Authentication doesn't work with other Cookies present

ensky16 / google-authenticator-apache-module

Automatically exported from code.google.com/p/google-authenticator-apache-module

0 stars 0 forks source link

Authentication doesn't work with other Cookies present #4

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

Luckyjcell mentioned this in Issue #3, I am adding it as a separate bug.

There is a bug in the cookie parser, which makes it so that if the google_authn 
cookie is not the *first* token in the cookie string, it is not recognized. 
This will result in authentication not working when cookies are used on the 
page/site.

I have a fix ready and in testing - to be released soon.

Original issue reported on code.google.com by bkgood...@gmail.com on 22 Mar 2013 at 1:51

GoogleCodeExporter commented 8 years ago

Fixed in r9

Original comment by bkgood...@gmail.com on 25 Mar 2013 at 7:16

Changed state: Fixed

GoogleCodeExporter commented 8 years ago

There still seems to be an issue. After a few minutes, authentication is lost. 
I think it's happening when the entrywindow passes.

FYI, I am using this on a folder that has phpMyAdmin 3.4.9 installed on Linux 
with Apache 2.2.22.

GoogleAuthCookieLife is 3600. GoogleAuthEntryWindow is 2.

Original comment by luckyjc...@gmail.com on 25 Mar 2013 at 7:58

GoogleCodeExporter commented 8 years ago

Does it work *without* the phpMyAdmin? If so, it implies you are still having 
an issue with multiple cookies.

Could you send me output from a DEBUG build? Make one was follows. Add the 
following lines to the end of the Makefile:

debug: $(SOURCE)
  $(APXS) -D DEBUG=1 -c $^

Then do "make debug". (Note that has to be a TAB at the beginning of the second 
line, not spaces). Also note that the output will contain your secrect key - so 
you may want to remove that.

I have enclosed a build of it if it makes your life easier...

Original comment by bkgood...@gmail.com on 25 Mar 2013 at 8:09

Changed state: Started

Attachments:

mod_authn_google.so

GoogleCodeExporter commented 8 years ago

I have not tested without phpMyAdmin - that's all I'm using it with at the 
moment.

I'm a bit wrapped up with other things, not sure I'll be able to check is out 
anytime soon. Hoping to get back within two weeks.

Original comment by luckyjc...@gmail.com on 26 Mar 2013 at 3:30

GoogleCodeExporter commented 8 years ago

Fixed (again).

Cookie auth was not working because the user_id hook was no longer firing. 
(Don't know why - if this is related to "newer versions" of Apache. Either way 
- moving the hook firing order from "MIDDLE" to "FIRST" fixed it. This should 
be fine, because if there is no cookie (or it is invalid), the hook continues 
to let other hooks fire.

Original comment by bkgood...@gmail.com on 28 Mar 2013 at 5:57

Changed state: Fixed