd appreciate some help a lot.
> Thanks,
> Michel

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Weird hyperlink issue with Office and Django authentication

[Michel30]

I have made a CMS-like application to store and retrieve documents
using Django 1.3, mysql and Apache.

One requirement was that only authenticated users could use it and
that after closing the browser the session should be expired.
So, I implemented an LDAP authentication backend, set the
"SESSION_EXPIRE_AT_BROWSER_CLOSE" to True and added an @login_required
decorator to functions that need it.
And it is working great, just like it should.

Until using one feature that involves clicking on a hyperlink that is
supposed to open a document within the application in a browser.
This again works perfectly with every browser (firefix, chrome, IE) in
several flavors of versions.
With working I mean the document view opens, and this is important, as
long as the user was already logged in to the application he/she
doesn't have to log in again.

It is working until trying this from any office (2000/2003)
application. Then suddenly logging in is required every time
regardless if an session exists or not.
I did some investigating and found that clicking a hyperlink in an
Office application triggers three requests, and it looks like the
first one is missing the session cookie.
Apache log for a hyperlink in Open office:

172.16.3.51 - - [15/Aug/2011:11:27:29 +0200] "GET /cgi-bin/DocDB/
ShowDocument?docid=20916=8 HTTP/1.1" 200 3603 "-" "Mozilla/5.0
(Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"

and the same document from Word:

172.16.3.51 - - [15/Aug/2011:11:26:09 +0200] "GET /cgi-bin/DocDB/
ShowDocument?docid=20916=8 HTTP/1.1" 302 496 "-" "Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729; .NET4.0C; .NET4.0E)"

172.16.3.51 - - [15/Aug/2011:11:26:09 +0200] "GET /login/?next=/
cgi-bin/DocDB/ShowDocument%3Fdocid%3D20916%26version%3D8 HTTP/1.1" 200
3269 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/
4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729; .NET4.0C; .NET4.0E)"

172.16.3.51 - - [15/Aug/2011:11:26:10 +0200] "GET /login/?next=/
cgi-bin/DocDB/ShowDocument%3Fdocid%3D20916%26version%3D8 HTTP/1.1" 200
3278 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/
5.0"

Note the different status '200 = OK'  for OO and '302 Found' for Word.
Also the length of the first returned object differ: 496 vs 3603.

I am not sure where to point the finger to, or how to proceed and
resolve it... So I'd appreciate some help a lot.
Thanks,
Michel

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.