FAQ
I'm seeing an issue where if IE is holding a cookie when a session
expires (expires set to 7200, cookie_expires set to 0), the user can't
login. Login authenticates successfully, but redirects back to the
login page. (Session is expired and not being deleted correctly)

This does not happen with Firefox, which appears to actually delete the
session correctly.

I noticed the same behavior if the session data (Store::DBIC) was
deleted from the DB before the session expires.

Any ideas what might be causing this and how to fix it?

Thanks,
Dylan

Debug output: (Repeats the last 2 requests until the browser is closed
with a session cookie or the cookie file is deleted with a cookie with
an expiration)

[debug] "GET" request for "/" from "209.221.173.66"
[debug] Found sessionid "cb30ab14db722929594b6ec6e4f35bc28895284f" in
cookie
[debug] Deleting session(session expired)
[debug] Redirecting to "https://myapp/signin"
[info] Request took 0.084344s (11.856/s)
.----------------------------------------------------------------+------
-----.
Action | Time
+----------------------------------------------------------------+------
-----+
/auto |
0.057025s |
/end |
0.001156s |
'----------------------------------------------------------------+------
-----'

[info] *** Request 1 (0.001/s) [3435] [Tue Feb 27 21:50:43 2007] ***
[debug] "GET" request for "signin" from "209.221.173.66"
[debug] Path is "signin"
[debug] Found sessionid "cb30ab14db722929594b6ec6e4f35bc28895284f" in
cookie
[debug] Deleting session(session expired)
[debug] Rendering template "login_welcome.tt"
[info] Request took 0.178703s (5.596/s)
.----------------------------------------------------------------+------
-----.
Action | Time
+----------------------------------------------------------------+------
-----+
/auto |
0.000492s |
/auth/signin |
0.083319s |
/end |
0.066447s |
-> NetResponse::View::TT->process |
0.062633s |
'----------------------------------------------------------------+------
-----'

[info] *** Request 2 (0.002/s) [3435] [Tue Feb 27 13:50:50 2007] ***
[debug] Body Parameters are:
.-------------------------------------+---------------------------------
-----.
Parameter | Value
+-------------------------------------+---------------------------------
-----+
email | username |
password | password |
'-------------------------------------+---------------------------------
-----'
[debug] "POST" request for "signin" from "209.221.173.66"
[debug] Path is "signin"
[debug] Found sessionid "cb30ab14db722929594b6ec6e4f35bc28895284f" in
cookie
[debug] Deleting session(session expired)
[debug] Found sessionid "cb30ab14db722929594b6ec6e4f35bc28895284f" in
cookie
[debug] Deleting session(session expired)
[debug] Found sessionid "cb30ab14db722929594b6ec6e4f35bc28895284f" in
cookie
[debug] Successfully authenticated user 'dylanv@semaphore.com'.
[debug] Redirecting to "https://myapp/signin"

Search Discussions

  • Thomas Hartman at Feb 28, 2007 at 11:08 am
    Don't really understand the root of the problem, but I asked about
    this on #Catalyst and was told of a workaround, and saved it to my
    .bashrc hints.

    If I recall correctly, the consensus is that this is an IE6 bug.

    hartman@ds0207:~> thartman_catalyst_IE6_response_redirect_prob_hint
    try myapp_server.pl with -f -k flags
    hartman@ds0207:~>

    hope this helps, thomas.
    On 2/27/07, Dylan Vanderhoof wrote:
    I'm seeing an issue where if IE is holding a cookie when a session
    expires (expires set to 7200, cookie_expires set to 0), the user can't
    login. Login authenticates successfully, but redirects back to the
    login page. (Session is expired and not being deleted correctly)

    This does not happen with Firefox, which appears to actually delete the
    session correctly.

    I noticed the same behavior if the session data (Store::DBIC) was
    deleted from the DB before the session expires.

    Any ideas what might be causing this and how to fix it?

    Thanks,
    Dylan

    Debug output: (Repeats the last 2 requests until the browser is closed
    with a session cookie or the cookie file is deleted with a cookie with
    an expiration)

    [debug] "GET" request for "/" from "209.221.173.66"
    [debug] Found sessionid "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie
    [debug] Deleting session(session expired)
    [debug] Redirecting to "https://myapp/signin"
    [info] Request took 0.084344s (11.856/s)
    .----------------------------------------------------------------+------
    -----.
    Action | Time
    +----------------------------------------------------------------+------
    -----+
    /auto |
    0.057025s |
    /end |
    0.001156s |
    '----------------------------------------------------------------+------
    -----'

    [info] *** Request 1 (0.001/s) [3435] [Tue Feb 27 21:50:43 2007] ***
    [debug] "GET" request for "signin" from "209.221.173.66"
    [debug] Path is "signin"
    [debug] Found sessionid "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie
    [debug] Deleting session(session expired)
    [debug] Rendering template "login_welcome.tt"
    [info] Request took 0.178703s (5.596/s)
    .----------------------------------------------------------------+------
    -----.
    Action | Time
    +----------------------------------------------------------------+------
    -----+
    /auto |
    0.000492s |
    /auth/signin |
    0.083319s |
    /end |
    0.066447s |
    -> NetResponse::View::TT->process |
    0.062633s |
    '----------------------------------------------------------------+------
    -----'

    [info] *** Request 2 (0.002/s) [3435] [Tue Feb 27 13:50:50 2007] ***
    [debug] Body Parameters are:
    .-------------------------------------+---------------------------------
    -----.
    Parameter | Value
    +-------------------------------------+---------------------------------
    -----+
    email | username |
    password | password |
    '-------------------------------------+---------------------------------
    -----'
    [debug] "POST" request for "signin" from "209.221.173.66"
    [debug] Path is "signin"
    [debug] Found sessionid "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie
    [debug] Deleting session(session expired)
    [debug] Found sessionid "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie
    [debug] Deleting session(session expired)
    [debug] Found sessionid "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie
    [debug] Successfully authenticated user 'dylanv@semaphore.com'.
    [debug] Redirecting to "https://myapp/signin"

    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
  • Marc Logghe at Feb 28, 2007 at 1:02 pm

    -----Original Message-----
    From: Thomas Hartman
    Sent: Wednesday, February 28, 2007 12:09 PM
    To: The elegant MVC web framework
    Subject: Re: [Catalyst] Session problems with IE and cookies

    Don't really understand the root of the problem, but I asked
    about this on #Catalyst and was told of a workaround, and
    saved it to my .bashrc hints.

    If I recall correctly, the consensus is that this is an IE6 bug.

    Not sure about that. I have exactly the same problem as Dylan. It is not
    specific for IE, Opera shows the very same problem.
    The user has to manually delete the cookie in order to login again. Not
    what you can call user friendly ;-)
    It seems that only Firefox is expiring the session cookie in the correct
    way. Also, why is it only us 2 having this problem ? Is everybody else
    using Firefox only ?
    Cheers,
    Marc



    hartman@ds0207:~> thartman_catalyst_IE6_response_redirect_prob_hint
    try myapp_server.pl with -f -k flags
    hartman@ds0207:~>

    hope this helps, thomas.
    On 2/27/07, Dylan Vanderhoof wrote:
    I'm seeing an issue where if IE is holding a cookie when a session
    expires (expires set to 7200, cookie_expires set to 0), the
    user can't
    login. Login authenticates successfully, but redirects back to the
    login page. (Session is expired and not being deleted correctly)

    This does not happen with Firefox, which appears to actually delete
    the session correctly.

    I noticed the same behavior if the session data (Store::DBIC) was
    deleted from the DB before the session expires.

    Any ideas what might be causing this and how to fix it?

    Thanks,
    Dylan

    Debug output: (Repeats the last 2 requests until the
    browser is closed
    with a session cookie or the cookie file is deleted with a
    cookie with
    an expiration)

    [debug] "GET" request for "/" from "209.221.173.66"
    [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie [debug] Deleting session(session expired) [debug]
    Redirecting
    to "https://myapp/signin"
    [info] Request took 0.084344s (11.856/s)
    .----------------------------------------------------------------+----
    --
    -----.
    Action Time
    +----------------------------------------------------------------+----
    +----------------------------------------------------------------+--
    -----+
    /auto |
    0.057025s |
    /end |
    0.001156s |
    '----------------------------------------------------------------+----
    --
    -----'

    [info] *** Request 1 (0.001/s) [3435] [Tue Feb 27 21:50:43 2007] ***
    [debug] "GET" request for "signin" from "209.221.173.66"
    [debug] Path is "signin"
    [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie [debug] Deleting session(session expired) [debug] Rendering
    template "login_welcome.tt"
    [info] Request took 0.178703s (5.596/s)
    .----------------------------------------------------------------+----
    --
    -----.
    Action Time
    +----------------------------------------------------------------+----
    +----------------------------------------------------------------+--
    -----+
    /auto |
    0.000492s |
    /auth/signin |
    0.083319s |
    /end |
    0.066447s |
    -> NetResponse::View::TT->process |
    0.062633s |
    '----------------------------------------------------------------+----
    --
    -----'

    [info] *** Request 2 (0.002/s) [3435] [Tue Feb 27 13:50:50 2007] ***
    [debug] Body Parameters are:
    .-------------------------------------+-------------------------------
    --
    -----.
    Parameter | Value
    +-------------------------------------+-------------------------------
    +-------------------------------------+--
    -----+
    email | username |
    password | password
    '-------------------------------------+-------------------------------
    --
    -----'
    [debug] "POST" request for "signin" from "209.221.173.66"
    [debug] Path is "signin"
    [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie [debug] Deleting session(session expired) [debug] Found
    sessionid "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie [debug]
    Deleting session(session expired) [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in cookie [debug]
    Successfully authenticated user 'dylanv@semaphore.com'.
    [debug] Redirecting to "https://myapp/signin"

    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
  • Jeffrey Ng at Feb 28, 2007 at 1:20 pm
    we had the exact same problem with ie. but not firefox. people even
    wrote tutorial on their own blogs to teach other users how to log on
    to our site. we could not find out the source of error. we reworte the
    whole thing from scratch. and now we are hearing less complaints. we
    couldnt verify if we really have fixed it because the problem happened
    randomly. we could never replicate the bug.
    On 2/28/07, Marc Logghe wrote:

    -----Original Message-----
    From: Thomas Hartman
    Sent: Wednesday, February 28, 2007 12:09 PM
    To: The elegant MVC web framework
    Subject: Re: [Catalyst] Session problems with IE and cookies

    Don't really understand the root of the problem, but I asked
    about this on #Catalyst and was told of a workaround, and
    saved it to my .bashrc hints.

    If I recall correctly, the consensus is that this is an IE6 bug.

    Not sure about that. I have exactly the same problem as Dylan. It is not
    specific for IE, Opera shows the very same problem.
    The user has to manually delete the cookie in order to login again. Not
    what you can call user friendly ;-)
    It seems that only Firefox is expiring the session cookie in the correct
    way. Also, why is it only us 2 having this problem ? Is everybody else
    using Firefox only ?
    Cheers,
    Marc



    hartman@ds0207:~> thartman_catalyst_IE6_response_redirect_prob_hint
    try myapp_server.pl with -f -k flags
    hartman@ds0207:~>

    hope this helps, thomas.
    On 2/27/07, Dylan Vanderhoof wrote:
    I'm seeing an issue where if IE is holding a cookie when a session
    expires (expires set to 7200, cookie_expires set to 0), the
    user can't
    login. Login authenticates successfully, but redirects back to the
    login page. (Session is expired and not being deleted correctly)

    This does not happen with Firefox, which appears to actually delete
    the session correctly.

    I noticed the same behavior if the session data (Store::DBIC) was
    deleted from the DB before the session expires.

    Any ideas what might be causing this and how to fix it?

    Thanks,
    Dylan

    Debug output: (Repeats the last 2 requests until the
    browser is closed
    with a session cookie or the cookie file is deleted with a
    cookie with
    an expiration)

    [debug] "GET" request for "/" from "209.221.173.66"
    [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie [debug] Deleting session(session expired) [debug]
    Redirecting
    to "https://myapp/signin"
    [info] Request took 0.084344s (11.856/s)
    .----------------------------------------------------------------+----
    --
    -----.
    Action Time
    +----------------------------------------------------------------+----
    +----------------------------------------------------------------+--
    -----+
    /auto |
    0.057025s |
    /end |
    0.001156s |
    '----------------------------------------------------------------+----
    --
    -----'

    [info] *** Request 1 (0.001/s) [3435] [Tue Feb 27 21:50:43 2007] ***
    [debug] "GET" request for "signin" from "209.221.173.66"
    [debug] Path is "signin"
    [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie [debug] Deleting session(session expired) [debug] Rendering
    template "login_welcome.tt"
    [info] Request took 0.178703s (5.596/s)
    .----------------------------------------------------------------+----
    --
    -----.
    Action Time
    +----------------------------------------------------------------+----
    +----------------------------------------------------------------+--
    -----+
    /auto |
    0.000492s |
    /auth/signin |
    0.083319s |
    /end |
    0.066447s |
    -> NetResponse::View::TT->process |
    0.062633s |
    '----------------------------------------------------------------+----
    --
    -----'

    [info] *** Request 2 (0.002/s) [3435] [Tue Feb 27 13:50:50 2007] ***
    [debug] Body Parameters are:
    .-------------------------------------+-------------------------------
    --
    -----.
    Parameter | Value
    +-------------------------------------+-------------------------------
    +-------------------------------------+--
    -----+
    email | username |
    password | password
    '-------------------------------------+-------------------------------
    --
    -----'
    [debug] "POST" request for "signin" from "209.221.173.66"
    [debug] Path is "signin"
    [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie [debug] Deleting session(session expired) [debug] Found
    sessionid "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie [debug]
    Deleting session(session expired) [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in cookie [debug]
    Successfully authenticated user 'dylanv@semaphore.com'.
    [debug] Redirecting to "https://myapp/signin"

    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/

    --
    Jeffrey Ng
    CEO, Zorpia.com
  • Octavian Rasnita at Feb 28, 2007 at 1:31 pm
    I have created a site using Catalyst, and I access it with IE, but I can
    login with no issues.
    However, 2 customers told me that they can login on the site from one
    location, but they cannot do it from their work place.
    I don't know, but it might be the same bug, since after the login, the
    program is making an external redirection, and the cookies are used...

    Anyway, if somebody will find what's the problem, please write on the list.

    Octavian

    ----- Original Message -----
    From: "Marc Logghe" <Marc.Logghe@DEVGEN.com>
    To: "Thomas Hartman" <thomashartman1@googlemail.com>
    Cc: "The elegant MVC web framework" <catalyst@lists.rawmode.org>
    Sent: Wednesday, February 28, 2007 3:02 PM
    Subject: RE: [Catalyst] Session problems with IE and cookies



    -----Original Message-----
    From: Thomas Hartman
    Sent: Wednesday, February 28, 2007 12:09 PM
    To: The elegant MVC web framework
    Subject: Re: [Catalyst] Session problems with IE and cookies

    Don't really understand the root of the problem, but I asked
    about this on #Catalyst and was told of a workaround, and
    saved it to my .bashrc hints.

    If I recall correctly, the consensus is that this is an IE6 bug.

    Not sure about that. I have exactly the same problem as Dylan. It is not
    specific for IE, Opera shows the very same problem.
    The user has to manually delete the cookie in order to login again. Not
    what you can call user friendly ;-)
    It seems that only Firefox is expiring the session cookie in the correct
    way. Also, why is it only us 2 having this problem ? Is everybody else
    using Firefox only ?
    Cheers,
    Marc



    hartman@ds0207:~> thartman_catalyst_IE6_response_redirect_prob_hint
    try myapp_server.pl with -f -k flags
    hartman@ds0207:~>

    hope this helps, thomas.
    On 2/27/07, Dylan Vanderhoof wrote:
    I'm seeing an issue where if IE is holding a cookie when a session
    expires (expires set to 7200, cookie_expires set to 0), the
    user can't
    login. Login authenticates successfully, but redirects back to the
    login page. (Session is expired and not being deleted correctly)

    This does not happen with Firefox, which appears to actually delete
    the session correctly.

    I noticed the same behavior if the session data (Store::DBIC) was
    deleted from the DB before the session expires.

    Any ideas what might be causing this and how to fix it?

    Thanks,
    Dylan

    Debug output: (Repeats the last 2 requests until the
    browser is closed
    with a session cookie or the cookie file is deleted with a
    cookie with
    an expiration)

    [debug] "GET" request for "/" from "209.221.173.66"
    [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie [debug] Deleting session(session expired) [debug]
    Redirecting
    to "https://myapp/signin"
    [info] Request took 0.084344s (11.856/s)
    .----------------------------------------------------------------+----
    --
    -----.
    Action Time
    +----------------------------------------------------------------+----
    +----------------------------------------------------------------+--
    -----+
    /auto |
    0.057025s |
    /end |
    0.001156s |
    '----------------------------------------------------------------+----
    --
    -----'

    [info] *** Request 1 (0.001/s) [3435] [Tue Feb 27 21:50:43 2007] ***
    [debug] "GET" request for "signin" from "209.221.173.66"
    [debug] Path is "signin"
    [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie [debug] Deleting session(session expired) [debug] Rendering
    template "login_welcome.tt"
    [info] Request took 0.178703s (5.596/s)
    .----------------------------------------------------------------+----
    --
    -----.
    Action Time
    +----------------------------------------------------------------+----
    +----------------------------------------------------------------+--
    -----+
    /auto |
    0.000492s |
    /auth/signin |
    0.083319s |
    /end |
    0.066447s |
    -> NetResponse::View::TT->process |
    0.062633s |
    '----------------------------------------------------------------+----
    --
    -----'

    [info] *** Request 2 (0.002/s) [3435] [Tue Feb 27 13:50:50 2007] ***
    [debug] Body Parameters are:
    .-------------------------------------+-------------------------------
    --
    -----.
    Parameter | Value
    +-------------------------------------+-------------------------------
    +-------------------------------------+--
    -----+
    email | username |
    password | password
    '-------------------------------------+-------------------------------
    --
    -----'
    [debug] "POST" request for "signin" from "209.221.173.66"
    [debug] Path is "signin"
    [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie [debug] Deleting session(session expired) [debug] Found
    sessionid "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie [debug]
    Deleting session(session expired) [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in cookie [debug]
    Successfully authenticated user 'dylanv@semaphore.com'.
    [debug] Redirecting to "https://myapp/signin"

    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
  • Bill Moseley at Feb 28, 2007 at 4:35 pm

    On Wed, Feb 28, 2007 at 03:31:39PM +0200, Octavian Rasnita wrote:
    I have created a site using Catalyst, and I access it with IE, but I can
    login with no issues.
    However, 2 customers told me that they can login on the site from one
    location, but they cannot do it from their work place.
    This sounds different from what the OP commented on (since they are
    able to log in), but there is a bug related to SSL and IE that causes
    IE to send an empty body:

    http://support.microsoft.com/default.aspx?kbid�1167

    --
    Bill Moseley
    moseley@hank.org
  • Michael Alan Dorman at Mar 1, 2007 at 12:11 pm

    On Wed, 28 Feb 2007 15:31:39 +0200 "Octavian Rasnita" wrote:

    I have created a site using Catalyst, and I access it with IE, but I
    can login with no issues.
    However, 2 customers told me that they can login on the site from one
    location, but they cannot do it from their work place.
    I don't know, but it might be the same bug, since after the login,
    the program is making an external redirection, and the cookies are
    used...

    Anyway, if somebody will find what's the problem, please write on the
    list.
    I have seen this problem. I finally fixed it for my application late
    last year, after an embarrassingly long time. In my application the
    sequence of events was:

    * user goes to main site, foo.org

    * user is issued a cookie, from foo.org

    * user submits form, is redirected to bar.foo.org

    * user is issued another cookie, from bar.foo.org

    * IE begins sending both cookies to bar.foo.org.

    Depending on which cookie appears last, one or the other will be
    "active"; if it's the one from foo.org instead of bar.foo.org,
    typically you lose, because the session ID isn't known to bar.foo.org.

    I thought I was giving the right domain= values to make sure that
    didn't happen; I can't tell if the problem stems from me being too
    stupid to read the cookie spec right, or the IE team. It's not a spec
    that, in my opinion, is without some ambiguity.

    Anyway, the situation appeared intermittently for years. I finally got
    a trace from a single client on all hosts involved that let me see where
    the "mystery key" that was confusing bar.foo.org originated.

    The solution I eventually adopted was to also delete the session cookie
    for foo.org at the same time as I did the external redirect to
    bar.foo.org. I haven't heard of the issue popping up again since.

    Mike.
  • Octavian Rasnita at Mar 1, 2007 at 2:33 pm
    I am not using 2 cookies, but I think the problem is related on how the
    application is sending the cookies.

    I thought it is an IE bug, but now I am not so sure anymore, because I have
    made some more tests:

    I have set the session to expire after 1 minute, and the cookie expiration
    time to 0 (to be a session cookie).
    In this case, no cookie should be saved on the hard disk of my client
    computer, but kept only in memory.

    If I click a link after 1 minute with no activity on the site, I can see
    that the server is sending a cookie that has an expiry time, even though
    I've set it to be a session cookie. It sets the expiry time to the present
    time, so it shouldn't be sent back to the server by the browser.
    However, the time of the server and the time of the client computer don't
    match always.

    So if I tried to login again immediately after I've seen that I am logged
    out, the browser sends the cookie to the server.

    Now I don't know what is Catalyst doing exactly.

    I think it should see that there is a session that corresponds to that
    cookie, and also see that that session has expired, and it should delete the
    session and create a new one. But the application just don't allow access,
    even though the login was successfully. It doesn't create the $c->user
    object, so the login form is presented to the user.

    If I let more than 1 minute to pass and I don't try to login, I am able to
    login.

    So I don't know how the session storage works, or better said, how the
    session files are deleted.
    I think that they are deleted (or re-created) only after 1 or 2 minutes, and
    not immediately they are expired.

    This is what I found, but I don't know for sure what is the reasons of
    happening this way.

    I am using:
    Session
    Session::State::Cookie
    Session::Store::File
    Authentication
    Authentication::Store::DBIC
    Authentication::Credential::Password
    Authorization::Roles

    Of course, if I delete the cookie before trying to login, the browser
    doesn't send it anymore, and the login goes fine.

    Do you have any idea why the cookie is sent by the application with an
    expiry date instead of sending a session cookie without it?

    Octavian

    ----- Original Message -----
    From: "Michael Alan Dorman" <mdorman@tendentious.org>
    To: <catalyst@lists.rawmode.org>
    Sent: Thursday, March 01, 2007 2:11 PM
    Subject: Re: [Catalyst] Session problems with IE and cookies

    On Wed, 28 Feb 2007 15:31:39 +0200
    "Octavian Rasnita" wrote:
    I have created a site using Catalyst, and I access it with IE, but I
    can login with no issues.
    However, 2 customers told me that they can login on the site from one
    location, but they cannot do it from their work place.
    I don't know, but it might be the same bug, since after the login,
    the program is making an external redirection, and the cookies are
    used...

    Anyway, if somebody will find what's the problem, please write on the
    list.
    I have seen this problem. I finally fixed it for my application late
    last year, after an embarrassingly long time. In my application the
    sequence of events was:

    * user goes to main site, foo.org

    * user is issued a cookie, from foo.org

    * user submits form, is redirected to bar.foo.org

    * user is issued another cookie, from bar.foo.org

    * IE begins sending both cookies to bar.foo.org.

    Depending on which cookie appears last, one or the other will be
    "active"; if it's the one from foo.org instead of bar.foo.org,
    typically you lose, because the session ID isn't known to bar.foo.org.

