[support] Unable to keep logged in to some sites when behind a proxy

Francesco entuland at gmail.com
Wed May 13 23:18:56 UTC 2009 

Hi Annet,
thank you for your response, I'll interleave my replies to your lines.

2009/5/13 Annet de Boer <maiasaura at gmx.net>:
> Hi Francesco,
>
> I'm not an expert on this subject, but I know there are several ways of
> authenticating users. Cookies can be disabled by browsers, so there are
> other ways (not necessarily better) like storing session ID's in URLs, for
> example. I don't know if the cookie gets stored on your proxy (but i believe
> this is possible, technically speaking)

I knew that other authentication methods were possible, my perplexity
is about the fact that, as far as I know, Drupal relies on cookies
alone, by default - and my test installations were plain, unmodified
Drupal 6.10. Also, I've checked the URLs and no session ID appears
there. My proxy must be definitely storing cookies for my connections.

> isn't there an IT department or
> other system admin that can tell you more about that maybe (somebody who
> installed the proxy I mean)?

Unfortunately, I cannot rely on my ISP advice - I must cope with it
because I knew in advance that the service was provided as-is, with no
support whatsoever.

> I assume once the host checks for cookies and none is found or is saved,
> they use a different method of authentication.

That's exactly what I thought in a first time, but taking the default
behavior of Drupal for granted, I believe it relies on cookies alone.

> Now the tests you did, in my eyes, seem a bit odd. Like, the normal
> behaviour would be to log out, before switching to a different connection,
> and also, your IP changes when you switch so it's not really strange that
> you get thrown out.
>
> But actually my question is, what is exactly the case?
> In your first post it seemed the problem was you couldn't connect to several
> drupal sites when you use a proxy-connection, but on one you could and they
> were all the same drupal version?
> I'm not sure now. Can you be more specific on the exact question you have?
> Or maybe somebody else knows anything that might help?

Yes, all installations were plain 6.10 version. I'll re-expose the
tests below, I'm not sure that I've fully explained them the first
time.

> I also remember there's an option in IE that says "bypass proxy for local
> addresses", now i don't know if the site where it works is 'local' for you,
> but if this option is checked maybe that could also make it work
> differently.

I do use that option in Firefox, actually, all local installations
work perfectly, the problem appears only with (some) published sites.

Here are the test results exposed in another way:

| LP  | LN  | CP  | CN  | P>N | N>P | Drupal installed on:
| NO  | YES | N.A.| YES | N.A.| YES | toscana-offerte.com/drupal
| YES | YES | NO  | YES | NO  | NO  | frasic.altervista.org

Legend:
LP - Can log in with proxy-connection
LN - Can log in with normal-connection
CP - Cookie gets set with proxy-connection
CN - Cookie gets set with normal-connection
P>N - Can keep logged in switching from proxy-connection to normal-connection
N>P - Can keep logged in switching from normal-connection to proxy connection

Note:
- on the first site, CP and P>N are "not applicable" because I cannot
log in in first instance.
- with "cookie gets set" I mean "gets set locally on my PC". I'm
planning another test in order to check if my proxy server is storing
cookies for me, more about that at the bottom of this message.

Actually, the above does not expose all the tests I did, hence I'm
rearranging (a bit) the texts I've sent in my previous message - I'm
also adding some suppositions in square brackets, all the points are
plain facts, I've double checked them:

----------------------------
on frasic.altervista.org (and on other drupal installations on the same server):

A - I can log in with the proxy connection, no cookie gets set, I keep logged in
[ I suppose the cookie gets set on the proxy server ]

B - I switch to the normal connection without logging out and I get thrown out
[ I suppose that with normal connection, Drupal expects a cookie to be
sent back from my PC, while with the proxy connection, it must be the
proxy server the one who is sending it back ]

C - I log in with the normal connection, a session cookie gets set, I
keep logged in
[ that should be the normal behavior ]

D - I switch to the proxy connection without logging out and I get thrown out
[ although there is a cookie in my PC in this very moment...]

E - I am not able to log in any more with the proxy connection if I
don't delete the session cookie. Once deleted, I can log in again and
keep logged in as usual.
[ this must mean that the cookie does actually get sent to Drupal, but
evidently it must be considered an invalid cookie ]

------------------------------------

on drupal.org or on toscana-offerte.com/drupal:

F - I can log in with the normal connection, a session cookie gets set
and I keep logged in.
[ just fine ]

G - I can switch to the proxy connection and keep logged in, but if I
delete the session cookie I get thrown out again
[ and just fine once again ]

-------------------

I think I'll do some tests more, I'll try to hack some core function
in order to display the cookies it is using on the pages it will
render. I'll get back here again once I'll be done with those tests.

I'll dig my way to find the right function to hack, I was about to ask
for a pointer but I think it will be more instructive to find it by
myself - this should help me understanding better the Drupal flow of
calls.

Shall somebody be interested in deeper details about the proxy
connection I'm using, please ask for them in a private message, I'm
not comfortable disclosing such details in public.

Thank you all once again for your interest and your attention - and
for your patience! I happen to be verbose and redundant at very least
;-)

Have good time, long life to Drupal
Francesco

More information about the support mailing list