The code where this happens is in:

   
https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/user/impl/xwiki/MyPersistentLoginManager.java#L564

I have to admit that I do not know much about that corner of XWiki code


some random pointers:

There is some hint that switching IP's might cause the problem, as in:

   http://jira.xwiki.org/browse/XWIKI-2463

so maybe setting:

 xwiki.authentication.useip=false

in WEB-INF/xwiki.cfg  could help.


Then, you can set

 xwiki.authentication.protection=none

which should make the problem go away, but of course at the cost that the 
authenticator does not check the cookie is encrypted with the given key in 
xwiki.cfg.


Aside of that I remember having a similar problem some time ago after changing 
the xwiki.authentication.validationKey / xwiki.authentication.encryptionKey in 
xwiki.cfg;
but that vanished after clearing *all* cookies in the browser once. As I 
understood your users have already done this, so it is probably not related to 
this problem.



----- Ursprüngliche Nachricht -----
Von: Tobias Kirchhofer
Am:  Wednesday, 09.03.2016, 13:40
An: Xwiki Users
Betreff: Re: [xwiki-users] Login cookie validation hash mismatch! Cookies have 
been tampered with


> This is the message which appears after 30 minutes:
> 
> <http://xwiki.475771.n2.nabble.com/file/n7598389/screenshot_53.png> 
> 
> "You do not have permission to view the document or to perform that action."
> 
> The we have to actively logout and close the browser window. By opening a
> new window and navigating to the wiki we can login again.
> 
> Our developers say this is most likely a bug in the application. How can we
> debug this one?
> 
> 
> 
> 
> 
> --
> View this message in context: 
> http://xwiki.475771.n2.nabble.com/Login-cookie-validation-hash-mismatch-Cookies-have-been-tampered-with-tp7598282p7598389.html
> Sent from the XWiki- Users mailing list archive at Nabble.com.
> _______________________________________________
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
> 

_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Reply via email to