The code where this happens is in: https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/user/impl/xwiki/MyPersistentLoginManager.java#L564
I have to admit that I do not know much about that corner of XWiki code some random pointers: There is some hint that switching IP's might cause the problem, as in: http://jira.xwiki.org/browse/XWIKI-2463 so maybe setting: xwiki.authentication.useip=false in WEB-INF/xwiki.cfg could help. Then, you can set xwiki.authentication.protection=none which should make the problem go away, but of course at the cost that the authenticator does not check the cookie is encrypted with the given key in xwiki.cfg. Aside of that I remember having a similar problem some time ago after changing the xwiki.authentication.validationKey / xwiki.authentication.encryptionKey in xwiki.cfg; but that vanished after clearing *all* cookies in the browser once. As I understood your users have already done this, so it is probably not related to this problem. ----- Ursprüngliche Nachricht ----- Von: Tobias Kirchhofer Am: Wednesday, 09.03.2016, 13:40 An: Xwiki Users Betreff: Re: [xwiki-users] Login cookie validation hash mismatch! Cookies have been tampered with > This is the message which appears after 30 minutes: > > <http://xwiki.475771.n2.nabble.com/file/n7598389/screenshot_53.png> > > "You do not have permission to view the document or to perform that action." > > The we have to actively logout and close the browser window. By opening a > new window and navigating to the wiki we can login again. > > Our developers say this is most likely a bug in the application. How can we > debug this one? > > > > > > -- > View this message in context: > http://xwiki.475771.n2.nabble.com/Login-cookie-validation-hash-mismatch-Cookies-have-been-tampered-with-tp7598282p7598389.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
