User loses session logged

[GoogleCodeExporter]

What steps will reproduce the problem?
1.The user connects in the IPT application;
2.The user tries to access the "manager resources" area;
3.The user is automatically logged out;
4. IPT shows the message log: "A problem occurred retrieving current user. This 
can happen if the session is not yet opened".

What version of the provider software are you using? The version should be 
displayed in the footer of any page.
IPT Version 2.1.1-r4640

What browser are you using?
Firefox and google chrome.

Please provide any additional information below.
The log file is attached.

Original issue reported on code.google.com by francisc...@gmail.com on 27 Oct 2014 at 9:03

Attachments:

• debug.log

[GoogleCodeExporter]

same problem presented here in two non-registered IPTs 
restarting tomcat didn't solve the problem
the only solution was deleting the user and creating again
fortunately there was no registered dataset associated with the user
the curious thing is that the user was re-created with the same login and 
password and it works perfectly

we tried to reproduce the problem in test-environment IPTs but we couldn't get 
the problem to come out again

again

Original comment by daniel.amariles88 on 27 Oct 2014 at 10:12

[GoogleCodeExporter]

I'm afraid I can't reproduce this problem either. 

You could either describe the steps in much greater detail (e.g. exact landing 
page, hosting environment, user type, etc) so that we can try to reproduce it, 
or I'm afraid I have to close this issue as "cannot reproduce". Thanks

Original comment by kyle.br...@gmail.com on 5 Nov 2014 at 1:07

• Changed state: Accepted
• Added labels: Milestone-Release2.2, Priority-Critical, Security, Usability

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Hi Kyle!

1) The SiBBr environment has several ipts running in different tomcat instances 
behind apache web httpd. So, we are using reverse proxy.

2) Our Apache httpd 2.4 conf
<VirtualHost ipt.sibbr.gov.br:80>
    ServerName ipt.sibbr.gov.br
    <Proxy *>
        Require all granted
    </Proxy>

    ProxyRequests Off
    ProxyPreserveHost On

    ProxyPass                       /treinamento    http://internal.host:8080/treinamento/
    ProxyPassReverse                /treinamento    http://internal.host:8080/treinamento/
    ProxyPassReverseCookiePath      /treinamento    http://internal.host:8080/treinamento/

    ProxyPass                       /mnrj   http://internal.host:8180/mnrj/
    ProxyPassReverse                /mnrj   http://internal.host:8180/mnrj/
    ProxyPassReverseCookiePath      /mnrj   http://internal.host:8180/mnrj/

    ProxyPass                       /taxonline    http://internal.host:8280/taxonline/
    ProxyPassReverse                /taxonline    http://internal.host:8280/taxonline/
    ProxyPassReverseCookiePath      /taxonline    http://internal.host:8280/taxonline/

    ProxyPass                       /repatriados    http://internal.host:8380/repatriados/
    ProxyPassReverse                /repatriados    http://internal.host:8380/repatriados/
    ProxyPassReverseCookiePath      /repatriados    http://internal.host:83280/repatriados/
</VirtualHost>

3) The tomcat conf/server.xml:
- was changed only the port to act as instances
- The sessionCookiePath was not set. So, the applications are using the context 
path

4) After the user logs in, the following message is displayed:
INFO  User user@somehost logged in successfully
INFO  Redirecting to http://ipt.sibbr.gov.br/mnrj
WARN  A problem occurred retrieving current user. This can happen if the 
session is not yet opened

5) Any attempt to access the "Manage resources" option is not completed because 
the user is not logged in.

6) I'm trying to figure out how this occurs. But I am suspecting that the 
sessionCookiePath is the problem when there are many users logged in.
I am following this tutorial to try to change the reverse proxy configuration: 
http://www.apachetutor.org/admin/reverseproxies

Original comment by francisc...@gmail.com on 5 Nov 2014 at 4:07

[GoogleCodeExporter]

Another thing observed: after processing *.do the browser receives an HTTP 
status code 302 found.
Example:
1) http://ipt.sibbr.gov.br/treinamento/manage/metadata-basic.do
2) http://ipt.sibbr.gov.br/treinamento/login.do
3) http://ipt.sibbr.gov.br/treinamento/logout.do
This is checked using mod_proxy and mod_jk in many configurations.

This does not happen with the about.do page.

Original comment by francisc...@gmail.com on 6 Nov 2014 at 2:48

[GoogleCodeExporter]

Deferred to 2.3 or later

Original comment by kyle.br...@gmail.com on 1 Dec 2014 at 2:44

• Added labels: Milestone-Release2.3
• Removed labels: Milestone-Release2.2

[GoogleCodeExporter]

To stay logged in, the JSESSIONID cookie returned by Tomcat needs to have the 
same path as the application root context path. For 
http://ipt.sibbr.gov.br/mnrj/ that would be /mnrj/

So how about trying out the following Apache directives:

<VirtualHost *:80>
    ServerName  ipt.sibbr.gov.br
    ProxyPreserveHost       On
    ProxyPass               /mnrj/       http://internal.host:8180/mnrj/
    ProxyPassReverse        /mnrj/       http://internal.host:8180/mnrj/
    ProxyPassReverseCookiePath  / /mnrj/
</VirtualHost>

The ProxyPassReverseCookiePath above will ensure that the cookie path is 
rewriten to /mnrj/ - matching the application's root context path.

In case you need help debugging the JSESSIONID cookie path, you can use the 
Firebug plugin for Firefox (see attached screenshot). 

Please report back if this fixes the problem. If this fixes the problem, we can 
update the wiki/FAQ with this problem to help others. 

Original comment by kyle.br...@gmail.com on 11 Feb 2015 at 3:25

• Changed state: Started
• Added labels: Component-Docs, Milestone-Release2.2
• Removed labels: Milestone-Release2.3

Attachments:

• [Screen Shot 2015-02-11 at 13.45.12.png](https://storage.googleapis.com/google-code-attachments/gbif-providertoolkit/issue-1121/comment-7/Screen Shot 2015-02-11 at 13.45.12.png)

[GoogleCodeExporter]

for the record, I'm no using Apache. Anyway I'm not experiencing the issue 
anymore.

Original comment by daniel.amariles88 on 11 Feb 2015 at 9:25

[GoogleCodeExporter]

The wiki has now been updated to help people configure a virtual host name and 
reverse proxy in Apache, see 
https://code.google.com/p/gbif-providertoolkit/wiki/IPTServerPreparation

Closing issue

Original comment by kyle.br...@gmail.com on 20 Mar 2015 at 12:54

• Changed state: Fixed

[GoogleCodeExporter]

The wiki has now been updated to help people configure a virtual host name and 
reverse proxy in Apache, see 
https://code.google.com/p/gbif-providertoolkit/wiki/IPTServerPreparation

Closing issue

Original comment by kyle.br...@gmail.com on 20 Mar 2015 at 12:54

[GoogleCodeExporter]

Kyle, sorry by the delay!
At SiBBr environment there are many IPT instances configured in the same Apache 
httpd.conf.
So, the base URL http://ipt.sibbr.gov.br is the same for all instances. The 
instance names are different.
That config pointed by you already was tried, but I will try again with the IPT 
2.1.1 version.

The way I found to go was using AJP protocol.
Do you want I open other issue to present the actual config using AJP protocol 
to register as documentation?

Thanks for the attention!

Original comment by francisc...@gmail.com on 20 Mar 2015 at 5:58