eZPublish - is_logged_in cookie

Author Message

Maxime Thomas

Friday 17 December 2010 3:12:56 am

Hi,

Does anynone get some troubles with the is_logged_in cookie ?

On our platform, everydays for one week, we have the following bug :

After being authenticated, the user click on a link and he is disconnected systematically from eZ.

After inscpection, the is_logged_in cookie is unset during the redirection that occurs between /user/login and the called page.

I've put some debug in the index.php that handle this (and related to http://issues.ez.no/IssueView.php?Id=14828&activeItem=4) but it still occurs.

Our webhosting company told us it is eZPublish which is sending a bad header :

Set-Cookie: <span class="search-match">is_logged_in</span>=deleted; expires=Mon, 17-Dec-2010 10:23:19 GMT; path=/

The debug is never written so I don't why this occurs.

Any idea ?

Max

Maxime Thomas
[email protected] | www.wascou.org | http://twitter.com/wascou

Company Blog : http://www.wascou.org/eng/Company/Blog
Technical Blog : http://share.ez.no/blogs/maxime-thomas

Gaetano Giunta

Friday 17 December 2010 7:46:25 am

Does set set-cookie header really include the text '<span class="search-match">' or is it just part of the forum post text?

Principal Consultant International Business
Member of the Community Project Board

Maxime Thomas

Friday 17 December 2010 8:34:08 am

No, of course.

The right one is :

Set-Cookie: is_logged_in=deleted; expires=Mon, 17-Dec-2010 10:23:19 GMT; path=/

Any idea by the way ?

Maxime Thomas
[email protected] | www.wascou.org | http://twitter.com/wascou

Company Blog : http://www.wascou.org/eng/Company/Blog
Technical Blog : http://share.ez.no/blogs/maxime-thomas

Maxime Thomas

Friday 17 December 2010 8:38:24 am

Ah, I think it's related to this one :

http://issues.ez.no/IssueView.php?Id=16549&activeItem=2

Effectively the cookie does not need to be sent at each page. No ?

Maxime Thomas
[email protected] | www.wascou.org | http://twitter.com/wascou

Company Blog : http://www.wascou.org/eng/Company/Blog
Technical Blog : http://share.ez.no/blogs/maxime-thomas

Maxime Thomas

Wednesday 22 December 2010 2:12:34 am

Finally, I've found it.

A login handler was enabled always returning false, so I was connected then disconnected.

So the rule is to always check the login handler list and its return.

Maxime Thomas
[email protected] | www.wascou.org | http://twitter.com/wascou

Company Blog : http://www.wascou.org/eng/Company/Blog
Technical Blog : http://share.ez.no/blogs/maxime-thomas

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.