[SOLVED] Cookie problems

sddroog

Joined: 2005-02-01
Posts: 132

Posted: Mon, 2005-02-21 08:42

Just updated G2 with latest CVS. After that all users are unable to login, unless they delete there cookies first. But as soon as you logoff and try to login again, the problem is back. Even if you try to login with the same user, it fails until the cookies are deleted again.

No error message is given, but after entering the username and password you are being 'logged in' as Guest or not at all (if Guest has no rights) and returned to the login screen.

Help?

Edit: just found out that after closing and opening IE you can login again. Just once, then you have to close and open IE again...

sddroog

Joined: 2005-02-01
Posts: 132

Posted: Tue, 2005-02-22 07:22

Am I really the only one with this problem? I updated again with the latest CVS but the problem still exists.

valiant

Joined: 2003-01-04
Posts: 32509

Posted: Tue, 2005-02-22 16:12

Just installed (no upgrade) the newest nightly release, using firefox.
First, I couldn't login, tried it x times.
Then I deleted the cookies from the domain of the server and now it works. I can login/logout/login again. It works.
Never had this issue before with G2, what did you change mindless, bharat?

mindless

Joined: 2004-01-04
Posts: 8601

Posted: Tue, 2005-02-22 16:41

bharat added some domain info encoded in the cookie a while back.. but i thought if your session was rejected due to that info it should generate a new cookie for you (i never tested that though).

sddroog

Joined: 2005-02-01
Posts: 132

Posted: Tue, 2005-02-22 19:01

Well, it doesn't work for me. Only after deleting the cookies and/or restarting IE I can login again after I logoff.

I turned on debugging during the (failed) login procedure. There is no error message or anything, so perhaps it will help?

http://foto.dedroog.com/debug.txt

Some other info: http://foto.dedroog.com/info.php

If anything else is required for further debugging please let me know. Then I will try to get that arranged.

Thanks for the great support.

valiant

Joined: 2003-01-04
Posts: 32509

Posted: Tue, 2005-02-22 19:11

i guess we can neglect the browser. tried it with IE, it works for me on my server.
sddroog, why do you use IE anyway?? firefox, opera, .... is the way to go.

but the problem persits for sddroog. anyone?

sddroog

Joined: 2005-02-01
Posts: 132

Posted: Tue, 2005-02-22 19:54

valiant wrote:

sddroog, why do you use IE anyway?? firefox, opera, .... is the way to go.

I use multiple browsers. I have the same problem with firefox. But most of my users use IE...

sddroog

Joined: 2005-02-01
Posts: 132

Posted: Tue, 2005-02-22 20:30

I just created a new website. Downloaded latest version from CVS. Created new database, everything from scratch.

I could login as admin only once. After logging out and trying to login again, it logged me in as guest.

There must be something different with my setup. I can't believe I am the only one having this problem.

mindless

Joined: 2004-01-04
Posts: 8601

Posted: Tue, 2005-02-22 21:35

maybe watch your GALLERYSID cookie.. when you login you should get a new session id in the cookie.

mindless

Joined: 2004-01-04
Posts: 8601

Posted: Tue, 2005-02-22 21:45

here's one thing to try, not sure if it's the cause..
edit your modules/core/classes/GallerySession.class file, line 359.. comment out:
$this->_loadedSessionData = $localLoadedSessionData;
and try again.

mindless

Joined: 2004-01-04
Posts: 8601

Posted: Tue, 2005-02-22 21:51

sddroog, ignore the 2 messages above.. i did some testing and found the bug. we'll work on a fix.. thanks for the report.

BorgKing

Joined: 2002-09-12
Posts: 314

Posted: Tue, 2005-02-22 22:44

I'm having the same problem with one of my G2 installations, but apparently a solution is already in the works. Please post a message when the bug is exterminated, and many thanks to the exterminator.

volksport

Joined: 2002-10-06
Posts: 239

Posted: Tue, 2005-02-22 23:46

mindless i created a new bug that is similar, but I only saw it when the root album did not have any everybody group viewing permissions..

link: http://sourceforge.net/tracker/index.php?func=detail&aid=1146021&group_id=7130&atid=107130

mindless

Joined: 2004-01-04
Posts: 8601

Posted: Tue, 2005-02-22 23:52

here's the situation I repro'd:
1) be logged in
2) logout
3) the very next page that is generated has sessionids in the urls
4) click login in the top navbar; returnUrl in this link has the sessionid
5) login.. you get a cookie with a new sessionid
6) you get redirected to the returnUrl, so the cookie changes back to
the old value and you aren't logged in anymore.

sddroog

Joined: 2005-02-01
Posts: 132

Posted: Wed, 2005-02-23 07:46

mindless wrote:

sddroog, ignore the 2 messages above.. i did some testing and found the bug. we'll work on a fix.. thanks for the report.

Thank you!

pelle

Joined: 2004-12-10
Posts: 389

Posted: Wed, 2005-02-23 22:41

How 'bout this:

Index: GallerySession.class
===================================================================
RCS file: /cvsroot/gallery/gallery2/modules/core/classes/GallerySession.class,v
retrieving revision 1.61
diff -u -r1.61 GallerySession.class
--- GallerySession.class        19 Feb 2005 06:49:02 -0000      1.61
+++ GallerySession.class        23 Feb 2005 22:43:19 -0000
@@ -350,6 +350,7 @@
        /* Store the current session data */
         $localSessionData = $this->_sessionData;
         $localLoadedSessionData = $this->_loadedSessionData;
+        $oldId = $this->getSessionId();

        /* Reset the session data to create a new session id */
        $this->reset();
@@ -358,6 +359,16 @@
        $this->_sessionData = $localSessionData;
        $this->_loadedSessionData = $localLoadedSessionData;

+       /* If we have a return url we need to change session id */
+       if (GalleryUtilities::hasRequestVariable('return')) {
+           GalleryUtilities::putRequestVariable('return',
+                   str_replace(GalleryUtilities::prefixFormVariable($this->getKey()) . '=' .
+                                       $oldId,
+                               GalleryUtilities::prefixFormVariable($this->getKey()) . '=' .
+                                       $this->getSessionId(),
+                               GalleryUtilities::getRequestVariables('return')));
+       }
+
        return GalleryStatus::success();
     }

Edit: fixed linelength

mindless

Joined: 2004-01-04
Posts: 8601

Posted: Thu, 2005-02-24 00:55

pelle, very nice.. here are the steps to get a bad navigation link.. how about this one?

1) be logged in
2) logout
3) click on a link that will generate a navigation url.. i used "add photo to cart"
4) whatever page you're on now should have "return to album" (or photo) in the Navigation section of the sidebar.. the url for that link should have a sessionid in it. (if you used cart like i did you'll notice the cart is now empty.. i've filed a separate bug for that)
5) click login in top navbar
6) login
7) you should be back on the page with return to album/photo.. you should still be logged in.
8) click the return to album/photo link.. now you'll be logged out

pelle

Joined: 2004-12-10
Posts: 389

Posted: Thu, 2005-02-24 01:53

Allright, I forgot about the session cache. This oughta do it:

Index: GallerySession.class
===================================================================
RCS file: /cvsroot/gallery/gallery2/modules/core/classes/GallerySession.class,v
retrieving revision 1.61
diff -u -r1.61 GallerySession.class
--- GallerySession.class        19 Feb 2005 06:49:02 -0000      1.61
+++ GallerySession.class        24 Feb 2005 01:50:36 -0000
@@ -350,6 +350,7 @@
        /* Store the current session data */
         $localSessionData = $this->_sessionData;
         $localLoadedSessionData = $this->_loadedSessionData;
+        $oldId = $this->getSessionId();

        /* Reset the session data to create a new session id */
        $this->reset();
@@ -358,10 +359,43 @@
        $this->_sessionData = $localSessionData;
        $this->_loadedSessionData = $localLoadedSessionData;

+       /* If we have a return url we need to change session id */
+       if (GalleryUtilities::hasRequestVariable('return')) {
+           GalleryUtilities::putRequestVariable('return',
+                   $this->_regenerateUrlSessionId(
+                           GalleryUtilities::putRequestVariables('return')));
+       }
+
+       /* Check for return urls in the session cache */
+       if ($this->exists('core.navigation')) {
+           $navigation = $this->get('core.navigation');
+
+           foreach ($navigation as $navId => $info) {
+               if (isset($navigation[$navId]['data']['returnUrl'])) {
+                   $navigation[$navId]['data']['returnUrl'] =
+                           $this->_regenerateUrlSessionId($info['data']['returnUrl']);
+               }
+           }
+
+           $this->put('core.navigation', $navigation);
+       }
+
        return GalleryStatus::success();
     }

     /**
+     * Replace the session id a URL
+     *
+     * @return string url with valid session id
+     * @access private
+     */
+    function _regenerateUrlSessionId($url) {
+       $replace = GalleryUtilities::prefixFormVariable($this->getKey()) . '=' . $this->getId();
+       $regex = preg_quote(GalleryUtilities::prefixFormVariable($this->getKey()));
+       return preg_replace('/' . $regex . '\=([a-zA-Z0-9]+)/i', $replace, $url);
+    }
+
+    /**
      * Get rid of any sessions that have not been accessed within our
      * inactivity timeout or have exceeded the max lifetime.
      *

mindless

Joined: 2004-01-04
Posts: 8601

Posted: Thu, 2005-02-24 08:55

you've got a put/get mismatch but this is basically right.. i'll commit the fix asap. thanks!

mindless

Joined: 2004-01-04
Posts: 8601

Posted: Thu, 2005-02-24 11:30

should be fixed now, please verify.
i confirmed i committed the code just in time to make the 2-24 nightly build on jmullan's site. i don't think it was in time for the build on chetan sarva's site.

sddroog

Joined: 2005-02-01
Posts: 132

Posted: Thu, 2005-02-24 12:39

mindless wrote:

should be fixed now, please verify.

It works for me, thanks again!

BorgKing

Joined: 2002-09-12
Posts: 314

Posted: Thu, 2005-02-24 15:46

Confirmed, I just upgraded from cvs (core 0.8.17) and everything works fine now for both my G2 installations.

mindless & pelle, thanks a lot!

sddroog Joined: 2005-02-01 Posts: 132	Posted: Mon, 2005-02-21 08:42
	Just updated G2 with latest CVS. After that all users are unable to login, unless they delete there cookies first. But as soon as you logoff and try to login again, the problem is back. Even if you try to login with the same user, it fails until the cookies are deleted again. No error message is given, but after entering the username and password you are being 'logged in' as Guest or not at all (if Guest has no rights) and returned to the login screen. Help? Edit: just found out that after closing and opening IE you can login again. Just once, then you have to close and open IE again...
	XUser login Username: * Password: * Create new account Request new password
sddroog Joined: 2005-02-01 Posts: 132	Posted: Tue, 2005-02-22 07:22
	Am I really the only one with this problem? I updated again with the latest CVS but the problem still exists.

valiant Joined: 2003-01-04 Posts: 32509	Posted: Tue, 2005-02-22 16:12
	Just installed (no upgrade) the newest nightly release, using firefox. First, I couldn't login, tried it x times. Then I deleted the cookies from the domain of the server and now it works. I can login/logout/login again. It works. Never had this issue before with G2, what did you change mindless, bharat?

mindless Joined: 2004-01-04 Posts: 8601	Posted: Tue, 2005-02-22 16:41
	bharat added some domain info encoded in the cookie a while back.. but i thought if your session was rejected due to that info it should generate a new cookie for you (i never tested that though).

sddroog Joined: 2005-02-01 Posts: 132	Posted: Tue, 2005-02-22 19:01
	Well, it doesn't work for me. Only after deleting the cookies and/or restarting IE I can login again after I logoff. I turned on debugging during the (failed) login procedure. There is no error message or anything, so perhaps it will help? http://foto.dedroog.com/debug.txt Some other info: http://foto.dedroog.com/info.php If anything else is required for further debugging please let me know. Then I will try to get that arranged. Thanks for the great support.