    I thought I was giving the right domain= values to make sure that
    didn't happen; I can't tell if the problem stems from me being too
    stupid to read the cookie spec right, or the IE team. It's not a spec
    that, in my opinion, is without some ambiguity.

    Anyway, the situation appeared intermittently for years. I finally got
    a trace from a single client on all hosts involved that let me see where
    the "mystery key" that was confusing bar.foo.org originated.

    The solution I eventually adopted was to also delete the session cookie
    for foo.org at the same time as I did the external redirect to
    bar.foo.org. I haven't heard of the issue popping up again since.

    Mike.

    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
  • Dylan Vanderhoof at Feb 28, 2007 at 5:23 pm
    Not really. I'm running IE7, and this is in mod_perl, so it has nothing
    to do with the dev server. =)

    Thanks,
    Dylan
    -----Original Message-----
    From: Thomas Hartman
    Sent: Wednesday, February 28, 2007 3:09 AM
    To: The elegant MVC web framework
    Subject: Re: [Catalyst] Session problems with IE and cookies


    Don't really understand the root of the problem, but I asked about
    this on #Catalyst and was told of a workaround, and saved it to my
    .bashrc hints.

    If I recall correctly, the consensus is that this is an IE6 bug.

    hartman@ds0207:~> thartman_catalyst_IE6_response_redirect_prob_hint
    try myapp_server.pl with -f -k flags
    hartman@ds0207:~>

    hope this helps, thomas.
    On 2/27/07, Dylan Vanderhoof wrote:
    I'm seeing an issue where if IE is holding a cookie when a session
    expires (expires set to 7200, cookie_expires set to 0), the
    user can't
    login. Login authenticates successfully, but redirects back to the
    login page. (Session is expired and not being deleted correctly)

    This does not happen with Firefox, which appears to
    actually delete the
    session correctly.

    I noticed the same behavior if the session data (Store::DBIC) was
    deleted from the DB before the session expires.

    Any ideas what might be causing this and how to fix it?

    Thanks,
    Dylan

    Debug output: (Repeats the last 2 requests until the
    browser is closed
    with a session cookie or the cookie file is deleted with a
    cookie with
    an expiration)

    [debug] "GET" request for "/" from "209.221.173.66"
    [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie
    [debug] Deleting session(session expired)
    [debug] Redirecting to "https://myapp/signin"
    [info] Request took 0.084344s (11.856/s)
    .-------------------------------------------------------------
    ---+------
    -----.
    Action Time
    +-------------------------------------------------------------
    ---+------
    -----+
    /auto |
    0.057025s |
    /end |
    0.001156s |
    '-------------------------------------------------------------
    ---+------
    -----'

    [info] *** Request 1 (0.001/s) [3435] [Tue Feb 27 21:50:43 2007] ***
    [debug] "GET" request for "signin" from "209.221.173.66"
    [debug] Path is "signin"
    [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie
    [debug] Deleting session(session expired)
    [debug] Rendering template "login_welcome.tt"
    [info] Request took 0.178703s (5.596/s)
    .-------------------------------------------------------------
    ---+------
    -----.
    Action Time
    +-------------------------------------------------------------
    ---+------
    -----+
    /auto |
    0.000492s |
    /auth/signin |
    0.083319s |
    /end |
    0.066447s |
    -> NetResponse::View::TT->process |
    0.062633s |
    '-------------------------------------------------------------
    ---+------
    -----'

    [info] *** Request 2 (0.002/s) [3435] [Tue Feb 27 13:50:50 2007] ***
    [debug] Body Parameters are:
    .-------------------------------------+-----------------------
    ----------
    -----.
    Parameter | Value
    +-------------------------------------+-----------------------
    ----------
    -----+
    email | username |
    password | password
    '-------------------------------------+-----------------------
    ----------
    -----'
    [debug] "POST" request for "signin" from "209.221.173.66"
    [debug] Path is "signin"
    [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie
    [debug] Deleting session(session expired)
    [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie
    [debug] Deleting session(session expired)
    [debug] Found sessionid
    "cb30ab14db722929594b6ec6e4f35bc28895284f" in
    cookie
    [debug] Successfully authenticated user 'dylanv@semaphore.com'.
    [debug] Redirecting to "https://myapp/signin"

    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
  • Dylan Vanderhoof at Feb 28, 2007 at 5:25 pm
    Yeah, that's the exact issue.

    A majority of my users are using IE6/7, so this is really a major
    problem.

    -Dylan
    -----Original Message-----
    From: Marc Logghe
    Sent: Wednesday, February 28, 2007 5:03 AM
    To: Thomas Hartman
    Cc: The elegant MVC web framework
    Subject: RE: [Catalyst] Session problems with IE and cookies


    Not sure about that. I have exactly the same problem as
    Dylan. It is not
    specific for IE, Opera shows the very same problem.
    The user has to manually delete the cookie in order to login
    again. Not
    what you can call user friendly ;-)
    It seems that only Firefox is expiring the session cookie in
    the correct
    way. Also, why is it only us 2 having this problem ? Is everybody else
    using Firefox only ?
    Cheers,
    Marc


  • Hartmaier Alexander at Mar 1, 2007 at 9:15 am
    Hi!

    Most of the users of my cat apps use IE6/7, some (and I) Firefox.
    Some times in the past IE users couldn't login, deleting the cookies solved the problem, but it occurred only 3-4 times so I didn't investigate further.
    And what should I do against browser bugs?!

    -Alex


    -----Urspr?ngliche Nachricht-----
    Von: Dylan Vanderhoof
    Gesendet: Mittwoch, 28. Februar 2007 18:25
    An: The elegant MVC web framework
    Betreff: RE: [Catalyst] Session problems with IE and cookies

    Yeah, that's the exact issue.

    A majority of my users are using IE6/7, so this is really a major
    problem.

    -Dylan
    -----Original Message-----
    From: Marc Logghe
    Sent: Wednesday, February 28, 2007 5:03 AM
    To: Thomas Hartman
    Cc: The elegant MVC web framework
    Subject: RE: [Catalyst] Session problems with IE and cookies


    Not sure about that. I have exactly the same problem as
    Dylan. It is not
    specific for IE, Opera shows the very same problem.
    The user has to manually delete the cookie in order to login
    again. Not
    what you can call user friendly ;-)
    It seems that only Firefox is expiring the session cookie in
    the correct
    way. Also, why is it only us 2 having this problem ? Is everybody else
    using Firefox only ?
    Cheers,
    Marc


    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/

    *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
    T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
    Handelsgericht Wien, FN 79340b
    *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
    Notice: This e-mail contains information that is confidential and may be privileged.
    If you are not the intended recipient, please notify the sender and then delete this e-mail immediately.
    *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
  • Tobias Kremer at Mar 1, 2007 at 10:20 am

    Zitat von Hartmaier Alexander <Alexander.Hartmaier@t-systems.at>:

    Most of the users of my cat apps use IE6/7, some (and I) Firefox.
    Some times in the past IE users couldn't login, deleting the cookies solved
    the problem, but it occurred only 3-4 times so I didn't investigate further.
    And what should I do against browser bugs?!
    We have this problem since we started using Apache::Session + Apache::Cookie
    about 5 years ago. Never had the time to actually look into it. It happens
    only infrequently but often enough to have it included in our site FAQs. Said
    application is running under Apache 1.3.x + mod_perl + Mason + MySQL - no
    Catalyst involved!

    --Tobias
  • Octavian Rasnita at Mar 1, 2007 at 11:24 am
    Today I had that issue. I couldn't login on my site even though I've tried
    for more times with 2 different user names.
    I have also tried closing and opening again the browser, but I still wasn't
    able to login.

    So I wanted to read the HTTP headers sent and received by IE before trying
    to delete the cookies.
    For doing that, I needed to click with the mouse cursor in the text area at
    the bottom of the browser window where IE Headers plug in shows the headers
    (for beeing able to read it with the screen reader).

    After clicking there, the system started to work very slow, so I opened the
    task manager in order to see what consumes that much, and I have seen that
    the browser was using 99% of the processor.
    I've killed that huge process, and after opening again IE, I was able to
    login fine, with no other problems and no need to delete the cookies.

    So I think this bug is definitely related to IE or Windows and not with
    mod_perl, Apache or Catalyst.

    Octavian

    ----- Original Message -----
    From: "Tobias Kremer" <list@funkreich.de>
    To: "Hartmaier Alexander" <Alexander.Hartmaier@t-systems.at>
    Cc: "The elegant MVC web framework" <catalyst@lists.rawmode.org>
    Sent: Thursday, March 01, 2007 12:22 PM
    Subject: Re: AW: [Catalyst] Session problems with IE and cookies


    Zitat von Hartmaier Alexander <Alexander.Hartmaier@t-systems.at>:
    Most of the users of my cat apps use IE6/7, some (and I) Firefox.
    Some times in the past IE users couldn't login, deleting the cookies
    solved
    the problem, but it occurred only 3-4 times so I didn't investigate
    further.
    And what should I do against browser bugs?!
    We have this problem since we started using Apache::Session + Apache::Cookie
    about 5 years ago. Never had the time to actually look into it. It happens
    only infrequently but often enough to have it included in our site FAQs.
    Said
    application is running under Apache 1.3.x + mod_perl + Mason + MySQL - no
    Catalyst involved!

    --Tobias

    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
  • Kieren Diment at Mar 1, 2007 at 9:39 am
    Can someone with access to the problem platform rig up a minimal app and a
    failing test case please.

    Not that I'm volunteering to fix it or anything, it's just that's the best
    way to get it fixed.

    http://www.catalystframework.org/calendar/2006/7 should point you in the
    right direction though.

    On another vein of thought I wonder if HTTP::Recorder would illuminate the
    problem at all. It's a bit buggy though so that would be a bit of a long
    shot.

    On 01/03/07, Dylan Vanderhoof wrote:

    Yeah, that's the exact issue.

    A majority of my users are using IE6/7, so this is really a major
    problem.

    -Dylan
    -----Original Message-----
    From: Marc Logghe
    Sent: Wednesday, February 28, 2007 5:03 AM
    To: Thomas Hartman
    Cc: The elegant MVC web framework
    Subject: RE: [Catalyst] Session problems with IE and cookies


    Not sure about that. I have exactly the same problem as
    Dylan. It is not
    specific for IE, Opera shows the very same problem.
    The user has to manually delete the cookie in order to login
    again. Not
    what you can call user friendly ;-)
    It seems that only Firefox is expiring the session cookie in
    the correct
    way. Also, why is it only us 2 having this problem ? Is everybody else
    using Firefox only ?
    Cheers,
    Marc


    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20070301/53e3848a/attachment.htm
  • Dylan Vanderhoof at Mar 1, 2007 at 11:35 pm
    I'm not really sure how to write a test case for something that only
    fails using IE (as best I can tell).

    Any suggestions?

    -D

    -----Original Message-----
    From: Kieren Diment
    Sent: Thursday, March 01, 2007 1:39 AM
    To: The elegant MVC web framework
    Subject: Re: [Catalyst] Session problems with IE and cookies



    Can someone with access to the problem platform rig up a minimal
    app and a failing test case please.

    Not that I'm volunteering to fix it or anything, it's just
    that's the best way to get it fixed.

    http://www.catalystframework.org/calendar/2006/7 should point
    you in the right direction though.

    On another vein of thought I wonder if HTTP::Recorder would
    illuminate the problem at all. It's a bit buggy though so that would be
    a bit of a long shot.




    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20070301/c627648e/attachment.htm
  • Kieren Diment at Mar 2, 2007 at 1:15 am

    On 02/03/07, Dylan Vanderhoof wrote:
    I'm not really sure how to write a test case for something that only
    fails using IE (as best I can tell).

    Any suggestions?

    That's why I suggested HTTP::Recorder. Then convert the recording to a
    Test::WWW::Mechanize[::Catalyst] script.

    However, as I noted, HTTP::Recorder is a bit buggy and so it might not work
    :(

    And even if it does, it might turn out to be a heisenbug :-((



    -D
    -----Original Message-----
    *From:* Kieren Diment
    *Sent:* Thursday, March 01, 2007 1:39 AM
    *To:* The elegant MVC web framework
    *Subject:* Re: [Catalyst] Session problems with IE and cookies

    Can someone with access to the problem platform rig up a minimal app and a
    failing test case please.

    Not that I'm volunteering to fix it or anything, it's just that's the best
    way to get it fixed.

    http://www.catalystframework.org/calendar/2006/7 should point you in the
    right direction though.

    On another vein of thought I wonder if HTTP::Recorder would illuminate the
    problem at all. It's a bit buggy though so that would be a bit of a long
    shot.



    _______________________________________________
    List: Catalyst@lists.rawmode.org
    Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
    Searchable archive:
    http://www.mail-archive.com/catalyst@lists.rawmode.org/
    Dev site: http://dev.catalyst.perl.org/
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20070302/a09f1e49/attachment.htm
  • David Morel at Mar 3, 2007 at 8:21 pm

    Le 2 Mar 2007 ? 02:15, Kieren Diment a ?crit :

    On 02/03/07, Dylan Vanderhoof wrote:
    I'm not really sure how to write a test case for something that
    only fails using IE (as best I can tell).

    Any suggestions?


    That's why I suggested HTTP::Recorder. Then convert the recording
    to a Test::WWW::Mechanize[::Catalyst] script.

    However, as I noted, HTTP::Recorder is a bit buggy and so it might
    not work :(

    And even if it does, it might turn out to be a heisenbug :-((
    Test::WWW::Selenium is your friend. I setup some front-end tests with
    it, using the Firefox plugin to quickly have a working skeleton then
    looping over this using Test::LectroTest, and I found it very easy to
    run, and incredibly powerful. Much easier than writing T:W:Mechanize
    based tests, all the more so as I never could have Recorder DWIM :)
    You have to use the selenium rc, but the setup is far from complex.

    David Morel



    -------------- next part --------------
    A non-text attachment was scrubbed...
    Name: PGP.sig
    Type: application/pgp-signature
    Size: 155 bytes
    Desc: =?ISO-8859-1?Q?Ceci_est_une_signature_électronique_PGP?Url : http://lists.scsys.co.uk/pipermail/catalyst/attachments/20070303/911a8b4c/PGP.pgp

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedFeb 27, '07 at 10:08p
activeMar 3, '07 at 8:21p
posts17
users11
websitecatalystframework.org
irc#catalyst

People

Translate

site design / logo © 2021 Grokbase