[Zope-CMF] Fwd: [imeme] Apache and cookies

Peter Simmons pete@bcmpweb.com
Tue, 1 Oct 2002 09:42:46 +1200 

Forwarding this to everyone on this list in case someone knows what is going on.

In short when using apache as a proxy to a cmf site the __ac cookie seems to get
eaten (for almost all users) if I get rid of apache and surf straight to zope I
stay authenticated. (see below for more details).

Does anyone know of why/what apache is doing to lose the cookies? And why its
not for everyone? Are there some special characters that are not allowed in
cookies in apache that are allowed in zope or something? Maybe a size issue?

-- 
Peter Simmons
BCMPweb Limited
pete@bcmpweb.com





----- Forwarded message from Peter Simmons <pete@bcmpweb.com> -----
    Date: Tue,  1 Oct 2002 09:16:39 +1200
    From: Peter Simmons <pete@bcmpweb.com>
Reply-To: Peter Simmons <pete@bcmpweb.com>
 Subject: [imeme] Apache and cookies
      To: Imeme Users List <imeme-users@lists.imeme.net>

hI,

I am using CMF (and plone sometimes) and as you may know it uses cookie
authentication. I am having some problems with it not working for all users. 

When running the standard imeme setup (i.e. apache proxying to zope + others
(logs,  mailman) almost all users try to login in but the __ac cookie does not
stay set. 
Specifically:

1. they go to the login page fill in user name and password and click login. 

2. They are then taken to a logged_in page and it appears they are logged in

3. When they try to go to another page it appears they are no longer logged in

I did a lot of delving into the cookie crumbler code and worked out that the
first request after you give login info is supposed to set a cookie "__ac" that
contains an encoded (base64) string of username:password.

So I put code on the standard template (main_template) that shows me the
cookies. It seems that for the logged_in page the cookie is set but aftet that
the cookie is wiped.

As I was saying before for a couple of users it worked. So I thought it was a
permissions thing and exaustively tried different permissions for the other
users including making them exactly the same and in the same user folder nothing
worked (and its not this see below).

I tried a how lot of other things too but no much point in going into detail.
Lastly I tried going directly to port 8080 and it worked fine. So I tried
stopping apache and running zope on port 80 and it still worked fine. This is
how our zope is currently running which solves this problem but means logs,
mailman and my wedav on port 80 redirects no longer work so long term I can't
leave it like this.

Does anyone (and thanks for reading this far) know of why/what apache is doing
to lose the cookies? And why its not for everyone? Are there some special
characters that are not allowed in cookies in apache that are allowed in zope or
soemthing? Maybe a size issue?

Thanks in advance,
Pete
-- 
Peter Simmons
BCMPweb Limited
pete@bcmpweb.com





_______________________________________________
http://lists.imeme.net/listinfo/imeme-users



----- End forwarded message -----