search

openhab / openhab-core

Core framework of openHAB
https://www.openhab.org/
Eclipse Public License 2.0
912 stars 420 forks source link

HTTP 500 on first login because of cookie error #1840

Closed ghost closed 1 year ago

ghost commented 3 years ago

@sidamos commented on Nov 21, 2020, 10:01 AM UTC:

The problem

This happened on 2 client machines (Linux+Chrome, ChromeOS). At first login (either directly after the very first startup of OH and first user creation or later, when admin user is already created), I get HTTP 500 after entering user and password and just a grey screen.

I have these cookies for this server:

zmHeaderFlip up 192.168.0.7 / 2030-11-15T17:28:25.000Z 14       Medium  
zmMontageLayout 1 192.168.0.7 / 2030-11-15T18:02:15.000Z 16       Medium  
  secure 192.168.0.7 / Session 6     Medium  
zmWatchScale1 0 192.168.0.7 / 2030-11-15T18:00:14.000Z 14       Medium  
zmEventScaleAuto auto 192.168.0.7 / 2030-11-15T18:01:03.000Z 20       Medium  
zmEventRate 100 192.168.0.7 / 2030-11-15T18:01:19.000Z 14       Medium  
io 8HLhObOjuhFzgNE8AAAA 192.168.0.7 / Session 22     Medium

Clearing all cookies for this server resolves the issue.

Expected behavior

Login should work.

Steps to reproduce

  1. Log into OH3 M2 with a browser for the very first time.

Your environment

runtimeInfo:
  version: 3.0.0.M2
  buildString: Milestone Build
locale: en_DE
systemInfo:
  configFolder: /home/mythtv/openHAB3/conf
  userdataFolder: /home/mythtv/openHAB3/userdata
  logFolder: /home/mythtv/openHAB3/userdata/logs
  javaVersion: 11.0.9
  javaVendor: AdoptOpenJDK
  javaVendorVersion: AdoptOpenJDK
  osName: Linux
  osVersion: 5.4.48-gentoo-x86_64
  osArchitecture: amd64
  availableProcessors: 4
  freeMemory: 243763056
  totalMemory: 379584512
bindings:
  - ipcamera
clientInfo:
  device:
    ios: false
    android: false
    androidChrome: false
    desktop: true
    iphone: false
    ipod: false
    ipad: false
    edge: false
    ie: false
    firefox: false
    macos: false
    windows: false
    cordova: false
    phonegap: false
    electron: false
    nwjs: false
    webView: false
    webview: false
    standalone: false
    pixelRatio: 1.25
    prefersColorScheme: light
  isSecureContext: false
  locationbarVisible: true
  menubarVisible: true
  navigator:
    cookieEnabled: true
    deviceMemory: N/A
    hardwareConcurrency: 4
    language: de
    languages:
      - de
      - en
      - en-US
    onLine: true
    platform: Linux x86_64
  screen:
    width: 1920
    height: 1080
    colorDepth: 24
  support:
    touch: false
    pointerEvents: true
    observer: true
    passiveListener: true
    gestures: false
    intersectionObserver: true
  themeOptions:
    dark: light
    filled: true
    pageTransitionAnimation: default
    bars: filled
    homeNavbar: default
    homeBackground: default
    expandableCardAnimation: default
  userAgent: Mozilla/5.0 (X11; CrOS x86_64 13421.99.0) AppleWebKit/537.36 (KHTML,
    like Gecko) Chrome/86.0.4240.198 Safari/537.36
timestamp: 2020-11-21T10:00:12.232Z

Browser console

app.js:9 POST http://192.168.0.7:8091/rest/auth/token?useCookie=true 500 (Server Error)

Browser network traffic

Response body: "{"error":{"message":"Cookie is malformed : secure","http-code":500,"exception":{"class":"java.lang.IllegalArgumentException","message":"Cookie is malformed : secure","localized-message":"Cookie is malformed : secure"}}}"

Additional information

This issue was moved by ghys from openhab/openhab-webui#545.

ghys commented 3 years ago

Probably a version of this: https://stackoverflow.com/a/41458542

That "secure" cookie with no name is invalid because it has no name, it's also not set by openHAB. (neither are the others) You need to somehow figure out which other app is setting it, and prevent it from being sent to openHAB.

sidamos commented 3 years ago

How should I do that? I am running multiple applications on different ports on the same server.

IMHO, OH should be able to handle this case.

J-N-K commented 2 years ago

The complete headers are needed to decide if this is an openHAB issue. If the problem still persists, please post that. From my understanding, openHAB is behaving correctly here and some other applications sets invalid cookies.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.