valiant Joined: 2003-01-04 Posts: 32509	Posted: Tue, 2005-02-22 19:11
	i guess we can neglect the browser. tried it with IE, it works for me on my server. sddroog, why do you use IE anyway?? firefox, opera, .... is the way to go. but the problem persits for sddroog. anyone?

sddroog Joined: 2005-02-01 Posts: 132	Posted: Tue, 2005-02-22 19:54
	valiant wrote: sddroog, why do you use IE anyway?? firefox, opera, .... is the way to go. I use multiple browsers. I have the same problem with firefox. But most of my users use IE...

sddroog Joined: 2005-02-01 Posts: 132	Posted: Tue, 2005-02-22 20:30
	I just created a new website. Downloaded latest version from CVS. Created new database, everything from scratch. I could login as admin only once. After logging out and trying to login again, it logged me in as guest. There must be something different with my setup. I can't believe I am the only one having this problem.

mindless Joined: 2004-01-04 Posts: 8601	Posted: Tue, 2005-02-22 21:35
	maybe watch your GALLERYSID cookie.. when you login you should get a new session id in the cookie.

mindless Joined: 2004-01-04 Posts: 8601	Posted: Tue, 2005-02-22 21:45
	here's one thing to try, not sure if it's the cause.. edit your modules/core/classes/GallerySession.class file, line 359.. comment out: `$this->_loadedSessionData = $localLoadedSessionData;` and try again.

mindless Joined: 2004-01-04 Posts: 8601	Posted: Tue, 2005-02-22 21:51
	sddroog, ignore the 2 messages above.. i did some testing and found the bug. we'll work on a fix.. thanks for the report.

BorgKing Joined: 2002-09-12 Posts: 314	Posted: Tue, 2005-02-22 22:44
	I'm having the same problem with one of my G2 installations, but apparently a solution is already in the works. Please post a message when the bug is exterminated, and many thanks to the exterminator.

volksport Joined: 2002-10-06 Posts: 239	Posted: Tue, 2005-02-22 23:46
	mindless i created a new bug that is similar, but I only saw it when the root album did not have any everybody group viewing permissions.. link: http://sourceforge.net/tracker/index.php?func=detail&aid=1146021&group_id=7130&atid=107130

mindless Joined: 2004-01-04 Posts: 8601	Posted: Tue, 2005-02-22 23:52
	here's the situation I repro'd: 1) be logged in 2) logout 3) the very next page that is generated has sessionids in the urls 4) click login in the top navbar; returnUrl in this link has the sessionid 5) login.. you get a cookie with a new sessionid 6) you get redirected to the returnUrl, so the cookie changes back to the old value and you aren't logged in anymore.

sddroog Joined: 2005-02-01 Posts: 132	Posted: Wed, 2005-02-23 07:46
	mindless wrote: sddroog, ignore the 2 messages above.. i did some testing and found the bug. we'll work on a fix.. thanks for the report. Thank you!

pelle Joined: 2004-12-10 Posts: 389	Posted: Wed, 2005-02-23 22:41
	How 'bout this: Index: GallerySession.class =================================================================== RCS file: /cvsroot/gallery/gallery2/modules/core/classes/GallerySession.class,v retrieving revision 1.61 diff -u -r1.61 GallerySession.class --- GallerySession.class 19 Feb 2005 06:49:02 -0000 1.61 +++ GallerySession.class 23 Feb 2005 22:43:19 -0000 @@ -350,6 +350,7 @@ /* Store the current session data / $localSessionData = $this->_sessionData; $localLoadedSessionData = $this->_loadedSessionData; + $oldId = $this->getSessionId(); / Reset the session data to create a new session id / $this->reset(); @@ -358,6 +359,16 @@ $this->_sessionData = $localSessionData; $this->_loadedSessionData = $localLoadedSessionData; + / If we have a return url we need to change session id */ + if (GalleryUtilities::hasRequestVariable('return')) { + GalleryUtilities::putRequestVariable('return', + str_replace(GalleryUtilities::prefixFormVariable($this->getKey()) . '=' . + $oldId, + GalleryUtilities::prefixFormVariable($this->getKey()) . '=' . + $this->getSessionId(), + GalleryUtilities::getRequestVariables('return'))); + } + return GalleryStatus::success(); } Edit: fixed linelength

mindless Joined: 2004-01-04 Posts: 8601	Posted: Thu, 2005-02-24 00:55
	pelle, very nice.. here are the steps to get a bad navigation link.. how about this one? 1) be logged in 2) logout 3) click on a link that will generate a navigation url.. i used "add photo to cart" 4) whatever page you're on now should have "return to album" (or photo) in the Navigation section of the sidebar.. the url for that link should have a sessionid in it. (if you used cart like i did you'll notice the cart is now empty.. i've filed a separate bug for that) 5) click login in top navbar 6) login 7) you should be back on the page with return to album/photo.. you should still be logged in. 8) click the return to album/photo link.. now you'll be logged out

pelle Joined: 2004-12-10 Posts: 389	Posted: Thu, 2005-02-24 01:53
	Allright, I forgot about the session cache. This oughta do it: Index: GallerySession.class =================================================================== RCS file: /cvsroot/gallery/gallery2/modules/core/classes/GallerySession.class,v retrieving revision 1.61 diff -u -r1.61 GallerySession.class --- GallerySession.class 19 Feb 2005 06:49:02 -0000 1.61 +++ GallerySession.class 24 Feb 2005 01:50:36 -0000 @@ -350,6 +350,7 @@ /* Store the current session data / $localSessionData = $this->_sessionData; $localLoadedSessionData = $this->_loadedSessionData; + $oldId = $this->getSessionId(); / Reset the session data to create a new session id / $this->reset(); @@ -358,10 +359,43 @@ $this->_sessionData = $localSessionData; $this->_loadedSessionData = $localLoadedSessionData; + / If we have a return url we need to change session id / + if (GalleryUtilities::hasRequestVariable('return')) { + GalleryUtilities::putRequestVariable('return', + $this->_regenerateUrlSessionId( + GalleryUtilities::putRequestVariables('return'))); + } + + / Check for return urls in the session cache / + if ($this->exists('core.navigation')) { + $navigation = $this->get('core.navigation'); + + foreach ($navigation as $navId => $info) { + if (isset($navigation[$navId]['data']['returnUrl'])) { + $navigation[$navId]['data']['returnUrl'] = + $this->_regenerateUrlSessionId($info['data']['returnUrl']); + } + } + + $this->put('core.navigation', $navigation); + } + return GalleryStatus::success(); } /* + * Replace the session id a URL + * + * @return string url with valid session id + * @access private + / + function _regenerateUrlSessionId($url) { + $replace = GalleryUtilities::prefixFormVariable($this->getKey()) . '=' . $this->getId(); + $regex = preg_quote(GalleryUtilities::prefixFormVariable($this->getKey())); + return preg_replace('/' . $regex . '\=([a-zA-Z0-9]+)/i', $replace, $url); + } + + /* * Get rid of any sessions that have not been accessed within our * inactivity timeout or have exceeded the max lifetime. *

mindless Joined: 2004-01-04 Posts: 8601	Posted: Thu, 2005-02-24 08:55
	you've got a put/get mismatch but this is basically right.. i'll commit the fix asap. thanks!

mindless Joined: 2004-01-04 Posts: 8601	Posted: Thu, 2005-02-24 11:30
	should be fixed now, please verify. i confirmed i committed the code just in time to make the 2-24 nightly build on jmullan's site. i don't think it was in time for the build on chetan sarva's site.

sddroog Joined: 2005-02-01 Posts: 132	Posted: Thu, 2005-02-24 12:39
	mindless wrote: should be fixed now, please verify. It works for me, thanks again!

BorgKing Joined: 2002-09-12 Posts: 314	Posted: Thu, 2005-02-24 15:46
	Confirmed, I just upgraded from cvs (core 0.8.17) and everything works fine now for both my G2 installations. mindless & pelle, thanks a lot!

[SOLVED] Cookie problems

XUser login