RE: [users@httpd] mod_proxy/mod_proxy_html

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



What you need to do is use LiveHTTPHeaders in order to verify that the cookie is indeed delivered to your browser as a Set-Cookie response header. I guess this is done in the HTTP 302 in response to GET https://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fextranet.hendrickson-intl.com%3A80%2Fwcs%2Fj_security_check.

If that login cookie is "secure" (that is a parameter of the cookie), your browser will not submit it in a request which is not sent over httpS. From what I have understood from your mails, you access your application with http (no S). That may explain why the cookies are not submitted.

Another thing that might prevent the browser from submitting the cookie is a mismatch between the cookie domain and the host part of the URL. In order to be submitted, the cookie domain should be extranet.hendrickson-intl.com or hendrickson-intl.com. If that is not the case, the browser will not submit the cookie in requests.

If you are uncertain about what is happening, please post the full LiveHTTPHeaders trace starting with the request for https://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fextranet.hendrickson-intl.com%3A80%2Fwcs%2Fj_security_check, through the first access to http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=xxx


Another thing is that there is a little voice in my head telling me that this is not a cookie problem. I am trying to have him shut up, but the little fellow keeps bugging me.

I noticed that the query string in the URL http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6 contains a variable named "ticket". Would that by any chance be the sign-in ticket??

Then, if the j_security_check failed, I would expect a redirection to the login service, not to another j_security_check...

-ascs

-----Original Message-----
From: Shahzad Bhatti [mailto:sbhatti@xxxxxxxxxxx] 
Sent: Thursday, August 11, 2005 6:46 PM
To: users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] mod_proxy/mod_proxy_html

Axel,
  Thanks again, it worked and I was able to go further, however I ran into another problem. We are using single-sign-on that stores ticket in cookie, however it looks like this cookie is not being passed to the client. And it goes into loop, i.e.,
-- AFTER SUCCESSFUL LOGIN, THE USER IS DIRECTED TO THE APPLICATION (WHICH VERIFIES TICKET)
http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6

GET /wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6 HTTP/1.1
Referer: http://extranet.hendrickson-intl.com/cas/login?service=http%3A%2F%2Fwd-prtlsrv1%3A8080%2Fhendrickson%2Fj_security_check


AND IT'S SENDING REDIRECT TO THE SAME URL

HTTP/1.x 302 Moved Temporarily
Location: http://extranet.hendrickson-intl.com/wcs/j_security_check?ticket=ST-11-vPSm2DSGExfFDlJ6Axb6

Is there any way to add cookie support and break this loop.
Regards,
Shahzad Bhatti
Integrated Software Specialists
http://www.issintl.com
1901 North Roselle Road, Suite 450
Schaumburg, IL 60195
Phone: 847-558-5342
Fax: 847-240-5073




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux