-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://docs.ofbiz.org/display/OFBIZ/FAQ+Why+do+I+have+to+login+when+there+is+a+externalLoginKey
David E Jones sent the following on 3/8/2009 1:25 PM: > > You may be describing a well known issue, and one that is part of the > way the externalLoginKey works (so it is not likely to change). The > externalLoginKey allows you to automatically login to another webapp > without a username/password. In order to do this a new login key is > generated with EVERY request to the server in order to keep it's life > cycle pretty short. As long as it is on a secure/https page when it goes > to the browser it is pretty safe, but it generally comes back to the > server in a URL and so needs to be invalidated immediately so that it > cannot be used again, as that is pretty easy to snoop. > > So, to make it not work is easy: just have a page open in your browser > that has a stale externalLoginKey in its URLS. > > 1. load a page where you are authenticated in tab/window A > 2. right click on a link within the webapp and open it in tab/window B > 3. go back to tab/window A and click on any link that goes to a webapp > that you are not already logged into and that has an externalLoginKey > parameter > > The externalLoginKey will be stale, so that auto-login will fail and you > will be presented with the login form. > > -David > > > On Mar 8, 2009, at 1:30 PM, Vince M. Clark wrote: > >> Here is the only thing I have seen come up in the log so far. I was in >> the CMS application and clicked on the Party tab. I got a login screen >> instead of being logged into PartyMgr automatically. The URL had the >> external login key. Here is the only line I found in the log that >> seems related: >> >> 2009-03-08 13:48:19,806 (http-0.0.0.0-8443-3) [ >> LoginWorker.java:828:WARN ] Could not find userLogin for external >> login key: EL339616443508 >> >> ----- Original Message ----- >> From: "BJ Freeman" <bjf...@free-man.net> >> To: user@ofbiz.apache.org >> Sent: Saturday, March 7, 2009 6:38:23 PM (GMT-0700) America/Denver >> Subject: Re: Multiple logins needed >> > to track this done take a look in the URL for something like > externalLoginKey=EL82824678935 > if so then should login > if not then need to track back were someone was when they clicked to go > to the place where the login happend. > > Just a thought > > Jacques Le Roux sent the following on 3/7/2009 8:51 AM: >>>> Thanks to both for confirmation. Hans reported it some time ago, and I >>>> saw it too. >>>> That's why I tested but I did not reproduce. It's a random bug I guess, >>>> hard to trace... We will see anyway... >>>> >>>> Jacques >>>> >>>> From: "Scott." <sc...@anglolimited.com> >>>>> >>>>> I'm glad its real because I was starting to think I was nuts. I have >>>>> tried >>>>> many times to track it down but never seems to be the same way twice. >>>>> Tried >>>>> different browsers but thats not it. Had the same issue with Vista, XP >>>>> Pro >>>>> and 2003. Every now and then it just asks me for user/pass. It can be 5 >>>>> minutes of no use or 5 seconds. That said, I dont always get the >>>>> error. This >>>>> is something fairly new and I am a user not a developer so I really >>>>> dont >>>>> know what it means. >>>>> >>>>> >>>>> >>>>> Scott. wrote: >>>>>> >>>>>> Hello all, >>>>>> >>>>>> I was seeing what we thought was strange behavior in our ofbiz that >>>>>> kept >>>>>> making us login over and over without any real reason. I have had the >>>>>> same >>>>>> thing using FF3 and IE7 on an XP pro sp2 workstation. It never seems >>>>>> to be >>>>>> the same apps that require you to re-enter so I always put it down to >>>>>> something in our version. Then I decided to try it in on the trunk >>>>>> demo >>>>>> and I got the same result. >>>>>> >>>>>> I logged in originally to the catalogue then work effort, project and >>>>>> then >>>>>> I clicked on order manager. I then got a login screen and I entered >>>>>> admin/ofbiz and got the following; >>>>>> >>>>>> The Following Errors Occurred: >>>>>> >>>>>> Error calling event: org.ofbiz.webapp.event.EventHandlerException: >>>>>> Problems processing event: java.lang.IllegalArgumentException: >>>>>> Could not >>>>>> find resource bundle [SecurityextUiLabels] in the locale [en_US] >>>>>> (Could >>>>>> not find resource bundle [SecurityextUiLabels] in the locale [en_US]) >>>>>> >>>>>> I then logged in again with eh same admin/ofbiz combo and was back in >>>>>> the >>>>>> app. >>>>>> Anyone know why this is happening? Thanks. >>>>>> >>>>>> >>>>> >>>>> -- >>>>> View this message in context: >>>>> http://www.nabble.com/Multiple-logins-needed-tp22374485p22389286.html >>>>> Sent from the OFBiz - User mailing list archive at Nabble.com. >>>>> >>>> >>>> >>>> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJtEJQrP3NbaWWqE4RAhw6AJ9xB64pm2ITXgqYio2DKv3TLQ1fMgCfZFqj dhGNvJjcA3TAIcfA8v7E4C8= =Y7UI -----END PGP SIGNATURE-----
