[
https://jira.duraspace.org/browse/DS-959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22573#comment-22573
]
Tim Donohue commented on DS-959:
--------------------------------
So, I think I've finally located the underlying problem here, and also why the
JSPUI is unaffected.
The underlying issue is that an application path without a trailing slash will
always generate a fresh JSESSIONID Cookie.
An example: Suppose you have XMLUI at http://localhost:8080/xmlui
* If you continually refresh the URL http://localhost:8080/xmlui (no trailing
slash), a brand new Session (and JSESSIONID Cookie) is generated each time.
* However, if you continually refresh the URL http://localhost:8080/xmlui/
(with trailing slash), the same JSESSIONID Cookie is retained.
The reason why the JSPUI is unaffected is that we have a 302 Redirect in place
which automatically redirects all requests to http://localhost:8080/jspui (no
trailing slash) to http://localhost:8080/jspui/ (with trailing slash). If this
redirect was *not* in place, I believe the JSPUI would also be affected by this
issue.
So, if we find a way to always redirect http://localhost:8080/xmlui to
http://localhost:8080/xmlui/ (similar to JSPUI), then I think we'd also avoid
this issue on the XMLUI (we may also need to tweak the
'xmlui.user.loginredirect' setting to default to "/" though).
> XMLUI login failure when using Tomcat 7.0.16
> --------------------------------------------
>
> Key: DS-959
> URL: https://jira.duraspace.org/browse/DS-959
> Project: DSpace
> Issue Type: Bug
> Components: XMLUI
> Affects Versions: 1.7.2
> Environment: Based on discussion on 'dspace-tech', seems to affect
> the following browsers:
> * IE
> * Chrome
> * Safari
> * Opera
> Reporter: Stuart Lewis
> Priority: Major
> Fix For: 1.8.0
>
>
> See: http://dspace.2283337.n4.nabble.com/Login-and-IE8-td3671944.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.duraspace.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
