[Xerte-dev] Re: Issue with XOT18 and permissions

Tom Reijnders reijnders at tor.nl
Mon Oct 22 07:37:21 BST 2012


Figured it out.

It turned out to be my own mistake.

The website is internally available as http://server.tor.nl/~tom/xot18 
and as https://server.tor.nl/~tom/xot18, with 
https://server.tor.nl/~tom/xot18 in the sitedetails table. Externally, 
only the https variant exists, hence the entry in sitedetails.

Now, if you open the browser and type in server.tor.nl/~tom/xot18, the 
browser automatically chooses http://, and that seems to work, until you 
open a window in XOT that uses the url from sitedetails. Than in 
prionciple we switch domains, and a new session is started.

If you than logout, we end up in the login page on https://, and from 
then on, everuything works as expected....

Thanks Pat, for not giving up... :-)

Tom

Op 21-10-2012 14:41, Pat Lockley schreef:
> Logout should destroy the session? Maybe it isn't
>
> On 21 Oct 2012, at 09:31, Tom Reijnders <reijnders at tor.nl> wrote:
>
>> It is, config.php is the first thing required by properties.php. The thing that I don't understand is that after logout/login, this DOES work.
>>
>>
>> Op 21-10-2012 0:04, Pat Lockley schreef:
>>> The session should be started by config.php
>>>
>>> I think in theory it has to be the first thing done when a script executes else the session sometimes wipes itself or isn't set properly
>>>
>>> Maybe because properties is a new window? Might be that reason?
>>>
>>> I'd make sure there is nothing before the require config.php in properties.php
>>>
>>> On 20 Oct 2012, at 13:00, Tom Reijnders <reijnders at tor.nl> wrote:
>>>
>>>> You're right.
>>>>
>>>> I verified that the session is indeed not set. But how come....
>>>> 1. Start clean browser, and goto login page (new session is started, right?)
>>>> 2. Login, and verify in debugger (or by dumping to debug.log) that $_SESSION is properly set
>>>> 3. Go to property page and right after require_once("./config.php"); (which has the session_start()),  $_SESSION is empty, but the $_REQUEST and also $_COOKIE contain the correct PHPSESSID
>>>> 4. Logout
>>>> 5. Login again, and verify in debugger (or by dumping to debug.log) that $_SESSION is properly set
>>>> 6. Go to properties page and now $_SESSION is set correctly....
>>>>
>>>> I don't understand this behaviour at all.... In step 2, 3, 5 and 6 the PHPSESSID is the same.
>>>>
>>>> By the way, this doesn't have anything to do with Db authentication, as I can reproduce this with Static Auth as well.
>>>>
>>>> Tom
>>>>
>>>> Op 19-10-2012 17:31, Pat Lockley schreef:
>>>>> Sounds like the session isn't being set properly
>>>>>
>>>>> On 19 Oct 2012, at 02:16, Tom Reijnders <reijnders at tor.nl> wrote:
>>>>>
>>>>>> I've got a local install of the SVN version of XOT (latest)
>>>>>>
>>>>>> Dont know if it has to do with the fact that I use the Db auth method, but whenever I log in the first time, I don't get permission to look at my own lerning objects, i.e. they are listed correctly in the workspace, but I can't look at the properties, preview them or edit them.
>>>>>>
>>>>>> If I logout, and login again, everything seems to work fine. Anyone any idea what is going on here?
>>>>>>
>>>>>> Tom
>>>>>>
>>>>>> -- 
>>>>>> --
>>>>>>
>>>>>> Tom Reijnders
>>>>>> TOR Informatica
>>>>>> Chopinlaan 27
>>>>>> 5242HM Rosmalen
>>>>>> Tel: 073 5226191
>>>>>> Fax: 073 5226196
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Xerte-dev mailing list
>>>>>> Xerte-dev at lists.nottingham.ac.uk
>>>>>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
>>>>>>
>>>>>> This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it.   Please do not use, copy or disclose the information contained in this message or in any attachment.  Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
>>>>>>
>>>>>> This message has been checked for viruses but the contents of an attachment
>>>>>> may still contain software viruses which could damage your computer system:
>>>>>> you are advised to perform your own checks. Email communications with the
>>>>>> University of Nottingham may be monitored as permitted by UK legislation.
>>>>> _______________________________________________
>>>>> Xerte-dev mailing list
>>>>> Xerte-dev at lists.nottingham.ac.uk
>>>>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
>>>> -- 
>>>> --
>>>>
>>>> Tom Reijnders
>>>> TOR Informatica
>>>> Chopinlaan 27
>>>> 5242HM Rosmalen
>>>> Tel: 073 5226191
>>>> Fax: 073 5226196
>>>>
>>>>
>>>> _______________________________________________
>>>> Xerte-dev mailing list
>>>> Xerte-dev at lists.nottingham.ac.uk
>>>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
>>> _______________________________________________
>>> Xerte-dev mailing list
>>> Xerte-dev at lists.nottingham.ac.uk
>>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
>> -- 
>> --
>>
>> Tom Reijnders
>> TOR Informatica
>> Chopinlaan 27
>> 5242HM Rosmalen
>> Tel: 073 5226191
>> Fax: 073 5226196
>>
>>
>> _______________________________________________
>> Xerte-dev mailing list
>> Xerte-dev at lists.nottingham.ac.uk
>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
> _______________________________________________
> Xerte-dev mailing list
> Xerte-dev at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev

-- 
--

Tom Reijnders
TOR Informatica
Chopinlaan 27
5242HM Rosmalen
Tel: 073 5226191
Fax: 073 5226196




More information about the Xerte-dev mailing list