Foren

  1. Startseite
  2. Portal
  3. Session or cache problems (?)

Session or cache problems (?)

Patrick Moldenhauer, geändert vor 15 Jahren.

Session or cache problems (?)

New Member Beiträge: 5 Beitrittsdatum: 20.01.09 Neueste Beiträge
Hi Guys,

I have a big problem with Liferay Sessions i think. It could also be a caching problem, but with com.liferay.portal.servlet.filters.layoutcache.LayoutCacheFilter=false in my portal-ext.properties there should be no more layout caching (or not??).

The problem is that (sometimes!) I can see the dock of another person that has logged in a short time ago. It is also possible that I get a private page from another user when I visit the first public page (home). This all happens when I'm not logged in - so any other visitor of my page is also able to get this very private information. This problem does not only appear on my computer (!!).

Does anybody know what is going on here?

Any hint would be great.

Thanx and sorry for my bad english.
Sincerly,
Patrick
thumbnail
Jorge Ferrer, geändert vor 15 Jahren.

Session thread

Liferay Legend Beiträge: 2871 Beitrittsdatum: 31.08.06 Neueste Beiträge
Hi Patrick,

You seem to have a caching problem. Do you have any frontend proxy or caching web server in front of the application server?

Try accessing the application server directly and see if it still happens.
Patrick Moldenhauer, geändert vor 15 Jahren.

RE: Session thread

New Member Beiträge: 5 Beitrittsdatum: 20.01.09 Neueste Beiträge
I'm running an Apache Webserver with a the jBoss tomcat bundle as a Proxy (Liferay 5.1.2). The Apache Webserver has no caching modules enabled. Can this cause any problems or side-effects? How can I disable all caching in Liferay?

Thanks for your reply!

Sincerly,
Patrick
thumbnail
Jorge Ferrer, geändert vor 15 Jahren.

RE: Session thread

Liferay Legend Beiträge: 2871 Beitrittsdatum: 31.08.06 Neueste Beiträge
This should not be a problem with Liferay caching. Have you tried accessing the JBoss server directly?
thumbnail
Christophe Cariou, geändert vor 15 Jahren.

RE: Session thread

Junior Member Beiträge: 57 Beitrittsdatum: 01.10.07 Neueste Beiträge
Hi Patrick,

i'have the same trouble as you : Sometimes, an User A see User B's page across the network/

For example, the greetings in the dock menu of User A is the User B one, or the post-login message in the portlet show User B name...

Did you find an answer to the bug ?

Jorge, could it come from some proxy server in my network, caching the page coming from 2 identical urls ?
thumbnail
Jorge Ferrer, geändert vor 15 Jahren.

RE: Session thread

Liferay Legend Beiträge: 2871 Beitrittsdatum: 31.08.06 Neueste Beiträge
Hi Christophe,

Yes, the only time I've seen a similar problem it was caused by a proxy in the network whose caching capabilities where improperly configured.
thumbnail
Victor Zorin, geändert vor 15 Jahren.

RE: Session thread

Liferay Legend Beiträge: 1228 Beitrittsdatum: 14.04.08 Neueste Beiträge
Judging from own experience, we have had massive cross-user data views due to misconfigured caching policy on proxy of corporate network.
It was not looking good from security point of view, as portal was "rendering" domino email of the user who accessed home url last. Once proxy fixed, cross-views went away.
Chris Parsons, geändert vor 15 Jahren.

RE: Session thread

New Member Beiträge: 6 Beitrittsdatum: 25.03.09 Neueste Beiträge
I also have this problem - can bypass my local proxy but have the same problem with more than one of my users,
who are external - rather than get them all to start looking at their proxy setup (they are all in different companies!)
is there no way to force sessions to expire/clear cache when the user is logged out?

The www.liferay.com portal does not have this problem, so there must be something that I can configure at the portal
end, rather than client end surely?

Regards

Chris Parsons
Patrick Moldenhauer, geändert vor 14 Jahren.

RE: Session thread

New Member Beiträge: 5 Beitrittsdatum: 20.01.09 Neueste Beiträge
Disabling all Proxy Caches solved this problem for now....
thumbnail
Krati Gupta, geändert vor 13 Jahren.

RE: Session thread

Regular Member Beiträge: 119 Beitrittsdatum: 05.12.08 Neueste Beiträge
how to disable Proxy Caches from application ???
thumbnail
KK rajput, geändert vor 12 Jahren.

RE: Session thread

Expert Beiträge: 266 Beitrittsdatum: 10.04.08 Neueste Beiträge
Hi Victor ,
I am facing same issue in Liferay 6.0.5. Any idea how to fix proxy related issue.
thumbnail
Aayush Bhatnagar, geändert vor 9 Jahren.

RE: Session thread

New Member Beiträge: 6 Beitrittsdatum: 28.05.14 Neueste Beiträge
Victor Zorin:
Judging from own experience, we have had massive cross-user data views due to misconfigured caching policy on proxy of corporate network.
It was not looking good from security point of view, as portal was "rendering" domino email of the user who accessed home url last. Once proxy fixed, cross-views went away.



Hi Victor,

Can you please tell me what fixes did you apply to the proxy?
Gopinath Subramani, geändert vor 13 Jahren.

RE: Session thread

New Member Beitrag: 1 Beitrittsdatum: 11.01.11 Neueste Beiträge
Hi Jorge,

How to disable the proxy caches? We are facing a similar issue.

Regards,
Gopinath.S
thumbnail
Krati Gupta, geändert vor 13 Jahren.

RE: Session thread

Regular Member Beiträge: 119 Beitrittsdatum: 05.12.08 Neueste Beiträge
Hi Gopinath ,

Which Liferay version you are using ?
thumbnail
Bla Bla, geändert vor 13 Jahren.

RE: Session thread

Junior Member Beiträge: 79 Beitrittsdatum: 22.12.10 Neueste Beiträge
Hi,

Same problem here : user sessions look like they're all mixed up. But, while looking at the logs, I'm pretty sure there's no problem in my application and the misconfigured proxy cache is the real problem.

However, by reading this thread, I can't find a clear answer to this question : is there something to do on the liferay side for the proxy cache to behave the right way ? What is the "right" Liferay configuration ? I'm a total noob with filters, any help much appreciated...

Thank you,

Mathieu.
thumbnail
Dikie Rendra Aditya, geändert vor 12 Jahren.

RE: Session thread

New Member Beiträge: 14 Beitrittsdatum: 11.03.09 Neueste Beiträge
Same here....
I already try adding this code

    <meta http-equiv="Cache-Control" content="no-cache">
    <meta http-equiv="Cache-Control" content="private">
    <meta http-equiv="Cache-Control" content="no-store">
    <meta http-equiv="Cache-Control" content="must-revalidate">
    <meta http-equiv="Cache-Control" content="max-stale=0">
    <meta http-equiv="Cache-Control" content="post-check=0">
    <meta http-equiv="Cache-Control" content="pre-check=0">
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Keep-Alive" content="timeout=3, max=993">
    <meta http-equiv="Expires" content="Mon, 26 Jul 1997 05:00:00 GMT">


inside: portal_normal.vm of my theme
thumbnail
Norman Riquelme, geändert vor 12 Jahren.

RE: Session thread

New Member Beitrag: 1 Beitrittsdatum: 23.01.10 Neueste Beiträge
Hola Jorge.
Tengo el mismo problema que se menciona en este foro.
Usuarios en diferentes browsers, en diferentes computadores acceden al último usuario autentificado en el portal, teniendo acceso a todas sus páginas privadas. Es equivalente a loguearse con dicho usuario.
Esto sólo ocurre en clientes que están tras un proxy corporativo, que no tienen opción de modificar la configuración y quitar el proxy. Tampoco se puede pedir a los administradores del proxy que cambien algo dado que los usuarios usan liferay para cursos online y no es una herramienta de uso corporativo aún. Liferay pertenece en este caso a la institución educacional.
Te quería pedir si me puedes orientar en que debo hacer en liferay para salvar esta situación.
he intentado varias cosas, pero sin éxito: incorporar expiración de caché en los META de la página, confogurar los parámetros
session.enable.persistent.cookies
session.enable.url.with.session.id
pero sin éxito
me podrías orientar?
Gracias
thumbnail
Henrique Simoes de Andrade, geändert vor 12 Jahren.

RE: Session thread

Regular Member Beiträge: 165 Beitrittsdatum: 30.04.10 Neueste Beiträge
I had same problem... but I suppose that there isn't nothing to do in Liferay side.

So, we solved this problem including some rules in proxy server, to not do cache for Liferay portal domain.
Inés Ledesma, geändert vor 12 Jahren.

RE: Session thread

New Member Beitrag: 1 Beitrittsdatum: 05.07.11 Neueste Beiträge
Hola Norman, tenemos el mismo problema que has indicado ¿has conseguido resolverlo de algún modo?
thumbnail
Mathieu Hicauber, geändert vor 12 Jahren.

RE: Session thread

Junior Member Beiträge: 79 Beitrittsdatum: 22.12.10 Neueste Beiträge
Hola,

I'll do this one in english sorry ^^

From my point of view, there is nothing to do on the liferay side. This problem is a proxy configuration problem.
However, we had the same issue a short time ago, and our client would'nt want to change its proxy rules, arguing that if its proxy was misconfigured, it could be the same in another company.

So we ended up trying to add META refresh tags in the theme like Dikie a few posts ago, but it didn't solve the problem. In the end the only solution was to add timestamps in the URL generated by the portal, so the proxy would let the request bypass it beacuase of the timestamp parameter.

So we rewrote a URL like http://blablabla.com/accueil into http://blablabla.com/accueil?timestamp=5465498715654, we tested it on a few pages, and that did the trick.

But finally, our client accepted to change its proxy rules ^^.

Hope this help (and good luck)

Mathieu
Alvin Tan, geändert vor 12 Jahren.

RE: Session thread

New Member Beitrag: 1 Beitrittsdatum: 22.07.11 Neueste Beiträge
Hello Mathieu

We will go by your suggestion of rewriting URLs with an "xyz" field to avoid problems with unwavering clients when it comes to proxy settings. Is there a way "quick' way of doing these rewrites within Liferay?

Thank you.

Alvin
thumbnail
Mathieu Hicauber, geändert vor 12 Jahren.

RE: Session thread

Junior Member Beiträge: 79 Beitrittsdatum: 22.12.10 Neueste Beiträge
Hi,

After a few days of investigating this problem, my client finally decided to set up his proxy the right way, so I didn't need this functionnality any more.

But I think the right to do this would be to overload the taglib generating the render, action and resource url. You can do so with an ext project I reckon.
Also, I overloaded the javascript library I used (jquery) for ajax POSTs to add a time stamp parameter in every POST.

Good luck !

Mathieu.