Homepage | Products | OX Knowledge Base | Support | Try Now | Contact | Company
OX Logo
Results 1 to 9 of 9
  1. #1
    sledge0303 Guest

    Default Session IDs, question

    Hello,

    may you have realized I am working for an OX installment with Lighttpd as webserver daemon. Have tested Lighty with Neo's VMware environment and experienced during login for oxadmin "Ihre Session ist abgelaufen - your session has expired. Bitte loggen sie sich erneut ein - Please login again".
    Without ever got a change to log in before, what means an earlier session can´t be in existence.

    The settings for Lighttpd seems to be ok and may it needs some changes in sources. Do you have an idea to what place in source that kind of settings are stored?

    my settings for AJP13 worker:

    server.modules += ( "mod_proxy_backend_ajp13" )
    $HTTP["url"] =~ "^/servlet/*|^/ajax/*" {
    proxy-core.balancer = "round-robin"
    proxy-core.protocol = "ajp13"
    proxy-core.backends = ( "localhost:8009" )
    proxy-core.max-pool-size = 16
    }
    May I missed something?

  2. #2
    Ben Pahne Guest

    Default

    I think you don't have cookies activated in your Browser.

    You can set the session timeout in this file:

    /opt/openexchange/etc/groupware/sessiond.properties

  3. #3
    sledge0303 Guest

    Default

    Many thanks Ben for info.
    Will check both, sessiond.properties and cookie settings for Lighty.

  4. #4
    sledge0303 Guest

    Default

    Hello Ben,

    it obviously have nothing to do with cookies, with or without following settings

    "mod_usertrack",
    usertrack.cookie-name = "JSESSIONID"
    I get always following cookie named 'JSESSIONID'. The same like in formerly versions of OX.

    I have tried to do some changes in /opt/openexchange/etc/groupware/sessiond.properties without success.

    # session container timeout
    com.openexchange.sessiond.sessionContainerTimeout: 4200000
    commented, played with the number and ox restartet... no way to login

    # check if a user already has a session and overwrite it
    com.openexchange.sessiond.isDoubleLoginPermitted:f alse
    EDIT
    *'false' above not displayed ok. it is false not f alse*
    /EDIT

    Have set from 'false' to 'true', the same result - no login possible.

    Always pop up a message 'Ihre Sitzung ist abgelaufen! Bitte melden Sie sich neu an'...

    Have I missed something in sessiond.properties file?

    In 0.8.X Versions login is possible. I guess there must be a compareable to 0.8.X server.config setting like this below, but where is it in Hyperion?
    SETUPLINK:/umin/Login?NAS_ID=**NAS_ID**&sessionID=**NAS_ID**
    Your help is appreaciated
    Last edited by sledge0303; 03-28-2007 at 07:07 PM.

  5. #5
    Ender Guest

    Default

    This morning I was trying to get some old code to talk to Hyperions sessiond, and I did note this error would be constant if "com.openexchange.sessiond.isTcpClientSocketEnable d" was set to true in etc/groupware/sessiond.properties.

    Setting it back to false cleared it up for me. (Edit: I doubt this is your problem exactly, but on the off chance you were mucking around with config files
    Last edited by Ender; 03-29-2007 at 08:17 AM.

  6. #6
    Ben Pahne Guest

    Default

    i never saw anything like this before and i also don't know how lighty works. do you need this at all?

  7. #7
    Francisco Laguna Guest

    Default

    I'll try to clear up the cookie issue a bit. On the whole the OX will set two cookies. One, the JSESSIONID, is used to track the Servlet Session, that's standard handling for all servlets, so whenever your browser talks to a servlet engine (be it ours or tomcat or jetty...) you'll eventually be rewarded with a JSESSIONID cookie.

    The other one is called "open-xchange-session-" plus some random String. That's the one containing the session-id and the one you want to look out for.

