Opened 19 years ago
Closed 14 years ago
#2438 closed defect (duplicate)
Safari and multiple trac projects with different authentication
Reported by: | Owned by: | Jonas Borgström | |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | general | Version: | devel |
Severity: | normal | Keywords: | needinfo |
Cc: | j.beilicke@… | Branch: | |
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
I am only able to reproduce this problem with Safari. It seems to work fine with Firefox. I am using Trac 0.9, Safari 1.3.1.
I have 2 Trac projects setup, one called splash and another called splash_old. In the Trac permissions I require authenticated users for all permissions. I have setup htpasswd files to auth the 'login' method. In the htpasswd for splash, I have a user testuser. In the htpasswd for splash_old, I have a user valankar. I have removed all cookies from my browser.
When I go to the splash project, I login as testuser and can work with the project fine. I then go to the splash_old project and do not have permissions. I then click on login. I enter valankar with my password. It then just goes to the same page not logged in (i.e. with the login link still visible). It essentially seems to ignore what I entered. If I click login again, it no longer prompts me, and just reloads the same page, again not logged in.
If I do the exact same sequence with Firefox, it works fine. I can switch between projects and for splash it shows I'm logged in as testuser, and for splash_old, it shows I'm logged in as valankar.
So it seems something related to Safari. I looked at the HTTP requests the browser is making, and I notice at the login click on the 2nd project in Safary, it sends this:
Cookie: trac_auth=36b8db01607d7ab36506ad97d38196b3; trac_auth=eb167bd6b57b7a5dae9a3dee48ef13b2
Note there are 2 trac_auth cookies. The same request in Firefox only has one trac_auth cookie sent in the request. I am guessing this is the culprit.
Is this a bug in Safari? Is there any way around it?
Thanks,
Viraj.
Attachments (0)
Change History (20)
comment:2 by , 19 years ago
Here is a link to a Python bug report related to this and the Cookie module.
comment:3 by , 18 years ago
Keywords: | needinfo added |
---|
Hm, if this is not happening anymore with more recent versions of Safari, maybe we could close this one…
comment:4 by , 18 years ago
Resolution: | → wontfix |
---|---|
Status: | new → closed |
Assuming this is not an issue anymore… please reopen if the issue is still valid.
comment:5 by , 18 years ago
Resolution: | wontfix |
---|---|
Status: | closed → reopened |
Version: | 0.9 → devel |
I have had exactly the same problem using Safari 2.0.4 (419.3) and Trac 0.10.5dev, using multiple trac projects in a virtual host. Also, submitting any settings from the settings page resulted in a bad request error "Missing or invalid form token. Do you have cookies enabled?".
But I found a solution giving a hint for a possible reason for this error: The trac environment folder contained one space character; after renaming the directory the error no longer occurs, login works just fine, submitting settings and so on.
comment:6 by , 17 years ago
Resolution: | → worksforme |
---|---|
Status: | reopened → closed |
So you resolved it by getting rid of spaces in your trac environment folder. Thanks for the feedback, Michael.
Sounds like worksforme
then.
comment:7 by , 17 years ago
Resolution: | worksforme |
---|---|
Status: | closed → reopened |
I'm having this exact same problem still with Trac 10.3 and Safari. No space in my environment folder.
comment:8 by , 17 years ago
Make sure you're using a recent version of Safari (3.1), as it looks like it's a Safari bug.
comment:9 by , 16 years ago
Resolution: | → invalid |
---|---|
Status: | reopened → closed |
Please reopen if the problem still exist with recent Safari version (or other browsers).
follow-up: 11 comment:10 by , 16 years ago
Resolution: | invalid |
---|---|
Status: | closed → reopened |
We have from time to time the same problem (bad request…) with multiple trac opened simultaneously. It occurs not on all pcs, only for some users. And we use FF2 or 3, not Safari. The TRAC version we use is a 0.10 r6400.
comment:11 by , 16 years ago
Resolution: | → invalid |
---|---|
Status: | reopened → closed |
Replying to anonymous:
We have from time to time the same problem (bad request…) with multiple trac opened simultaneously. It occurs not on all pcs, only for some users. And we use FF2 or 3, not Safari. The TRAC version we use is a 0.10 r6400.
Pretty clearly not the same bug then. Do not reopen unrelated bugs.
comment:13 by , 14 years ago
I have the same problem with recent versions of Trac (0.12) and Safari/Mac (Version 5.0.3). The cookie trac_auth
is sent twice by Safari when trying to login. In my case the projects are called "campaigns" and "campaigns-test".
Output from ngrep
:
GET /campaigns/report HTTP/1.1 Host: example.org Accept-Encoding: gzip, deflate Accept-Language: de-de User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; de-de) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Referer: http://example.org/campaigns/report Cookie: trac_auth=38ce5f8974f78484c8c7acdad7c9f0a8; trac_form_token=9381f850cba65c9c2b917644 Connection: keep-alive ... GET /campaigns-test/report HTTP/1.1 Host: example.org Accept-Encoding: gzip, deflate Accept-Language: de-de User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; de-de) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Referer: http://example.org/campaigns-test/report Cookie: trac_auth=7a5ed301a7da16e4220ffd6600107396; trac_auth=38ce5f8974f78484c8c7acdad7c9f0a8; trac_form_token=9381f850cba65c9c2b917644 Connection: keep-alive
comment:14 by , 14 years ago
Resolution: | invalid |
---|---|
Status: | closed → reopened |
Reopened according to this comment.
follow-up: 16 comment:15 by , 14 years ago
That means both sites have the same prefix. I wonder if our cookie path has a trailing "/" or not.
comment:16 by , 14 years ago
Cc: | added |
---|
Replying to rblank:
That means both sites have the same prefix. I wonder if our cookie path has a trailing "/" or not.
No trailing "/":
HTTP/1.1 302 Found Date: Mon, 10 Jan 2011 14:46:23 GMT Server: Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8o Authentication-Info: rspauth="bb1d2eccef0522c92389a1030b975497", cnonce="35673231c65aeb15d14400abe81915dd", nc=00000001, qop=auth Location: http://example.org/campaigns/report Pragma: no-cache Cache-Control: no-cache Expires: Fri, 01 Jan 1999 00:00:00 GMT Set-Cookie: trac_auth=4d8a6d3d8cc7a8e52400c2a7375b8898; Path=/campaigns Set-Cookie: trac_session=52c319bd297ed06c43d3541d; expires=Mon, 10-Jan-2011 14:46:24 GMT; Path=/campaigns Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 20 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/plain ... GET /campaigns-test/login HTTP/1.1 Host: example.org User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; de-de) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Referer: http://example.org/campaigns-test/report Accept-Language: de-de Accept-Encoding: gzip, deflate Cookie: trac_session=730441c547cce7c2653a7556; trac_auth=4d8a6d3d8cc7a8e52400c2a7375b8898; trac_form_token=9381f850cba65c9c2b917644 Authorization: Digest username="testuser", realm="testrealm", nonce="A0U3C3+ZBAA=aeff66a194f868a809533129050cba75abe29d9f", uri="/campaigns-test/login", response="0126e6135fdcbed60a6f7dddf4a80bc7", algorithm="MD5", cnonce="c18643575c480fa99c83bdf5ef8603c6", nc=00000001, qop="auth" Connection: keep-alive ## HTTP/1.1 302 Found Date: Mon, 10 Jan 2011 14:47:14 GMT Server: Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8o Authentication-Info: rspauth="054ba0bb7c90bcc113dedb514442aa17", cnonce="c18643575c480fa99c83bdf5ef8603c6", nc=00000001, qop=auth Location: http://example.org/campaigns-test/report Pragma: no-cache Cache-Control: no-cache Expires: Fri, 01 Jan 1999 00:00:00 GMT Set-Cookie: trac_auth=fa7e592dbad53848fe28875f873a8edb; Path=/campaigns-test Set-Cookie: trac_session=730441c547cce7c2653a7556; expires=Mon, 10-Jan-2011 14:47:14 GMT; Path=/campaigns-test Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 20 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/plain ## T 172.16.20.30:54748 -> 172.16.10.151:80 [AP] GET /campaigns-test/report HTTP/1.1 Host: example.org Accept-Encoding: gzip, deflate Accept-Language: de-de User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; de-de) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Referer: http://example.org/campaigns-test/report Cookie: trac_auth=fa7e592dbad53848fe28875f873a8edb; trac_auth=4d8a6d3d8cc7a8e52400c2a7375b8898; trac_form_token=9381f850cba65c9c2b917644 Connection: keep-alive
comment:17 by , 14 years ago
So the next question is: is there supposed to be a trailing slash, or is this a browser bug? Each instance sets only a single trac_auth
cookie, but the browser returns both cookies when accessing the "campaigns-test" instance. Can you reproduce the issue with other browsers than Safari?
follow-up: 19 comment:18 by , 14 years ago
And also, is this really Safari specific? What do you get with other browsers?
This looks like the same problem as reported in #9951.
comment:19 by , 14 years ago
Replying to cboos:
And also, is this really Safari specific? What do you get with other browsers?
This looks like the same problem as reported in #9951.
Indeed the same problem! Thx for the hint :)
In Firefox everything is fine, Chrome too:
T client-ip:55649 -> server-ip:80 [AP] GET /campaigns/login HTTP/1.1..Host: example.org..User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; de; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8..Accept: text/html,application/xhtml+xml,application/xml; q=0.9,*/*;q=0.8..Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3..Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7..Keep-Alive: 600..Connection: keep-alive..Cookie: trac_form_token=7e83fb2 e42c1e34d0b427bfe; trac_session=74a02ae1d644684c48131b43..Authorization: Digest username="testuser", realm="testrealm", nonce="...", uri="/campaigns/login", algorithm =MD5, response="...", qop=auth, nc=00000005, cnonce="b5b2983387b9eb82".... ## T server-ip:80 -> client-ip:55649 [AP] HTTP/1.1 302 Found..Date: Mon, 10 Jan 2011 16:25:55 GMT..Server: Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8o..Authentication-Info: rspauth="...", cnonce="...", nc=00000005, qop=auth..Location: http://example.org/campaigns..Pragma: no-cache..Cache-Control: no-cache..Expires: Fri, 01 Jan 1999 00:00:00 GMT..Set-Cookie: trac_auth=7d2a3eee58a 5c09b80568ee2daa314af; Path=/campaigns..Set-Cookie: trac_session=74a02ae1d644684c48131b43; expires=Mon, 10-Jan-2011 16:25:55 GMT; Path=/campaigns..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Length: 20..Keep-Ali ve: timeout=15, max=98..Connection: Keep-Alive..Content-Type: text/plain........................ ... T client-ip:55721 -> server-ip:80 [AP] GET /campaigns-test/login HTTP/1.1..Host: example.org..User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; de; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8..Accept: text/html,application/xhtml+xml,application /xml;q=0.9,*/*;q=0.8..Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3..Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7..Keep-Alive: 600..Connection: keep-alive..Cookie: trac_form_token=f9 3dbe172756560e62241e38; trac_session=1a4c12dcbe579bdf218384e5..Authorization: Digest username="testuser", realm="testrealm", nonce="...", uri="/campaigns-test/login", algorithm=MD5, response="...", qop=auth, nc=00000001, cnonce="79d9309502968a55".... ## T server-ip:80 -> client-ip:55721 [AP] HTTP/1.1 302 Found..Date: Mon, 10 Jan 2011 16:32:32 GMT..Server: Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8o..Authentication-Info: rspauth="...", cnonce="79d9309502968a55", nc=00000001, qop=auth..Location: http://example.org/campaigns-test..Pragma: no-cache..Cache-Control: no-cache..Expires: Fri, 01 Jan 1999 00:00:00 GMT..Set-Cookie: trac_auth=c1202f 2561b666d64dee26af11a5e4d7; Path=/campaigns-test..Set-Cookie: trac_session=1a4c12dcbe579bdf218384e5; expires=Mon, 10-Jan-2011 16:32:32 GMT; Path=/campaigns-test..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Lengt h: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Content-Type: text/plain........................
(Chrome similar)
Opera sends the cookie twice like Safari does:
GET /campaigns-test HTTP/1.1..User-Agent: Opera/9.80 (Macintosh; Intel Mac OS X 10.6.5; U; de) Presto/2.7.62 Version/11.00..Host: example.org..Accept: text/html, application/xml;q=0.9, application/xhtml+xml, imag e/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1..Accept-Language: de,en;q=0.9,en-US;q=0.8,fr;q=0.7..Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1..Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0..Auth orization: Digest username="testuser", realm="testrealm", uri="/campaigns-test", algorithm=MD5, nonce="...", cnonce="...", qo p=auth, nc=00000019, response="..."..Referer: http://example.org/campaigns-test..Cookie: trac_form_token=1dba0aff17dfae9da1deb759; trac_auth=43c7f9d748c7d2c2edc4fb2645b255e0; trac_for m_token=00b52f1a601b00154690ad2a; trac_auth=ed921ec42a86927d5085b16a0ce2aa98..Cookie2: $Version=1..Connection: Keep-Alive, TE..TE: deflate, gzip, chunked, identity, trailers....
comment:20 by , 14 years ago
Resolution: | → duplicate |
---|---|
Status: | reopened → closed |
Ok, let's re-close this ticket and continue on #9951.
A quick fix for this (for modpython at least) is doing something like this before loading the cookies:
This makes only the first trac_auth cookie to be used, which is the proper one based on the spec described here:
http://wp.netscape.com/newsref/std/cookie_spec.html