Details
-
Bug
-
Resolution: Fixed
-
Major
-
1.1 M2
-
None
-
login redirect
-
Description
If we are calling a Xwiki page directly e.g. from a bookmark in a new browser window, the login form appears. after successful login the form does not redirect to the xwiki page originally requested, but to a strange URL containing the jsessionid e.g. XWikiLogin;jsessionid=2m4a46hurkj72
It seems that there is a problem with the redirect of the login page. Brian posted his analysis of the problem on the mailinglist:
I'm experiencing this with XWiki 1.1 milestone 1. I used WebScarab as a
snooping HTTP proxy to observe what goes on. Here's the flow:
Request: GET http://itwiki.mid7000nt.mlan:80/xwiki/bin/
Response: 302
http://itwiki.mid7000nt.mlan/xwiki/bin/login/XWiki/XWikiLogin;jsessionid=4bmenrpeloc2o
Request: GET
http://itwiki.mid7000nt.mlan:80/xwiki/bin/login/XWiki/XWikiLogin;jsessionid=4bmenrpeloc2o
Response: 302
At this point, I'm looking at the login screen. But you can see that I've
been redirected twice, not once. The protected page I tried to get
reuslted in me being redirected to the login page with the jsession ID in
the path. For whatever reason, XWiki doesn't recognize me as having access
to that page when the jsessionid is attached, so it redirects me again!
That second redirect no longer has a jsessionid appended to it. However,
the referring URL that it encodes as the redirect URL is now the URL of
the first 302. So when I finally log in, it picks up that redirect URL,
rather than the original I tried to go to.
So I think the problem has to do with either the generation of the first
login URL, or something in the stack not recognizing that I have access ot
the first redirect URL because of the appended jsessionid.
Regards,
Brian.