Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.1 M2
    • Fix Version/s: 1.1 RC1
    • Component/s: {Unused} Core
    • Labels:
      None
    • keywords:
      login redirect
    • Similar issues:

      Description

      If we are calling a Xwiki page directly e.g. from a bookmark in a new browser window, the login form appears. after successful login the form does not redirect to the xwiki page originally requested, but to a strange URL containing the jsessionid e.g. XWikiLogin;jsessionid=2m4a46hurkj72

      It seems that there is a problem with the redirect of the login page. Brian posted his analysis of the problem on the mailinglist:

      I'm experiencing this with XWiki 1.1 milestone 1. I used WebScarab as a

      snooping HTTP proxy to observe what goes on. Here's the flow:

      Request: GET http://itwiki.mid7000nt.mlan:80/xwiki/bin/

      Response: 302

      http://itwiki.mid7000nt.mlan/xwiki/bin/login/XWiki/XWikiLogin;jsessionid=4bmenrpeloc2o

      Request: GET

      http://itwiki.mid7000nt.mlan:80/xwiki/bin/login/XWiki/XWikiLogin;jsessionid=4bmenrpeloc2o

      Response: 302

      http://itwiki.mid7000nt.mlan/xwiki/bin/login/XWiki/XWikiLogin?xredirect=%2Fxwiki%2Fbin%2Fview%2FXWiki%2FXWikiLogin%253Bjsessionid%253D4bmenrpeloc2o&

      At this point, I'm looking at the login screen. But you can see that I've

      been redirected twice, not once. The protected page I tried to get

      reuslted in me being redirected to the login page with the jsession ID in

      the path. For whatever reason, XWiki doesn't recognize me as having access

      to that page when the jsessionid is attached, so it redirects me again!

      That second redirect no longer has a jsessionid appended to it. However,

      the referring URL that it encodes as the redirect URL is now the URL of

      the first 302. So when I finally log in, it picks up that redirect URL,

      rather than the original I tried to go to.

      So I think the problem has to do with either the generation of the first

      login URL, or something in the stack not recognizing that I have access ot

      the first redirect URL because of the appended jsessionid.

      Regards,

      Brian.

        Attachments

          Activity

            People

            • Assignee:
              sdumitriu Sergiu Dumitriu
              Reporter:
              hanzz Hans J. Prueller
            • Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response: