Foren

Home » Liferay Portal » English » 3. Development

Kombinierte Ansicht Flache Ansicht Baumansicht
Threads [ Zurück | Nächste ]
toggle
William Gosse
Liferay 6.1 and virtual host issue
14. Mai 2012 12:33
Antwort

William Gosse

Rang: Regular Member

Nachrichten: 108

Eintrittsdatum: 4. Juli 2010

Neue Beiträge

Please see http://www.liferay.com/community/forums/-/message_boards/message/13908890 for details

I just examined my tomcat access log and I'm seeing the following:

On my first sign in attempt, which fails, I have this log entry:
76.118.185.83 - - [13/May/2012:09:19:24 -0400] "POST /home;jsessionid=E21D703049C3A24C1E825B1A162D5F76?p_auth=ZhsiMJe1&p_p_id=58&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin&_58_doActionAfterLogin=false HTTP/1.1" 404 654

On my second sign in attempt, which suceeds, I have this log entry
76.118.185.83 - - [13/May/2012:09:20:18 -0400] "POST /home?p_auth=ZhsiMJe1&p_p_id=58&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin&_58_doActionAfterLogin=false HTTP/1.1" 302 -

The placement of the jsessionid in the first attempt is the only difference I see.

These are the default settings around cookies in the portal.properties file:
#
# Set this to false to disable all persistent cookies. Features like
# automatically logging in will not work.
#
session.enable.persistent.cookies=true

#
# Set this to true to enable sessions when cookies are disabled. See
# LEP-4787. This behavior is configurable because enabling it can break
# certain setups.
#
session.enable.url.with.session.id=true

It seems like the session.enable.persistent.cookies=true is being ignored. I wonder if jsesion is hardcoded in some places by mistake. I see that there were issues with this in the past.

I googled liferay and jsessionid and see some tickets about this issue but they are for older version, but old bugs sometimes have a way of coming back and haunting you sometimes.

I think I just solved the problem by session.enable.url.with.session.id=false however this solution then forces my users to have cookies enbaled.
William Gosse
RE: Liferay 6.1 and virtual host issue
14. Mai 2012 12:06
Antwort

William Gosse

Rang: Regular Member

Nachrichten: 108

Eintrittsdatum: 4. Juli 2010

Neue Beiträge

I was hoping I could get a Liferay guru to respond to this post so I can confirm that its a legitimate problem or not.

Thanks in advance.
Mika Koivisto
RE: Liferay 6.1 and virtual host issue
15. Mai 2012 12:25
Antwort

Mika Koivisto

LIFERAY STAFF

Rang: Liferay Legend

Nachrichten: 1501

Eintrittsdatum: 7. August 2006

Neue Beiträge

In the first request it has to use the jsessionid from url because it doesn't yet know if you have cookies enabled on your browser. It's also recommended to have session.enable.url.with.session.id=false because having jsessionid in the url leads to bad SEO and make session hijacking more possible.
William Gosse
RE: Liferay 6.1 and virtual host issue
15. Mai 2012 14:53
Antwort

William Gosse

Rang: Regular Member

Nachrichten: 108

Eintrittsdatum: 4. Juli 2010

Neue Beiträge

Thanks for your response.

I'm still curious why I don't see this reloading of the home page behavior on the first sign in or create account attempt in 6.05.
Krzysztof Gołębiowski
RE: Liferay 6.1 and virtual host issue
29. Juli 2013 02:28
Antwort

Krzysztof Gołębiowski

Rang: Expert

Nachrichten: 421

Eintrittsdatum: 25. Juni 2011

Neue Beiträge

I have the same problem in Liferay 6.1.1 CE GA2. Project I'm working on currently has a few sites (different domains) where authentication is served by Jasig CAS. When user is visiting virtual host (VH are set for private pages, login is required) for the first time, he is not redirected to CAS login form, but standard Liferay login portlet is displayed. I can disable URL jsessionid, but this is not the proper solution.

Maybe you managed to fix this issue already?

Regards,
KG
Krzysztof Gołębiowski
RE: Liferay 6.1 and virtual host issue
29. Juli 2013 03:52
Antwort

Krzysztof Gołębiowski

Rang: Expert

Nachrichten: 421

Eintrittsdatum: 25. Juni 2011

Neue Beiträge

I found solution for my problem. It turned out, that my first and only public page was not accessible for guest (although Virtual Host is set only for private pages). At first visit Liferay displayed message "You don't have access to this page" (which unfortunately was hidden by our theme) instead of redirecting to CAS.

It works now, but I think it is not demanded behaviour. After getting to CAS-secured private site, Liferay at first redirects user to first default public page and then to CAS. If user is not permitted to view this page - he ends up with permission error.

Regards,
KG