Thanks Mark, you're right about the cookie. I had tried different workstations and IE 6 & 7 browser versions to no effect (even in Accept All Cookies mode and setting the Mailman site as trusted). But when I try it on Firefox and Safari, it works - the reauthentication problem doesn't happen in either of those browsers. And that's on the same desktop where the problem happens in IE. In fact, the same IE browser works fine against an old version of the list (2.1.5) but fails with 2.1.9.
In the packet trace, you see the Mailman send out the cookie in both the Firefox and IE versions, but on the return, you see the Cookie sent from Firefox, but don't see it sent back from IE (Please let me know if sending the tcp streams to you offline would be useful). (I don't see the cookie in IE - apparently the session cookies in IE are cached in memory). So it seems that something in the upgrade post-2.1.5 has some issues with IE, or I'm missing something in the configuration (I've tried both source and package installations, Apache and Apache2, getting the same problem). Since it's not an option for me to ask all the admins to use Firefox, I'd like to know if anyone has a Debian/Mailman 2.1.9 config working with the IE browser.. Thanks, Karin -----Original Message----- Cornils, Karin wrote: >This is on a Debian 4 package installation of Mailman 2.1.9 w. Apache2. >I have tried all the FAQ suggestions in the FAQs that seem to relate to >this issue: >4.71 >4.45 >4.27 >4.2.9 >4.65 >4.69 >All to no avail - details below - does anyone have any other >suggestions? It has to be a cookie issue. When you enter a valid password, the authentication page sets a session cookie with authentication data. This cookie is for the domain of the authentication page and has a name which is <listname>+<context>. E.g., for login with the admin password for mylist, the name of the cookie is mylist+admin. The cookie data are used to validate the cookie. Can you see this cookie in your browser after you log in? It is a session cookie, and I don't think you can see it in MSIE, at least I don't know how - it's not with the persistent cookies in "Temporary Internet Files". Have you tried different browsers, different computers? The issue pretty much has to be that the cookie isn't getting to the browser because it is blocked on the way, the browser isn't accepting it, the browser isn't returning it because it's not for the right domain, or it is being blocked on the way back to the web server. Ideally, you could run a packet sniffer on the connection and see if the cookie is going back and forth. This would at least localize the problem to the work station or the host. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, The information contained in this email message may be privileged, confidential and protected from disclosure. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think that you have received this email message in error, please notify the sender by reply email and delete the message and any attachments. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp