Session Timeout error after login with 0 indicators
293 views
Skip to first unread message
Charles
May 29, 2012, 5:55:50 PM5/29/12
to webpasswordsafe
So I'm trying out a basic implementation of your app. Decided on it
because I can recognize an ExtJS implementation anywhere (we're an
extjs shop too). Got it up and running on a jetty server with an nginx
proxy and a mysql database. That all seems to be working (at least it
was once I named the database properly).
So I can go to the app page, I can hit login with the default admin/
pass. I even get a 200 (ok) response from a call to rpc/LoginService.
But it still pops up the "Session Timeout. Please login again." box.
No entries in the error log, no entries in the webpasswordsafe log,
entries in jetty's request log with the last one being that call to
LoginService. I get an entry in the audit log pointing to my
successful login as admin. By all regards, the server thinks it
worked, but the front-end client disagrees heartily.
Any suggestions on how to proceed?
because I can recognize an ExtJS implementation anywhere (we're an
extjs shop too). Got it up and running on a jetty server with an nginx
proxy and a mysql database. That all seems to be working (at least it
was once I named the database properly).
So I can go to the app page, I can hit login with the default admin/
pass. I even get a 200 (ok) response from a call to rpc/LoginService.
But it still pops up the "Session Timeout. Please login again." box.
No entries in the error log, no entries in the webpasswordsafe log,
entries in jetty's request log with the last one being that call to
LoginService. I get an entry in the audit log pointing to my
successful login as admin. By all regards, the server thinks it
worked, but the front-end client disagrees heartily.
Any suggestions on how to proceed?
Josh
May 31, 2012, 1:36:43 AM5/31/12
to webpass...@googlegroups.com
Sure there isn't anything in your Jetty stderrout log? $JETTY_HOME/logs by default? The critical exceptions will usually fall to that log. But to answer your question about webpasswordsafe logs, edit /webpasswordsafe/src/main/resources/log4j.xml before building as described in the Administrator Guide. Admittedly the default configuration is very Tomcat-centric, thus the use of catalina.base environment variables, change those to full paths that make sense on your server.
I was playing around with Jetty a bit and found a possible issue with the way it handles JSESSIONID that could cause an issue with the CSRF protection in some fringe cases I'll look into. But I can't be sure this is what you are running into without more info from logs.
Thanks,
~Josh
Charles
May 31, 2012, 8:30:55 AM5/31/12
to webpass...@googlegroups.com
I'm quite certain I have all the logs working. I get entries in each for every call to the server up until the point that the front end decides that I don't have access rights. I'll switch to tomcat and see how that goes.
Charles
May 31, 2012, 12:03:08 PM5/31/12
to webpass...@googlegroups.com
Welp, that fixed it. There's something not right with Jetty. Tomcat6 + nginx works fine.
Josh
Jun 1, 2012, 3:30:23 AM6/1/12
to webpass...@googlegroups.com
Hi Charles,
Glad Tomcat works for you. I actually released a quick patch update, version 1.2.1 that I believe fixes the issue I saw with Jetty (and Glassfish) when I was testing with it. If you have a chance give that a try and it would be good to know if that fixes your issue as well. Also did the logging still not work after changing the log4j.xml file?
Thanks,
Thanks,
~Josh
Tanguy Mezzano
Jul 11, 2014, 10:33:13 AM7/11/14
to webpass...@googlegroups.com
Hi,
I've installed webpasswordsafe-1.3 on an opensuse 13.1 and I'm stuck with the "Sesstion Timeout. Please login again." problem.
The context is a mysql connection with apache2 web server.
What would be the configuration of tomcat server.xml and apache2 *.conf files to bypass that bug?
Thanks,
Tanguy
Reply all
Reply to author
Forward
0 new messages