Users being logged out

Davin_Flatten · April 26, 2006, 11:34am

I have been trying to figure this one out for weeks. When our users
first log into RT they succeed but when you click on any link you are
taken back to the login page. I looked at my logs and this is what I am
getting in my rt.log:

[Wed Apr 26 10:14:36 2006] [err]: Error loading user with id:
RT::CurrentUser=HASH(0x3f76830)->Id
(/www/webapps/rt3/lib/RT/CurrentUser.pm:146)

and in my apache logs I am getting:

[Wed Apr 26 06:14:36 2006] [error] [client 128.119.91.13] FastCGI:
server “/www/webapps/rt3/bin/mason_handler.fcgi” stderr: [Wed Apr 26
10:14:36 2006] [err]: Error loading user with id:
RT::CurrentUser=HASH(0x3f76830)->Id
(/www/webapps/rt3/lib/RT/CurrentUser.pm:146)

The load user method is being called with an undefined $self-Id

Does anyone have any ideas as to what might cause this?

RT 3.5.6
Apache 2.0
FastCGI

Thank you,
Davin Flatten

Davin_Flatten · April 28, 2006, 1:20pm

I am still having this problem but I have ruled out the session cache by
using Apache::Session::File and my PgSQL database for sessions. Both
show the same problem. I also made sure I have a good network
connection. I have the problem with both SSL and nonSSL connections.
The problem is reproducible. If I log into RT the first time and then
click on ‘Preferences’ while on the ‘Home’ page I will be redirected to
the login page every time. It looks like I am going to have to spend
time to debug the code for this problem. Anyone have any success with
this bug?

-Davin

Davin Flatten
Unix Systems Administrator
University of Massachusetts
Amherst, MA 01003

Phone: 413-545-1580
Email: flatten@ecs.umass.edu

Rick_Russell · April 28, 2006, 1:34pm

Are you waiting long enough for the entire page to load? The pages sets
an authentication cookie; if the page doesn’t completely load, the auth
cookie isn’t set correctly and you’re not authenticated.

The authentication is strictly cookie based, so there’s no issue with
apache sessions or anything like that. I’ve left my computer asleep and
off the net for hours, then I come back to my browser and continue
without needing to log back in. As long as you don’t toss the cookie,
you’re golden.

Rick R.

Davin Flatten wrote:

rickr.vcf (182 Bytes)

Davin_Flatten · April 28, 2006, 8:10pm

Rick-

I thought the same, but these logouts are occurring immediately after
you have already logged in. They occur when the user clicks a page that
is not the index.html page. It also occurs across browsers (IE,
Thunderbird, etc…) I can see in the logs for both rt and apache that
errors are being generated when rt attempts to load the user object but
the $self->Id value is undefined. This causes a series of errors to
occur until finally ( probably default behavior ) the user is redirected
to the login page.

Still frustrated!

Thanks
Davin

Davin Flatten
Unix Systems Administrator
University of Massachusetts
Amherst, MA 01003

Phone: 413-545-1580
Email: flatten@ecs.umass.edu

Davin_Flatten · April 29, 2006, 12:38pm

Well I went ahead and upgraded our RT installation to 3.6.0pre1and the
problem still exists. Still wondering?

-Davin

Davin_Flatten · May 1, 2006, 1:38am

Ted-

Thanks! I will look into this as a possible solution. Seems to me
though this is a pretty annoying bug that would affect many users, and I
am surprised that no one has addressed it. Once again thank you for
the suggestion.

-Davin

Stephen_Turner · May 1, 2006, 1:52pm

At Sunday 4/30/2006 09:38 PM, Davin Flatten wrote:

Ted-

Thanks! I will look into this as a possible solution. Seems to me
though this is a pretty annoying bug that would affect many users,
and I am surprised that no one has addressed it. Once again thank
you for the suggestion.

-Davin

Davin,

Could you post the possible solution? I didn’t see it on the mailing list.

Thanks,
Steve

Davin_Flatten · May 1, 2006, 4:08pm

Stephen-

The possible solution that was mentioned was to use external
authentication as a work around to the internal auth problem. The
person mentioned using a Microsoft Active Directory server for
authentication. I am not sure this would work in our all Linux/Unix
based environment and I am not going to set up a AD server just for this
problem. Maybe a OpenLDAP if I can’t solve the problem.

Hope this helps.

-Davin

Davin Flatten
Unix Systems Administrator
University of Massachusetts
Amherst, MA 01003

Phone: 413-545-1580
Email: flatten@ecs.umass.edu

Ted_Serreyn · May 2, 2006, 2:39pm

The solution is just to implement external authentication and let apache
handle it rather than RT.

Ted

Ted Serreyn Phone:262-432-0260 Fax:262-432-0232
Serreyn Network Services, LLC http://www.serreyn.com/From: Stephen Turner [mailto:sturner@MIT.EDU]
Sent: Monday, May 01, 2006 8:52 AM
To: Davin Flatten; Ted Serreyn; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Users being logged out.

At Sunday 4/30/2006 09:38 PM, Davin Flatten wrote:

Ted-

Thanks! I will look into this as a possible solution. Seems to me
though this is a pretty annoying bug that would affect many users,
and I am surprised that no one has addressed it. Once again thank
you for the suggestion.

-Davin

Davin,

Could you post the possible solution? I didn’t see it on the mailing list.

Thanks,
Steve

Ruslan_Zakirov · May 5, 2006, 2:11am

Really we just couldn’t reproduce problem you didn’t show us exact
error messages so how could we help you?On 4/29/06, Davin Flatten flatten@ecs.umass.edu wrote:

Rick-

I thought the same, but these logouts are occurring immediately after
you have already logged in. They occur when the user clicks a page that
is not the index.html page. It also occurs across browsers (IE,
Thunderbird, etc…) I can see in the logs for both rt and apache that
errors are being generated when rt attempts to load the user object but
the $self->Id value is undefined. This causes a series of errors to
occur until finally ( probably default behavior ) the user is redirected
to the login page.

Still frustrated!

Thanks
Davin

–
Davin Flatten
Unix Systems Administrator
University of Massachusetts
Amherst, MA 01003

Phone: 413-545-1580
Email: flatten@ecs.umass.edu

The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

We’re hiring! Come hack Perl for Best Practical: Careers — Best Practical Solutions

Best regards, Ruslan.

Ole_Craig · May 11, 2006, 12:55am

I have been trying to figure this one out for weeks. When our users
first log into RT they succeed but when you click on any link you are
taken back to the login page. I looked at my logs and this is what I am
getting in my rt.log:
[…]

Davin -
I had this problem with a new 3.6.0pre install; if I remember correctly,
it was because I had used

http://myrt.example.com/rt

instead of

http://myrt.example.com/rt/

(note the trailing slash.) In my case, I was redirecting from another
URL, and so I kept hitting it. To test if this is what you’re seeing,
try entering the URL with the trailing slash by hand in your browser’s
location bar.

Hope that's useful,
	Ole

/Ole Craig
Security Engineer

303-381-3802 (main support hotline)
303-381-3824 (my direct line)
303-381-3801 (fax)

www.stillsecure.com
. . .