Repetitive browser authentication

RT Users
1

Dear all,

I installed a new system with RT 3.8.8. I’m wondering why I have to authenticate again after successful authentication.
Example: I login to rt RT webinterface and in a second step I click an RT link in an e-mail to a new ticket. A new browser tab opens and I have to authenticate again.
Tested in FF and IE.
Any ideas how I can change setting so authentication is only needed once per session?

Thanks and regards,
David

David Obando
IT Projektmanager
digital & security

Egmont Ehapa Verlag GmbH
Wallstraße 59
10179 Berlin
Germany
Phone: +49 30 240080
Direct: +49 30 24008361
Mobil: +49 172 1548386
Fax: +49 30 24008101
d.obando@ehapa.de
www.ehapa.de http://www.ehapa.de/

Geschäftsführer: Ulrich Buser, Rob McMenemy | Handelsregister: HRB 81977 AG Berlin-Charlottenburg | Sitz der Gesellschaft: Berlin

EGMONT

2

Dear all,

I installed a new system with RT 3.8.8. I’m wondering why I have to authenticate again after
successful authentication.

Example: I login to rt RT webinterface and in a second step I click an RT link in an e-mail to
a new ticket. A new browser tab opens and I have to authenticate again.

Tested in FF and IE.
Any ideas how I can change setting so authentication is only needed once per session?

This usually happens when you have different hostnames that alias to
RT so the cookies aren’t compatible.

-kevin

3

Hi,

I don’t use different hostname. I just tested with clicking the RT links in two “new-ticket-notification”-mails:

  1. clicking the first ticketlink and authenticating
  2. clicking the second ticketlink and I have to authenticate again

Regard,
David-----Ursprüngliche Nachricht-----
Von: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] Im Auftrag von Kevin Falcone
Gesendet: Donnerstag, 17. März 2011 15:30
An: rt-users@lists.bestpractical.com
Betreff: Re: [rt-users] repetitive browser authentication

On Thu, Mar 17, 2011 at 01:51:55PM +0100, Obando, David DE - EV wrote:

Dear all,

I installed a new system with RT 3.8.8. I’m wondering why I have to authenticate again after
successful authentication.

Example: I login to rt RT webinterface and in a second step I click an RT link in an e-mail to
a new ticket. A new browser tab opens and I have to authenticate again.

Tested in FF and IE.
Any ideas how I can change setting so authentication is only needed once per session?

This usually happens when you have different hostnames that alias to RT so the cookies aren’t compatible.

-kevin

4

I don’t use different hostname. I just tested with clicking the RT links in two “new-ticket-notification”-mails:

  1. clicking the first ticketlink and authenticating
  2. clicking the second ticketlink and I have to authenticate again

Then you’re going to have to tell us more about what configuration
changes or customizations you’ve made to RT, since this isn’t normal
observed behavior. Your debugging logs from RT would also be helpful,
along with cookie information.

-kevin

5

I’ve observed the same thing with my RT 3.8.4 install. I’ve not taken the
time to look into it further, but I have noticed that if I authenticate, and
then wait for the page to fully load, usually I don’t have to re-auth. The
issue seems to happen when I’m too impatient for the initial “RT at a glance”
page to load, and click one of the other links on the page.

I am using RT::Authen::ExternalAuth, but this issue doesn’t seem to be
specific to external accounts. I see the same behavior when logging in
as a local RT user, such as “root”.

Not sure if that helps identify what the issue might be. I’d be willing
to assist in troubleshooting this if anyone wants to throw some more
questions or test cases my way…

--MarkOn Thu, 17 Mar 2011, Obando, David DE - EV wrote:

Hi,

I don’t use different hostname. I just tested with clicking the RT links in two “new-ticket-notification”-mails:

  1. clicking the first ticketlink and authenticating
  2. clicking the second ticketlink and I have to authenticate again

Regard,
David

-----Urspr�ngliche Nachricht-----
Von: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] Im Auftrag von Kevin Falcone
Gesendet: Donnerstag, 17. M�rz 2011 15:30
An: rt-users@lists.bestpractical.com
Betreff: Re: [rt-users] repetitive browser authentication

On Thu, Mar 17, 2011 at 01:51:55PM +0100, Obando, David DE - EV wrote:

Dear all,

I installed a new system with RT 3.8.8. I’m wondering why I have to authenticate again after
successful authentication.

Example: I login to rt RT webinterface and in a second step I click an RT link in an e-mail to
a new ticket. A new browser tab opens and I have to authenticate again.

Tested in FF and IE.
Any ideas how I can change setting so authentication is only needed once per session?

This usually happens when you have different hostnames that alias to RT so the cookies aren’t compatible.

-kevin

Mark A Bentley
CTO Lab Systems Support
AT&T Mobility, Redmond, WA
Email: mark.bentley@att.com
425-702-3072 (desk) / 425-702-2826 (fax)

6

I’ve observed the same thing with my RT 3.8.4 install. I’ve not taken the

There have been two sets of changes to the login code since 3.8.4,
including one since 3.8.8, so debugging on 3.8.4 is hard.

Hopefully you’ve patched your RT for the various security problems
since 3.8.4

-kevin

7

Hello!On Thu, 17 Mar 2011 13:51:55 +0100 “Obando, David DE - EV” D.Obando@ehapa.de wrote:

I installed a new system with RT 3.8.8. I’m wondering why I have to authenticate again after successful authentication.

Maybe Re: [rt-users] RT creates a new session every 'Take', 'Update Ticket', 'Save'
hits you:

Try removing a trailing slash from $WebBaseURL within
your configuration if there are any.

Regards

Florian Hinzmann

Florian Hinzmann private: mail@fhinzmann.de
Debian: fh@debian.org
PGP Key / ID: 1024D/B4071A65
Fingerprint : F9AB 00C1 3E3A 8125 DD3F DF1C DF79 A374 B407 1A65

8

Hi,

thanks for the hint, but I don’t have a trailing slash in my $WebBaseURL.

Regards,
DavidVon: Florian Hinzmann [mailto:mail@fhinzmann.de]
Gesendet: Freitag, 18. März 2011 10:15
An: Obando, David DE - EV
Cc: rt-users@lists.bestpractical.com
Betreff: Re: [rt-users] repetitive browser authentication

Hello!

9

Hi,

late answer - it took a while until I could look into the problem again.
What I now did was cloning my rt VM and deleting /usr/local/share/request-tracker3.8 so all my customizations are inactive.

I still have to re-authenticate, e.g. I login, open a second tab with a ticket ID URL and have to login again.
Tested in Internet Explorer and Firefox.

I’m using the Debian package from http://rt.easter-eggs.org, a standard apache setup, my RT config looks like:

my $zone = “UTC”;
$zone=/bin/cat /etc/timezone
if -f “/etc/timezone”;
chomp $zone;
Set($Timezone, $zone);

Set($rtname, ‘rt.ehapa.de’);
Set($Organization, ‘ehapa.de’);

Set($CorrespondAddress , ‘rt@rt.ehapa.de’);
Set($CommentAddress , ‘rt-comment@rt.ehapa.de’);

Set($WebPath , “/rt”);
Set($WebBaseURL , “http://rt.ehapa.de”);

my %typemap = (
mysql => ‘mysql’,
pgsql => ‘Pg’,
sqlite3 => ‘SQLite’,
);

Set($DatabaseType, $typemap{mysql} || “UNKNOWN”);

Set($DatabaseHost, ‘localhost’);
Set($DatabasePort, ‘’);

Set($DatabaseUser , ‘rt3’);
Set($DatabasePassword , ‘xxx’);

my $dbc_dbname = ‘rt3’; if ( “mysql” eq “sqlite3” ) { Set ($DatabaseName, ‘’ . ‘/’ . $dbc_dbname); } else { Set ($DatabaseName, $dbc_dbname); }

Set($RTAddressRegexp , ‘^help(-comment)?@rt.ehapa.de$’);

Set($DevelMode, ‘0’);

Set($LogoURL, “/rt/NoAuth/images/logo_ev.jpg”);
Set($LogoLinkURL, ‘http://ehapa.de’);
Set($LogoAltText, “”);
Set($LogoImageWidth, 75);
Set($LogoImageHeight, 38);
Set($DefaultSummaryRows, 30);
Set(%GnuPG, Enable => 0);
Set($DefaultQueue, “Ehapa”);
Set($MaxInlineBody, 40000);
Set($LogToSyslog , ‘debug’);

Thank you and best regards,
DavidVon: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] Im Auftrag von Kevin Falcone
Gesendet: Donnerstag, 17. März 2011 16:51
An: rt-users@lists.bestpractical.com
Betreff: Re: [rt-users] repetitive browser authentication

I don’t use different hostname. I just tested with clicking the RT links in two “new-ticket-notification”-mails:

  1. clicking the first ticketlink and authenticating 2. clicking the
    second ticketlink and I have to authenticate again

Then you’re going to have to tell us more about what configuration changes or customizations you’ve made to RT, since this isn’t normal observed behavior. Your debugging logs from RT would also be helpful, along with cookie information.

-kevin

-----Ursprüngliche Nachricht-----
Von: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] Im Auftrag von Kevin
Falcone
Gesendet: Donnerstag, 17. März 2011 15:30
An: rt-users@lists.bestpractical.com
Betreff: Re: [rt-users] repetitive browser authentication

Dear all,

I installed a new system with RT 3.8.8. I’m wondering why I have to authenticate again after
successful authentication.

Example: I login to rt RT webinterface and in a second step I click an RT link in an e-mail to
a new ticket. A new browser tab opens and I have to authenticate again.

Tested in FF and IE.
Any ideas how I can change setting so authentication is only needed once per session?

This usually happens when you have different hostnames that alias to RT so the cookies aren’t compatible.