Hi everybody, sorry if I'm submitting this twice but the first time I wasn't subscribed to the list yet, and since my message didn't show up on the archives, maybe nobody received it actually.
Please let me know if someone has already experienced such problems, eventually giving me some pointer about the solution - assuming there is any (I'm forwarding my message here below, please have a read).
By the way, I tried searching the previous postings with the link http://lists.drupal.org/drupal-support/swish.cgi?idxname=drupal-support as reported on http://lists.drupal.org/listinfo/support but I got a 404 response.
Thanks for your patience, I'm quoting my message here below. Have fun, Francesco
---------- Forwarded message ---------- From: Francesco entuland@gmail.com Date: 2009/5/5 Subject: Unable to login at drupal.org To: support@drupal.org
Hi everybody, my name is Francesco, I'm new here so first of all let me thank you very much for your dedication - to all the creators, developers and community - Drupal is fantastic and the online resources are invaluable.
I've been using Drupal for some time now, both locally and installing it on some websites, and everything has gone fine so far.
But now I'm experiencing some problems logging in to some sites, one of which is drupal.org.
The creation of the new account completed successfully, but when I try to log in, it simply pulls me out without giving me any warning. If I try to login with wrong credentials then I receive a "wrong usename/password" error.
Some details:
- I connect to the Internet with an ISP that forces me behind a proxy, limiting me to use http/https on port nr. 80.
- I've published two Drupal 6.10 installations on different hosts, and I happen to experience such problems only on one of them: frasic.altervista.org - works perfectly toscana-offerte.com/drupal - accepts the login but keeps me logged out, just like drupal.org
- I am able to log into the websites with another connection (one that doesn't force me behind a proxy). Once I'm logged in, I can disconnect (keeping the browser open), connect again with the proxy connection and continue surfing without being thrown out.
The thing that hassles me is that on frasic.altervista.org I'm experiencing no problems at all. I have no clue, any suggestion or pointer will be really welcome.
I hope this was the right place to ask for help about this issue. I'd have some more questions I'd like to submit to the community, and my idea was to post them on the drupal.org forum, but as you know by now, I cannot easily use it.
Just to let you know, to get around this connection problem with the trick mentioned above (login - change connection - continue surfing) I'd have to subscribe another Internet connection but I currently can not afford it (the experiment was made with a friend's connection).
Please let me know if I can submit those issues here in the mailing list - that's no bug report or feature request, it's about making some context-aware sidebar boxes (unfortunately I wasn't able to find a solution in the existing threads, although there are many which cover the "context-aware sidebar content" and "pass variables to box content" topics)
Thank you very much for your attention, feel free to ask in case you are interested in this issue and need further details to investigate it.
Wish you all the best, have fun, Francesco entuland@gmail.com
Ciao Francesco,
This sounds like a cookie problem, could that be the case? When you connect and succesfully login, and lateron use your proxy connection you have no problem since the cookie is stored already (and still valid).
Regards, Annet
Francesco schreef:
- I've published two Drupal 6.10 installations on different hosts, and
I happen to experience such problems only on one of them: frasic.altervista.org - works perfectly toscana-offerte.com/drupal - accepts the login but keeps me logged out, just like drupal.org
- I am able to log into the websites with another connection (one that
doesn't force me behind a proxy). Once I'm logged in, I can disconnect (keeping the browser open), connect again with the proxy connection and continue surfing without being thrown out.
The thing that hassles me is that on frasic.altervista.org I'm experiencing no problems at all. I have no clue, any suggestion or pointer will be really welcome.
2009/5/7 Annet de Boer maiasaura@gmx.net:
Ciao Francesco,
This sounds like a cookie problem, could that be the case? When you connect and succesfully login, and lateron use your proxy connection you have no problem since the cookie is stored already (and still valid).
Regards, Annet
Ciao Annet, yes, it really sounds like a cookie problem, and something really strange is happening - at least that's strange for me...
After your comments I've decided to do some tests to check when and which cookies get set logging on the two sites (the working one and the one that throws me out).
Here are the results:
on frasic.altervista.org (and on other drupal installations on the same server): - I can log in with the proxy connection, no cookie gets set, I keep logged in; - I switch to the no-proxy connection without logging out and I get thrown out; - I log in with the no-proxy connection, a session cookie gets set, I keep logged in; - I switch to the proxy connection without logging out and I get thrown out; - I am not able to log in any more with the proxy connection if I don't delete the session cookie. Once deleted, I can log in again and keep logged in as usual.
on drupal.org or on toscana-offerte.com/drupal: - I can log in with the no-proxy connection, a session cookie gets set and I keep logged in. - I can switch to the proxy connection and keep logged in, but if I delete the session cookie I get thrown out again
Well, for the poor knowledge I have about all this stuff, I think that the drupal.org behavior is the right one...
The fact that I can keep logged in with no session cookie set on my PC frightens me... where does Drupal get the authentication from, when I'm browsing frasic.altervista.org while behind the proxy? Does my session cookie get saved on the proxy server?
I feel a bit uncomfortable after those tests... I look forward for your advice.
Thank you all for your attention, best regards, Francesco
Hi Francesco,
I'm not an expert on this subject, but I know there are several ways of authenticating users. Cookies can be disabled by browsers, so there are other ways (not necessarily better) like storing session ID's in URLs, for example. I don't know if the cookie gets stored on your proxy (but i believe this is possible, technically speaking) isn't there an IT department or other system admin that can tell you more about that maybe (somebody who installed the proxy I mean)? I assume once the host checks for cookies and none is found or is saved, they use a different method of authentication. Now the tests you did, in my eyes, seem a bit odd. Like, the normal behaviour would be to log out, before switching to a different connection, and also, your IP changes when you switch so it's not really strange that you get thrown out.
But actually my question is, what is exactly the case? In your first post it seemed the problem was you couldn't connect to several drupal sites when you use a proxy-connection, but on one you could and they were all the same drupal version? I'm not sure now. Can you be more specific on the exact question you have? Or maybe somebody else knows anything that might help?
I also remember there's an option in IE that says "bypass proxy for local addresses", now i don't know if the site where it works is 'local' for you, but if this option is checked maybe that could also make it work differently.
Greetings, Annet
Francesco schreef:
yes, it really sounds like a cookie problem, and something really strange is happening - at least that's strange for me...
After your comments I've decided to do some tests to check when and which cookies get set logging on the two sites (the working one and the one that throws me out).
Here are the results:
on frasic.altervista.org (and on other drupal installations on the same server):
- I can log in with the proxy connection, no cookie gets set, I keep logged in;
- I switch to the no-proxy connection without logging out and I get thrown out;
- I log in with the no-proxy connection, a session cookie gets set, I
keep logged in;
- I switch to the proxy connection without logging out and I get thrown out;
- I am not able to log in any more with the proxy connection if I
don't delete the session cookie. Once deleted, I can log in again and keep logged in as usual.
on drupal.org or on toscana-offerte.com/drupal:
- I can log in with the no-proxy connection, a session cookie gets set
and I keep logged in.
- I can switch to the proxy connection and keep logged in, but if I
delete the session cookie I get thrown out again
Well, for the poor knowledge I have about all this stuff, I think that the drupal.org behavior is the right one...
The fact that I can keep logged in with no session cookie set on my PC frightens me... where does Drupal get the authentication from, when I'm browsing frasic.altervista.org while behind the proxy? Does my session cookie get saved on the proxy server?
I feel a bit uncomfortable after those tests... I look forward for your advice.
Thank you all for your attention, best regards, Francesco
No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.325 / Virus Database: 270.12.21/2101 - Release Date: 05/06/09 17:58:00
Hi Annet, thank you for your response, I'll interleave my replies to your lines.
2009/5/13 Annet de Boer maiasaura@gmx.net:
Hi Francesco,
I'm not an expert on this subject, but I know there are several ways of authenticating users. Cookies can be disabled by browsers, so there are other ways (not necessarily better) like storing session ID's in URLs, for example. I don't know if the cookie gets stored on your proxy (but i believe this is possible, technically speaking)
I knew that other authentication methods were possible, my perplexity is about the fact that, as far as I know, Drupal relies on cookies alone, by default - and my test installations were plain, unmodified Drupal 6.10. Also, I've checked the URLs and no session ID appears there. My proxy must be definitely storing cookies for my connections.
isn't there an IT department or other system admin that can tell you more about that maybe (somebody who installed the proxy I mean)?
Unfortunately, I cannot rely on my ISP advice - I must cope with it because I knew in advance that the service was provided as-is, with no support whatsoever.
I assume once the host checks for cookies and none is found or is saved, they use a different method of authentication.
That's exactly what I thought in a first time, but taking the default behavior of Drupal for granted, I believe it relies on cookies alone.
Now the tests you did, in my eyes, seem a bit odd. Like, the normal behaviour would be to log out, before switching to a different connection, and also, your IP changes when you switch so it's not really strange that you get thrown out.
But actually my question is, what is exactly the case? In your first post it seemed the problem was you couldn't connect to several drupal sites when you use a proxy-connection, but on one you could and they were all the same drupal version? I'm not sure now. Can you be more specific on the exact question you have? Or maybe somebody else knows anything that might help?
Yes, all installations were plain 6.10 version. I'll re-expose the tests below, I'm not sure that I've fully explained them the first time.
I also remember there's an option in IE that says "bypass proxy for local addresses", now i don't know if the site where it works is 'local' for you, but if this option is checked maybe that could also make it work differently.
I do use that option in Firefox, actually, all local installations work perfectly, the problem appears only with (some) published sites.
