Urgent problem with IE cookie/caching problem with identity
wul...@gmail.com
I am trying to launch a website but am having issues with IE6 and IE7
(but not FF/Safari) where the user is being logged out after they log-
in. I am not exactly sure what the problem is (could be caching,
apache HTTP.conf, cookie, or TurboGears/Cherrypy). I have attached
below the IE7 HTTP response header after submitting the log-in
information. As you can see, the user successfully logs-in, where TG
returns a 'set-cookie' for the authenticated session. Soon after
that, you also see that a request for MochiKit.js also returns a 'set-
cookie' with an expires time in the past. So maybe this is the
problem!
We are running Cherrypy 2.2, Turbogears 1.0.2, and Apache 1.3.33 with
mod_proxy configured appropriately, all using Python 2.5 on OSX
Server. We also have a development server running without Apache,
serving files from TurboGears directly, and IE6 and IE7 work
flawlessly.
----------Returned page AFTER logging in on IE7:
POST http: //MY_DOMAIN_NAME.com/axess/login HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-powerpoint,
application/vnd.ms-excel, application/msword, */*
Referer: http://MY_DOMAIN_NAME.com/
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET
CLR 1.1.4322)
Proxy-Connection: Keep-Alive
Content-Length: 63
Host: MY_DOMAIN_NAME.com
Pragma: no-cache
user_name=MY_USER_NAME&password=MY_PASSWORD&forward_url=
%2F&login=Login
HTTP/1.1 302 Found
Date: Thu, 23 Aug 2007 16:13:41 GMT
Content-Type: text/html; charset=UTF-8
Proxy-Connection: close
Server: CherryPy/2.2.1
Vary: Accept-Encoding
Content-Encoding: gzip
Set-Cookie: tg-visit=77489a6a85cee6f31f76a28bc59a03a91c9f836d;
expires=Thu, 23-Aug-2007 16:38:11 GMT; Path=/
X-Cache: MISS from MY_DOMAIN_NAME.com
Location: http://MY_DOMAIN_NAME.com/
Via: 1.1 inet-nc02 (NetCache NetApp/6.0.6)
GET http: //MY_DOMAIN_NAME.com/ HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-powerpoint,
application/vnd.ms-excel, application/msword, */*
Referer: http://MY_DOMAIN_NAME.com/
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET
CLR 1.1.4322)
Proxy-Connection: Keep-Alive
Host: MY_DOMAIN_NAME.com
Pragma: no-cache
Cookie: tg-visit=77489a6a85cee6f31f76a28bc59a03a91c9f836d
HTTP/1.1 200 OK
Date: Thu, 23 Aug 2007 16:13:42 GMT
Content-Length: 5613
Content-Type: text/html; charset=utf-8
Server: CherryPy/2.2.1
Vary: Accept-Encoding
Content-Encoding: gzip
X-Cache: MISS from MY_DOMAIN_NAME.com
Via: 1.1 inet-nc02 (NetCache NetApp/6.0.6)
GET http: //MY_DOMAIN_NAME.com/tg_widgets/jslibs/javascript/
MochiKit.js HTTP/1.1
Accept: */*
Referer: http://MY_DOMAIN_NAME.com/
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET
CLR 1.1.4322)
Proxy-Connection: Keep-Alive
Host: MY_DOMAIN_NAME.com
Cookie: tg-visit=77489a6a85cee6f31f76a28bc59a03a91c9f836d
HTTP/1.1 200 OK
Date: Thu, 23 Aug 2007 05:40:33 GMT
Content-Length: 43484
Content-Type: application/x-javascript
Server: CherryPy/2.2.1
Vary: Accept-Encoding,User
Last-Modified: Tue, 08 May 2007 20:20:49 GMT
Set-Cookie: tg-visit=aef89b6f95f540a935db8199ef6eb99cb920a52e;
expires=Sun, 19-Aug-2007 22:34:21 GMT; Path=/
X-Cache: HIT from MY_DOMAIN_NAME.com
Content-Encoding: gzip
Via: 1.1 inet-nc02 (NetCache NetApp/6.0.6)
Tim Roberts
> Hi,
>
> I am trying to launch a website but am having issues with IE6 and IE7
> (but not FF/Safari) where the user is being logged out after they log-
> in. I am not exactly sure what the problem is (could be caching,
> apache HTTP.conf, cookie, or TurboGears/Cherrypy). I have attached
> below the IE7 HTTP response header after submitting the log-in
> information. As you can see, the user successfully logs-in, where TG
> returns a 'set-cookie' for the authenticated session. Soon after
> that, you also see that a request for MochiKit.js also returns a 'set-
> cookie' with an expires time in the past. So maybe this is the
> problem!
>
That would certainly do it. Note, however, that the cookie value in
that request is different. Is it possible that you have session aging
somewhere that deletes the sessions after some period of time, and it is
getting confused here? Do you kill the session when you service .js
files for some reason?
--
Tim Roberts, ti...@probo.com
Providenza & Boekelheide, Inc.
wul...@gmail.com
I don't understand what you mean by the "cookie value in that request
is different"?
Upon logging in, we get this:
Set-Cookie: tg-visit=77489a6a85cee6f31f76a28bc59a03a91c9f836d;
expires=Thu, 23-Aug-2007 16:38:11 GMT; Path=/
And in the page request and mochikit request we get this:
Cookie: tg-visit=77489a6a85cee6f31f76a28bc59a03a91c9f836d
Aren't both cookie values are the same?
We aren't using any "session aging" that I know of. We're using the
default TurboGears and CherrPy configuration (and we did set the
base_url_filter.on and base_url_filter.use_x_forwarded_host).
If the 'expires' time of the javascript cookie is set in the past,
perhaps the cookie and the response are both being returned from a
cache somewhere? What sorts of things might be going wrong? What can
I try to fix?
On Aug 23, 10:53 am, Tim Roberts <t...@probo.com> wrote:
> Tim Roberts, t...@probo.com
> Providenza & Boekelheide, Inc.
Tim Roberts
> Hi Tim,
>
> I don't understand what you mean by the "cookie value in that request
> is different"?
>
> Upon logging in, we get this:
> Set-Cookie: tg-visit=77489a6a85cee6f31f76a28bc59a03a91c9f836d;
> expires=Thu, 23-Aug-2007 16:38:11 GMT; Path=/
>
> And in the page request and mochikit request we get this:
> Cookie: tg-visit=77489a6a85cee6f31f76a28bc59a03a91c9f836d
>
> Aren't both cookie values are the same?
>
Ooops, I said "request" when I should have send "response". It is the
cookie you send BACK that is different:
HTTP/1.1 200 OK
Date: Thu, 23 Aug 2007 05:40:33 GMT
Content-Length: 43484
Content-Type: application/x-javascript
Server: CherryPy/2.2.1
Vary: Accept-Encoding,User
Last-Modified: Tue, 08 May 2007 20:20:49 GMT
Set-Cookie: tg-visit=aef89b6f95f540a935db8199ef6eb99cb920a52e;
expires=Sun, 19-Aug-2007 22:34:21 GMT; Path=/
X-Cache: HIT from MY_DOMAIN_NAME.com
Content-Encoding: gzip
Via: 1.1 inet-nc02 (NetCache NetApp/6.0.6)
> If the 'expires' time of the javascript cookie is set in the past,
> perhaps the cookie and the response are both being returned from a
> cache somewhere? What sorts of things might be going wrong? What can
> I try to fix?
>
I don't know how TurboGears plays into this. CherryPy won't change the
cookie value unless you ask it to.
wul...@gmail.com
Yes, I understand what CPY/TG is sending back is another set-cookie
but it isn't supposed to. I never explictly tell TG to touch that! I
even tried modifying the response header to REMOVE the set-cookie, but
it is still being sent. I have another production server behind
apache (but on ubuntu instead of OSX) that doesn't have these issues.
The thread is on the TG forums here:
http://groups.google.com/group/turbogears/browse_thread/thread/2fedef4f55bec537
This problem is still unresolved. Does anyone know what I can try?
How can I move the tg_widgets static files to be served statically
from apache?
On Aug 23, 1:50 pm, Tim Roberts <t...@probo.com> wrote: