Foren
Session or cache problems (?)
Patrick Moldenhauer, geändert vor 15 Jahren.
Session or cache problems (?)
New Member Beiträge: 5 Beitrittsdatum: 20.01.09 Neueste Beiträge
Hi Guys,
I have a big problem with Liferay Sessions i think. It could also be a caching problem, but with com.liferay.portal.servlet.filters.layoutcache.LayoutCacheFilter=false in my portal-ext.properties there should be no more layout caching (or not??).
The problem is that (sometimes!) I can see the dock of another person that has logged in a short time ago. It is also possible that I get a private page from another user when I visit the first public page (home). This all happens when I'm not logged in - so any other visitor of my page is also able to get this very private information. This problem does not only appear on my computer (!!).
Does anybody know what is going on here?
Any hint would be great.
Thanx and sorry for my bad english.
Sincerly,
Patrick
I have a big problem with Liferay Sessions i think. It could also be a caching problem, but with com.liferay.portal.servlet.filters.layoutcache.LayoutCacheFilter=false in my portal-ext.properties there should be no more layout caching (or not??).
The problem is that (sometimes!) I can see the dock of another person that has logged in a short time ago. It is also possible that I get a private page from another user when I visit the first public page (home). This all happens when I'm not logged in - so any other visitor of my page is also able to get this very private information. This problem does not only appear on my computer (!!).
Does anybody know what is going on here?
Any hint would be great.
Thanx and sorry for my bad english.
Sincerly,
Patrick
Jorge Ferrer, geändert vor 15 Jahren.
Session thread
Liferay Legend Beiträge: 2871 Beitrittsdatum: 31.08.06 Neueste Beiträge
Hi Patrick,
You seem to have a caching problem. Do you have any frontend proxy or caching web server in front of the application server?
Try accessing the application server directly and see if it still happens.
You seem to have a caching problem. Do you have any frontend proxy or caching web server in front of the application server?
Try accessing the application server directly and see if it still happens.
Patrick Moldenhauer, geändert vor 15 Jahren.
RE: Session thread
New Member Beiträge: 5 Beitrittsdatum: 20.01.09 Neueste Beiträge
I'm running an Apache Webserver with a the jBoss tomcat bundle as a Proxy (Liferay 5.1.2). The Apache Webserver has no caching modules enabled. Can this cause any problems or side-effects? How can I disable all caching in Liferay?
Thanks for your reply!
Sincerly,
Patrick
Thanks for your reply!
Sincerly,
Patrick
Jorge Ferrer, geändert vor 15 Jahren.
RE: Session thread
Liferay Legend Beiträge: 2871 Beitrittsdatum: 31.08.06 Neueste Beiträge
This should not be a problem with Liferay caching. Have you tried accessing the JBoss server directly?
Christophe Cariou, geändert vor 15 Jahren.
RE: Session thread
Junior Member Beiträge: 57 Beitrittsdatum: 01.10.07 Neueste Beiträge
Hi Patrick,
i'have the same trouble as you : Sometimes, an User A see User B's page across the network/
For example, the greetings in the dock menu of User A is the User B one, or the post-login message in the portlet show User B name...
Did you find an answer to the bug ?
Jorge, could it come from some proxy server in my network, caching the page coming from 2 identical urls ?
i'have the same trouble as you : Sometimes, an User A see User B's page across the network/
For example, the greetings in the dock menu of User A is the User B one, or the post-login message in the portlet show User B name...
Did you find an answer to the bug ?
Jorge, could it come from some proxy server in my network, caching the page coming from 2 identical urls ?
Jorge Ferrer, geändert vor 15 Jahren.
RE: Session thread
Liferay Legend Beiträge: 2871 Beitrittsdatum: 31.08.06 Neueste Beiträge
Hi Christophe,
Yes, the only time I've seen a similar problem it was caused by a proxy in the network whose caching capabilities where improperly configured.
Yes, the only time I've seen a similar problem it was caused by a proxy in the network whose caching capabilities where improperly configured.
Victor Zorin, geändert vor 15 Jahren.
RE: Session thread
Liferay Legend Beiträge: 1228 Beitrittsdatum: 14.04.08 Neueste Beiträge
Judging from own experience, we have had massive cross-user data views due to misconfigured caching policy on proxy of corporate network.
It was not looking good from security point of view, as portal was "rendering" domino email of the user who accessed home url last. Once proxy fixed, cross-views went away.
It was not looking good from security point of view, as portal was "rendering" domino email of the user who accessed home url last. Once proxy fixed, cross-views went away.
Chris Parsons, geändert vor 15 Jahren.
RE: Session thread
New Member Beiträge: 6 Beitrittsdatum: 25.03.09 Neueste Beiträge
I also have this problem - can bypass my local proxy but have the same problem with more than one of my users,
who are external - rather than get them all to start looking at their proxy setup (they are all in different companies!)
is there no way to force sessions to expire/clear cache when the user is logged out?
The www.liferay.com portal does not have this problem, so there must be something that I can configure at the portal
end, rather than client end surely?
