Defect #5051
closedCookie issue when using Redmine on Firefox
0%
Description
Redmine appears to not correctly remove the cookies/cache for login/logout when using Firefox. I've test this in FF 3.5.8/3.6 on Windows XP/Vista/7/Ubuntu, and I get the same problem. Using IE 7/8 it works fine.
Occasionally whilst performing operations (including Login) it returns this error message:
Invalid form authenticity token.
Using Chris Pederick's Firefox Web Developer Toolbar to clear cookies manually resolves the login problem.
System details
*Database: MySQL 5.1.44
*Ruby: 4.2
*Rails: 2.2.3
*Redmine: 0.9.1 > 0.9.3
*Server: Debian Squeeze
Files
Related issues
Updated by Jean-Philippe Lang over 14 years ago
Please give the detailed steps that shows the problem.
Updated by Ewan Makepeace over 14 years ago
Am getting the 'Invalid form authenticity token.' message quite often these days. It seems to be related to whether I have recently logged in on another browser (since I started with Chrome for Mac) but I am unsure. What I do know is that it is incredibly frustrating, because when it starts to happen I often cannot access Redmine for some time and may have to switch browsers, restart the browser, delete all cookies or reboot (am still not quite sure which is the magic incantation).
Updated by Nikolay Kotlyarov over 14 years ago
Way to reproduce (using Firefox on windows):
Log in redmine choosing the "remember me" check box.
Then use redmine for a while closing and opening the browser (which logs automatically).
After that click the "log out" link and
try to log in -- the error "Invalid form authenticity token." appears:(
Redmine version: 0.9.3
Updated by Nikolay Kotlyarov over 14 years ago
+ trying to log in after actions above using IE -- same error.
Updated by Nikolay Kotlyarov over 14 years ago
found also:
the error appears independently of username and password entered.
Updated by Nikolay Kotlyarov over 14 years ago
Sorry, my error was due to redmine_time_tracker plugin..
Updated by Fritz brause over 14 years ago
Way to reproduce (using Firefox,Safari,Chrome on Mac):
- Login redmine
- choose project
- choose ticket
- click on "Log time"
- enterning valid data to the "Spent time"-Form
- click save
-> Result "Invalid form authenticity token."
Updated by Nikolay Kotlyarov over 14 years ago
Fritz brause wrote:
-> Result "Invalid form authenticity token."
For me reproducing was without errors.
Have you installed any plugins? (especially some time logging plugins?)
Try to reproduce your bug after disabling/deleting them.
Updated by Fritz brause over 14 years ago
Nikolay Kotlyarov wrote:
Have you installed any plugins? (especially some time logging plugins?)
No, i didn't install any plugins, it's "plain redmine" - The Debian release for squeeze.
Updated by Nikolay Kotlyarov over 14 years ago
Fritz brause wrote:
No, i didn't install any plugins, it's "plain redmine" - The Debian release for squeeze.
Check what happens in your environment's log when reproducing the bug (for RAILS_ENV="production": production.log in redmine/log).
(using Firefox,Safari,Chrome on Mac):
is it only Mac issue, or on other platforms the result is the same?
Updated by Fritz brause over 14 years ago
Nikolay Kotlyarov wrote:
is it only Mac issue, or on other platforms the result is the same?
Same behavior on an WindowsXP FF
Updated by Fritz brause over 14 years ago
Maybe a Cookie Problem:
Because when i view at all the redmine-cookies, there is for each path an own cookie, is this a normal behavior?
Updated by Fritz brause over 14 years ago
Nikolay Kotlyarov wrote:
Check what happens in your environment's log when reproducing the bug (for RAILS_ENV="production": production.log in redmine/log).
My Logfile Login:
Processing AccountController#login (for 78.42.130.210 at 2010-05-05 22:34:30) [POST] Parameters: {"back_url"=>"https%3A%2F%2F+++%2Flogin%3Fback_url%3Dhttps%3A%2F%2F+++%2Fissues%2F6", "action"=>"login", "authenticity_token"=>"34b450a791fe21e942b0936fe663865d48c969d0", "username"=>"fb", "controller"=>"account", "password"=>"[FILTERED]", "login"=>"Anmelden \302\273"} Redirected to controllermyactionpage Completed in 15ms (DB: 9) | 302 Found [https://++/login]
Changing to the Issue Page:
Processing TimelogController#edit (for 78.42.130.210 at 2010-05-05 22:36:23) [GET] Parameters: {"issue_id"=>"7", "action"=>"edit", "controller"=>"timelog"} Rendering template within layouts/base Rendering timelog/edit Completed in 61ms (View: 40, DB: 1) | 200 OK [https://+++/issues/7/time_entries/new]
After Submitting the timelog...
Processing TimelogController#edit (for 78.42.130.210 at 2010-05-05 22:37:23) [POST] Parameters: {"time_entry"=>{"comments"=>"134", "issue_id"=>"7", "activity_id"=>"9", "spent_on"=>"2010-05-05", "hours"=>"1"}, "back_url"=>"https%3A%2F%2F+++%2Fissues%2F7", "commit"=>"Save", "project_id"=>"redmine", "action"=>"edit", "authenticity_token"=>"f3facdd3991dd20d70381df4fdcfa069f197304d", "controller"=>"timelog"} Rendering template within layouts/base
- The authenticity_token is note the same as after the login.
- i got 3 Cookies for 3 pathes with different values.
Updated by Nikolay Kotlyarov over 14 years ago
You are using secure connection. That's why cookies may be different each time..
Maybe that is due to your local network settings.. Or maybe that's due to server SSL settings.
How did you set up your redmine service? (apache(noSSL|OpenSSL)/nginx/etc + webrick/mongrel/thin/etc)
To localize the problem try the following:log on to server(to exclude local network case) and see if the problem reproduces when
- connecting directly from server to apache/etc (localhost/127.0.0.1/0.0.0.1)
- connecting directly from server to mongrel/thin service (localgost:3000)
Updated by Fritz brause over 14 years ago
- File cookie_path.gif cookie_path.gif added
Nikolay Kotlyarov wrote:
You are using secure connection. That's why cookies may be different each time..
may i am wrong, but this shouldn't happen - the cookie may change his value but not one Cookie for each path: image attached:
How did you set up your redmine service? (apache(noSSL|OpenSSL)/nginx/etc + webrick/mongrel/thin/etc)
Apache mod_ssl, our setup runs on over 400 Servers.
To localize the problem try the following:
log on to server(to exclude local network case) and see if the problem reproduces when
- connecting directly from server to apache/etc (localhost/127.0.0.1/0.0.0.1)
127.0.0.1 is localhost and not set to our Redmine Virtual Host ;-) I dont think this issue belongs to SSL.
Updated by Fritz brause over 14 years ago
By the Way:
if i "update" the Issue, i can add a time an everthing ist well, but just logging an Time Log is not possible in any way for me.
Updated by Lluís Vilanova over 14 years ago
Issue #5387 contains an explanation of why this might have already been resolved.
Updated by Fritz brause over 14 years ago
hallo Lluís Vilanova, an Debian-Update fixed this for me.
Updated by Felix Schäfer over 14 years ago
- Status changed from New to Closed
- Resolution set to Duplicate
I'll flag this as fixed, the resolution seems to be in #3968.
Updated by Ewan Makepeace about 14 years ago
- Status changed from Closed to Reopened
In version Redmine 1.0.1.devel.4167 (MySQL) I am still seeing this problem every day. See #5230 ?
Updated by Felix Schäfer about 14 years ago
Ewan Makepeace wrote:
In version Redmine 1.0.1.devel.4167 (MySQL) I am still seeing this problem every day. See #5230 ?
What now, a cookie or an invalid authenticity token problem?
Updated by Jan Niggemann (redmine.org team member) almost 12 years ago
- Status changed from Reopened to Closed
- Resolution changed from Duplicate to No feedback
We are currently clearing the tracker, I'm closing this one because it lacks feedback and is about a very old release.
Updated by Toshi MARUYAMA about 9 years ago
- Related to Defect #5230: Invalid form authenticity token. added