Here are the test results exposed in another way:
| LP | LN | CP | CN | P>N | N>P | Drupal installed on: | NO | YES | N.A.| YES | N.A.| YES | toscana-offerte.com/drupal | YES | YES | NO | YES | NO | NO | frasic.altervista.org
Legend: LP - Can log in with proxy-connection LN - Can log in with normal-connection CP - Cookie gets set with proxy-connection CN - Cookie gets set with normal-connection P>N - Can keep logged in switching from proxy-connection to normal-connection N>P - Can keep logged in switching from normal-connection to proxy connection
Note: - on the first site, CP and P>N are "not applicable" because I cannot log in in first instance. - with "cookie gets set" I mean "gets set locally on my PC". I'm planning another test in order to check if my proxy server is storing cookies for me, more about that at the bottom of this message.
Actually, the above does not expose all the tests I did, hence I'm rearranging (a bit) the texts I've sent in my previous message - I'm also adding some suppositions in square brackets, all the points are plain facts, I've double checked them:
---------------------------- on frasic.altervista.org (and on other drupal installations on the same server):
A - I can log in with the proxy connection, no cookie gets set, I keep logged in [ I suppose the cookie gets set on the proxy server ]
B - I switch to the normal connection without logging out and I get thrown out [ I suppose that with normal connection, Drupal expects a cookie to be sent back from my PC, while with the proxy connection, it must be the proxy server the one who is sending it back ]
C - I log in with the normal connection, a session cookie gets set, I keep logged in [ that should be the normal behavior ]
D - I switch to the proxy connection without logging out and I get thrown out [ although there is a cookie in my PC in this very moment...]
E - I am not able to log in any more with the proxy connection if I don't delete the session cookie. Once deleted, I can log in again and keep logged in as usual. [ this must mean that the cookie does actually get sent to Drupal, but evidently it must be considered an invalid cookie ]
------------------------------------
on drupal.org or on toscana-offerte.com/drupal:
F - I can log in with the normal connection, a session cookie gets set and I keep logged in. [ just fine ]
G - I can switch to the proxy connection and keep logged in, but if I delete the session cookie I get thrown out again [ and just fine once again ]
-------------------
I think I'll do some tests more, I'll try to hack some core function in order to display the cookies it is using on the pages it will render. I'll get back here again once I'll be done with those tests.
I'll dig my way to find the right function to hack, I was about to ask for a pointer but I think it will be more instructive to find it by myself - this should help me understanding better the Drupal flow of calls.
Shall somebody be interested in deeper details about the proxy connection I'm using, please ask for them in a private message, I'm not comfortable disclosing such details in public.
Thank you all once again for your interest and your attention - and for your patience! I happen to be verbose and redundant at very least ;-)
Have good time, long life to Drupal Francesco
Hi all, here is an update about my issue, I've found the way to keep logged in using the proxy connection - at least on my websites - hence I consider the problem of this very thread almost solved - almost, as I still cannot log in to drupal.org. Read on if you will.
----
Luckily I had not to hack anything at all, checking out the cookies was way easier than I thought.
This is the code I inserted in a block: <?php print_r($_COOKIE); ?>
And I got a confirmation: a session cookie gets set and used by my Dupal installation even when I'm behind a proxy, only that the cookie do not reside on my PC - hence, my proxy server must be storing it for me.
Is that bad news? I don't know.
Anyway, playing around with urls I've come to discover that if I add www to the path I can log in with no problems on the websites which used to keep me out (when using the proxy connection). *That* is good news, I can finally manage those sites without having to subscribe a different connection.
(although I found the way to keep logged in to my sites, I still can't log in into drupal.org. I suppose that if it were set to allow www.drupal.org as base url instead of redirecting all requests to the no-www paths, then I could keep logged in there even with my uncomfortable proxy connection...)
But now I have another problem. Here are the directives I'm using:
------------------
RewriteCond %{HTTP_HOST} ^toscana-offerte.com$ [NC] RewriteRule ^(.*)$ http://www.toscana-offerte.com/$1 [L,R=301]
RewriteBase /drupal
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
-----------------
And here is the problem.
While requesting these...
- http://www.toscana-offerte.com/drupal - http://www.toscana-offerte.com/drupal/node/add/page
...works fine and keeps me logged in, if I request these...
- http://toscana-offerte.com/drupal - http://toscana-offerte.com/drupal/node/add/page
...the server returns...
- http://www.toscana-offerte.com - http://www.toscana-offerte.com/node/add/page
...and of course, the very last address above gives a 404 because there is no Drupal installation at the root address.
Why is the string "\drupal" being stripped out by my .htaccess? Shouldn't the rewritebase condition ensure that it doesn't get stripped?
Hope somebody could help here too - the most important problem is solved now, but it would be nice to fix also this little incongruence.
Thanks a lot for your attention. Cheers, Francesco
-
Annet de Boer -
Francesco