Regards
Chris Parsons
who are external - rather than get them all to start looking at their proxy setup (they are all in different companies!)
is there no way to force sessions to expire/clear cache when the user is logged out?
The www.liferay.com portal does not have this problem, so there must be something that I can configure at the portal
end, rather than client end surely?
Regards
Chris Parsons
Patrick Moldenhauer, geändert vor 14 Jahren.
RE: Session thread
New Member Beiträge: 5 Beitrittsdatum: 20.01.09 Neueste Beiträge
Disabling all Proxy Caches solved this problem for now....
Krati Gupta, geändert vor 13 Jahren.
RE: Session thread
Regular Member Beiträge: 119 Beitrittsdatum: 05.12.08 Neueste Beiträge
how to disable Proxy Caches from application ???
KK rajput, geändert vor 12 Jahren.
RE: Session thread
Expert Beiträge: 266 Beitrittsdatum: 10.04.08 Neueste Beiträge
Hi Victor ,
I am facing same issue in Liferay 6.0.5. Any idea how to fix proxy related issue.
I am facing same issue in Liferay 6.0.5. Any idea how to fix proxy related issue.
Aayush Bhatnagar, geändert vor 9 Jahren.
RE: Session thread
New Member Beiträge: 6 Beitrittsdatum: 28.05.14 Neueste BeiträgeVictor Zorin:
Judging from own experience, we have had massive cross-user data views due to misconfigured caching policy on proxy of corporate network.
It was not looking good from security point of view, as portal was "rendering" domino email of the user who accessed home url last. Once proxy fixed, cross-views went away.
Hi Victor,
Can you please tell me what fixes did you apply to the proxy?
Gopinath Subramani, geändert vor 13 Jahren.
RE: Session thread
New Member Beitrag: 1 Beitrittsdatum: 11.01.11 Neueste Beiträge
Hi Jorge,
How to disable the proxy caches? We are facing a similar issue.
Regards,
Gopinath.S
How to disable the proxy caches? We are facing a similar issue.
Regards,
Gopinath.S
Krati Gupta, geändert vor 13 Jahren.
RE: Session thread
Regular Member Beiträge: 119 Beitrittsdatum: 05.12.08 Neueste Beiträge
Hi Gopinath ,
Which Liferay version you are using ?
Which Liferay version you are using ?
Bla Bla, geändert vor 13 Jahren.
RE: Session thread
Junior Member Beiträge: 79 Beitrittsdatum: 22.12.10 Neueste Beiträge
Hi,
Same problem here : user sessions look like they're all mixed up. But, while looking at the logs, I'm pretty sure there's no problem in my application and the misconfigured proxy cache is the real problem.
However, by reading this thread, I can't find a clear answer to this question : is there something to do on the liferay side for the proxy cache to behave the right way ? What is the "right" Liferay configuration ? I'm a total noob with filters, any help much appreciated...
Thank you,
Mathieu.
Same problem here : user sessions look like they're all mixed up. But, while looking at the logs, I'm pretty sure there's no problem in my application and the misconfigured proxy cache is the real problem.
However, by reading this thread, I can't find a clear answer to this question : is there something to do on the liferay side for the proxy cache to behave the right way ? What is the "right" Liferay configuration ? I'm a total noob with filters, any help much appreciated...
Thank you,
Mathieu.
Dikie Rendra Aditya, geändert vor 12 Jahren.
RE: Session thread
New Member Beiträge: 14 Beitrittsdatum: 11.03.09 Neueste Beiträge
Same here....
I already try adding this code
inside: portal_normal.vm of my theme
I already try adding this code
<meta http-equiv="Cache-Control" content="no-cache">
<meta http-equiv="Cache-Control" content="private">
<meta http-equiv="Cache-Control" content="no-store">
<meta http-equiv="Cache-Control" content="must-revalidate">
<meta http-equiv="Cache-Control" content="max-stale=0">
<meta http-equiv="Cache-Control" content="post-check=0">
<meta http-equiv="Cache-Control" content="pre-check=0">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Keep-Alive" content="timeout=3, max=993">
<meta http-equiv="Expires" content="Mon, 26 Jul 1997 05:00:00 GMT">
inside: portal_normal.vm of my theme
Norman Riquelme, geändert vor 12 Jahren.
RE: Session thread
New Member Beitrag: 1 Beitrittsdatum: 23.01.10 Neueste Beiträge
Hola Jorge.
Tengo el mismo problema que se menciona en este foro.
Usuarios en diferentes browsers, en diferentes computadores acceden al último usuario autentificado en el portal, teniendo acceso a todas sus páginas privadas. Es equivalente a loguearse con dicho usuario.
Esto sólo ocurre en clientes que están tras un proxy corporativo, que no tienen opción de modificar la configuración y quitar el proxy. Tampoco se puede pedir a los administradores del proxy que cambien algo dado que los usuarios usan liferay para cursos online y no es una herramienta de uso corporativo aún. Liferay pertenece en este caso a la institución educacional.
Te quería pedir si me puedes orientar en que debo hacer en liferay para salvar esta situación.
he intentado varias cosas, pero sin éxito: incorporar expiración de caché en los META de la página, confogurar los parámetros
session.enable.persistent.cookies
session.enable.url.with.session.id
pero sin éxito
me podrías orientar?
Gracias
Tengo el mismo problema que se menciona en este foro.
Usuarios en diferentes browsers, en diferentes computadores acceden al último usuario autentificado en el portal, teniendo acceso a todas sus páginas privadas. Es equivalente a loguearse con dicho usuario.
Esto sólo ocurre en clientes que están tras un proxy corporativo, que no tienen opción de modificar la configuración y quitar el proxy. Tampoco se puede pedir a los administradores del proxy que cambien algo dado que los usuarios usan liferay para cursos online y no es una herramienta de uso corporativo aún. Liferay pertenece en este caso a la institución educacional.
Te quería pedir si me puedes orientar en que debo hacer en liferay para salvar esta situación.
he intentado varias cosas, pero sin éxito: incorporar expiración de caché en los META de la página, confogurar los parámetros
session.enable.persistent.cookies
session.enable.url.with.session.id
pero sin éxito
me podrías orientar?
Gracias
Henrique Simoes de Andrade, geändert vor 12 Jahren.
RE: Session thread
Regular Member Beiträge: 165 Beitrittsdatum: 30.04.10 Neueste Beiträge
I had same problem... but I suppose that there isn't nothing to do in Liferay side.
So, we solved this problem including some rules in proxy server, to not do cache for Liferay portal domain.
So, we solved this problem including some rules in proxy server, to not do cache for Liferay portal domain.
Inés Ledesma, geändert vor 12 Jahren.
RE: Session thread
New Member Beitrag: 1 Beitrittsdatum: 05.07.11 Neueste Beiträge
Hola Norman, tenemos el mismo problema que has indicado ¿has conseguido resolverlo de algún modo?
Mathieu Hicauber, geändert vor 12 Jahren.
RE: Session thread
Junior Member Beiträge: 79 Beitrittsdatum: 22.12.10 Neueste Beiträge
Hola,
I'll do this one in english sorry ^^
From my point of view, there is nothing to do on the liferay side. This problem is a proxy configuration problem.
However, we had the same issue a short time ago, and our client would'nt want to change its proxy rules, arguing that if its proxy was misconfigured, it could be the same in another company.
So we ended up trying to add META refresh tags in the theme like Dikie a few posts ago, but it didn't solve the problem. In the end the only solution was to add timestamps in the URL generated by the portal, so the proxy would let the request bypass it beacuase of the timestamp parameter.
So we rewrote a URL like http://blablabla.com/accueil into http://blablabla.com/accueil?timestamp=5465498715654, we tested it on a few pages, and that did the trick.
But finally, our client accepted to change its proxy rules ^^.
Hope this help (and good luck)
Mathieu
I'll do this one in english sorry ^^
From my point of view, there is nothing to do on the liferay side. This problem is a proxy configuration problem.
However, we had the same issue a short time ago, and our client would'nt want to change its proxy rules, arguing that if its proxy was misconfigured, it could be the same in another company.
So we ended up trying to add META refresh tags in the theme like Dikie a few posts ago, but it didn't solve the problem. In the end the only solution was to add timestamps in the URL generated by the portal, so the proxy would let the request bypass it beacuase of the timestamp parameter.
So we rewrote a URL like http://blablabla.com/accueil into http://blablabla.com/accueil?timestamp=5465498715654, we tested it on a few pages, and that did the trick.
But finally, our client accepted to change its proxy rules ^^.
Hope this help (and good luck)
Mathieu
Alvin Tan, geändert vor 12 Jahren.
RE: Session thread
New Member Beitrag: 1 Beitrittsdatum: 22.07.11 Neueste Beiträge
Hello Mathieu
We will go by your suggestion of rewriting URLs with an "xyz" field to avoid problems with unwavering clients when it comes to proxy settings. Is there a way "quick' way of doing these rewrites within Liferay?
Thank you.
Alvin
We will go by your suggestion of rewriting URLs with an "xyz" field to avoid problems with unwavering clients when it comes to proxy settings. Is there a way "quick' way of doing these rewrites within Liferay?
Thank you.
Alvin
Mathieu Hicauber, geändert vor 12 Jahren.
RE: Session thread
Junior Member Beiträge: 79 Beitrittsdatum: 22.12.10 Neueste Beiträge
Hi,
After a few days of investigating this problem, my client finally decided to set up his proxy the right way, so I didn't need this functionnality any more.
But I think the right to do this would be to overload the taglib generating the render, action and resource url. You can do so with an ext project I reckon.
Also, I overloaded the javascript library I used (jquery) for ajax POSTs to add a time stamp parameter in every POST.
Good luck !
Mathieu.
After a few days of investigating this problem, my client finally decided to set up his proxy the right way, so I didn't need this functionnality any more.
But I think the right to do this would be to overload the taglib generating the render, action and resource url. You can do so with an ext project I reckon.
Also, I overloaded the javascript library I used (jquery) for ajax POSTs to add a time stamp parameter in every POST.
Good luck !
Mathieu.