    To illustrate this point further: If you fire up telnet and play browser you can get the following exchange:
    ------------[snip]----------

    GET /ajax/login?action=login&name=yourUsername&password=your Password HTTP/1.1
    Host: localhost

    HTTP/1.1 200 OK
    Date: Thu, 29 Mar 2007 08:29:40 GMT
    Server: Apache/2.2.3 (Debian) mod_jk/1.2.18
    Expires: Sat, 6 May 1995 12:00:00 GMT
    Pragma: no-cache
    Cache-Control: post-check=0, pre-check=0
    Set-Cookie: JSESSIONID=9ba87cbab9944ed723cd93772435fc3d346d210 f.OX1; path=/
    Set-Cookie: open-xchange-session-a56470a53963e98a5a69de48eab9f8ec=5a617b18e93a918a2 e360019bab1c1aa; path=/
    Transfer-Encoding: chunked
    Content-Type: text/javascript; charset=UTF-8

    47
    {"session":"a56470a53963e98a5a69de48eab9f8ec","ran dom":"1175156984284"}
    0

    -------------[snap]-----------

    As you can see you are rewarded with a new sessionID and in the cookies section the two cookies I talked about. If you want to play browser yourself you could log onto the machine the OX is running on (or any other adjusting the example accordingly), fire up telnet and type in the request:

    > telnet localhost 80
    Trying 127.0.0.1...
    Connected to localhost.
    GET /ajax/login?action=login&name=yourUsername&password=your Password HTTP/1.1
    Host: localhost
    [return]

    and you can check the answer yourself.

  8. #8
    sledge0303 Guest

    Default

    Quote Originally Posted by Ben Pahne View Post
    i never saw anything like this before and i also don't know how lighty works. do you need this at all?
    Hello Ben,

    The difference between Lighty and Apache2 is, Lighty doesn´t need that kind of ressources like Apache2 and works with better performance. Anyway I always check out both daemons.
    Especially for someone who just suppose to install at small dedicated/local server appreaciate Lighty.
    I offer, in case everything´s run fine you get u/p and see for yourself if you want

    ...
    ...
    > telnet localhost 80
    Trying 127.0.0.1...
    Connected to localhost.
    GET /ajax/login?action=login&name=yourUsername&password=your Password HTTP/1.1
    Host: localhost
    [return]

    and you can check the answer yourself.
    An option I havn´t thought about yet... may this opens my eyes to solve this lil prob... many thanks for the hint and tell you my results later in the day when I checked out this

  9. #9
    sledge0303 Guest

    Default

    Hello,

    the first problem with Authentification seems to be solved now, it was caused by an ipv6 conflict obviously. Have realized this after Francisco's tip with telnet.

    That request done by telnet reported a 400 error message, what made me perplex a bit and simple 'netstat -tulpen' unearth the truth:

    AJP13 was running at port 8009 as intended, but just for ipv6 connections.
    Have used Neo's VM Image to test it out, my own Kernels/web daemons have no ipv6 support yet and that was the last one I suspected to be the reason
    What anyway makes me wonder: why does it say 'my session has expired' instead message like '403'...hmmmmmm

    Now, the login passed ok but after this it doesn´t switch from login page to ox components. If you read the logs after successful login it is speaking a different language:

    "GET /ajax/login?action=login&name=oxadmin&password=password HTTP/1.1" 200 82 "http://ox.testserver.de/ox.html" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
    "GET /ajax/config/?session=f9a49f88edbd72c5efc952e487e2106c HTTP/1.1" 200 148 "http://ox.testserver.de/ox.html" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
    "GET /ajax/folders?action=get&session=f9a49f88edbd72c5efc952e 487e2106c&folder=INBOX&id=INBOX&columns=310,311 HTTP/1.1" 200 148 "http://ox.testserver.de/ox.html" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
    "GET /ajax/quota?action=mail&session=f9a49f88edbd72c5efc952e4 87e2106c HTTP/1.1" 200 148 "http://ox.testserver.de/ox.html" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
    "GET /ajax/quota?action=filestore&session=f9a49f88edbd72c5efc 952e487e2106c HTTP/1.1" 200 148 "http://ox.testserver.de/ox.html" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
    "GET /ajax/calendar?action=has&session=f9a49f88edbd72c5efc952 e487e2106c&start=1174867200000&end=1175472000000 HTTP/1.1" 200 148 "http://ox.testserver.de/ox.html" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
    It proofs my settings for AJP13 worker seems to be okay and Lighty doesn´t understand commands in the scripts or doesn´t know how to handle these requests.
    I keep an eye on it tomorrow.
    Many thanks to you both for assistance.
    Last edited by sledge0303; 03-29-2007 at 11:44 PM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •