[support] Unable to keep logged in to some sites when behind a proxy

Annet de Boer maiasaura at gmx.net
Wed May 13 19:42:45 UTC 2009 

Hi Francesco,

I'm not an expert on this subject, but I know there are several ways of 
authenticating users. Cookies can be disabled by browsers, so there are 
other ways (not necessarily better) like storing session ID's in URLs, 
for example. I don't know if the cookie gets stored on your proxy (but i 
believe this is possible, technically speaking) isn't there an IT 
department or other system admin that can tell you more about that maybe 
(somebody who installed the proxy I mean)?
I assume once the host checks for cookies and none is found or is saved, 
they use a different method of authentication.
Now the tests you did, in my eyes, seem a bit odd. Like, the normal 
behaviour would be to log out, before switching to a different 
connection, and also, your IP changes when you switch so it's not really 
strange that you get thrown out.

But actually my question is, what is exactly the case?
In your first post it seemed the problem was you couldn't connect to 
several drupal sites when you use a proxy-connection, but on one you 
could and they were all the same drupal version?
I'm not sure now. Can you be more specific on the exact question you have?
Or maybe somebody else knows anything that might help?

I also remember there's an option in IE that says "bypass proxy for 
local addresses", now i don't know if the site where it works is 'local' 
for you, but if this option is checked maybe that could also make it 
work differently.

Greetings,
Annet



Francesco schreef:
> yes, it really sounds like a cookie problem, and something really
> strange is happening - at least that's strange for me...
> 
> After your comments I've decided to do some tests to check when and
> which cookies get set logging on the two sites (the working one and
> the one that throws me out).
> 
> Here are the results:
> 
> on frasic.altervista.org (and on other drupal installations on the same server):
> - I can log in with the proxy connection, no cookie gets set, I keep logged in;
> - I switch to the no-proxy connection without logging out and I get thrown out;
> - I log in with the no-proxy connection, a session cookie gets set, I
> keep logged in;
> - I switch to the proxy connection without logging out and I get thrown out;
> - I am not able to log in any more with the proxy connection if I
> don't delete the session cookie. Once deleted, I can log in again and
> keep logged in as usual.
> 
> on drupal.org or on toscana-offerte.com/drupal:
> - I can log in with the no-proxy connection, a session cookie gets set
> and I keep logged in.
> - I can switch to the proxy connection and keep logged in, but if I
> delete the session cookie I get thrown out again
> 
> Well, for the poor knowledge I have about all this stuff, I think that
> the drupal.org behavior is the right one...
> 
> The fact that I can keep logged in with no session cookie set on my PC
> frightens me... where does Drupal get the authentication from, when
> I'm browsing frasic.altervista.org while behind the proxy? Does my
> session cookie get saved on the proxy server?
> 
> I feel a bit uncomfortable after those tests... I look forward for your advice.
> 
> Thank you all for your attention,
> best regards,
> Francesco
> 
> 
> ------------------------------------------------------------------------
> 
> 
> No virus found in this incoming message.
> Checked by AVG - www.avg.com 
> Version: 8.5.325 / Virus Database: 270.12.21/2101 - Release Date: 05/06/09 17:58:00
>

More information about the support mailing list