Something appears to be wrong with the session handling and redirects for EB URLs where authentication is required but the user is not yet authenticated.
If the user's browser has no current session or cookie, and they go to an EB URL e.g.
they are presented with the login form that posts to /direct/login but thereafter are redirected to /direct/describe rather than the correct destination URL.
The attached screenshot appears to show a malformed cookie being set (or two cookies). This may be cluster-related, i.e. users get directed to a different app server on login or something.
Description
We are using EB and EvalSys:
https://source.sakaiproject.org/svn/entitybroker/tags/1.3.4https://source.sakaiproject.org/contrib/uct/evaluation-pilot08
Something appears to be wrong with the session handling and redirects for EB URLs where authentication is required but the user is not yet authenticated.
If the user's browser has no current session or cookie, and they go to an EB URL e.g.
https://vula.uct.ac.za/direct/eval-assigngroup/105
they are presented with the login form that posts to /direct/login but thereafter are redirected to /direct/describe rather than the correct destination URL.
The attached screenshot appears to show a malformed cookie being set (or two cookies). This may be cluster-related, i.e. users get directed to a different app server on login or something.
It's not clear exactly which revisions of EB address this (although r54235 is required but not sufficient).
To fix this in 2-6-x probably requires merging all EB changes up until r54243 (or to a the next EB tag when QA'd), as a number of EB commits do not have associated JIRAs.
An outstanding issue (for another JIRA) is that with URLs like this:
/direct/abc/xyz?name=value
the ? and = will be escaped and get mangled on the redirect after login (i.e. not work any more).
Stephen Marquard added a comment - 13-Nov-2008 02:47 This is resolved as of trunk EB at r54243.
It's not clear exactly which revisions of EB address this (although r54235 is required but not sufficient).
To fix this in 2-6-x probably requires merging all EB changes up until r54243 (or to a the next EB tag when QA'd), as a number of EB commits do not have associated JIRAs.
An outstanding issue (for another JIRA) is that with URLs like this:
/direct/abc/xyz?name=value
the ? and = will be escaped and get mangled on the redirect after login (i.e. not work any more).
Bug
Closed
Critical
Incorrect handling of /direct/ logins
It's not clear exactly which revisions of EB address this (although r54235 is required but not sufficient).
To fix this in 2-6-x probably requires merging all EB changes up until r54243 (or to a the next EB tag when QA'd), as a number of EB commits do not have associated JIRAs.
An outstanding issue (for another JIRA) is that with URLs like this:
/direct/abc/xyz?name=value
the ? and = will be escaped and get mangled on the redirect after login (i.e. not work any more).