Project

General

Profile

Actions

Defect #5051

closed

Cookie issue when using Redmine on Firefox

Added by Lee McIntosh almost 15 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-03-11
Due date:
% Done:

0%

Estimated time:
Resolution:
No feedback
Affected version:

Description

Redmine appears to not correctly remove the cookies/cache for login/logout when using Firefox. I've test this in FF 3.5.8/3.6 on Windows XP/Vista/7/Ubuntu, and I get the same problem. Using IE 7/8 it works fine.

Occasionally whilst performing operations (including Login) it returns this error message:
Invalid form authenticity token.

Using Chris Pederick's Firefox Web Developer Toolbar to clear cookies manually resolves the login problem.

System details
*Database: MySQL 5.1.44
*Ruby: 4.2
*Rails: 2.2.3
*Redmine: 0.9.1 > 0.9.3
*Server: Debian Squeeze


Files

cookie_path.gif (15.7 KB) cookie_path.gif Fritz brause, 2010-05-06 10:08

Related issues

Related to Redmine - Defect #5387: Invalid autenticity tokenClosed2010-04-27

Actions
Related to Redmine - Patch #3968: session cookie path does not respect RAILS_RELATIVE_URL_ROOTClosedEric Davis2009-10-04

Actions
Related to Redmine - Defect #5230: Invalid form authenticity token.New2010-04-01

Actions
Actions #1

Updated by Jean-Philippe Lang almost 15 years ago

Please give the detailed steps that shows the problem.

Actions #2

Updated by Ewan Makepeace almost 15 years ago

Am getting the 'Invalid form authenticity token.' message quite often these days. It seems to be related to whether I have recently logged in on another browser (since I started with Chrome for Mac) but I am unsure. What I do know is that it is incredibly frustrating, because when it starts to happen I often cannot access Redmine for some time and may have to switch browsers, restart the browser, delete all cookies or reboot (am still not quite sure which is the magic incantation).

Actions #3

Updated by Nikolay Kotlyarov almost 15 years ago

Way to reproduce (using Firefox on windows):
Log in redmine choosing the "remember me" check box.
Then use redmine for a while closing and opening the browser (which logs automatically).
After that click the "log out" link and
try to log in -- the error "Invalid form authenticity token." appears:(

Redmine version: 0.9.3

Actions #4

Updated by Nikolay Kotlyarov almost 15 years ago

+ trying to log in after actions above using IE -- same error.

Actions #5

Updated by Nikolay Kotlyarov almost 15 years ago

found also:
the error appears independently of username and password entered.

Actions #6

Updated by Nikolay Kotlyarov almost 15 years ago

Sorry, my error was due to redmine_time_tracker plugin..

Actions #7

Updated by Fritz brause over 14 years ago

Way to reproduce (using Firefox,Safari,Chrome on Mac):
- Login redmine
- choose project
- choose ticket
- click on "Log time"
- enterning valid data to the "Spent time"-Form
- click save

-> Result "Invalid form authenticity token."

Actions #8

Updated by Nikolay Kotlyarov over 14 years ago

Fritz brause wrote:

-> Result "Invalid form authenticity token."

For me reproducing was without errors.

Have you installed any plugins? (especially some time logging plugins?)
Try to reproduce your bug after disabling/deleting them.

Actions #9

Updated by Fritz brause over 14 years ago

Nikolay Kotlyarov wrote:

Have you installed any plugins? (especially some time logging plugins?)

No, i didn't install any plugins, it's "plain redmine" - The Debian release for squeeze.

Actions #10

Updated by Nikolay Kotlyarov over 14 years ago

Fritz brause wrote:

No, i didn't install any plugins, it's "plain redmine" - The Debian release for squeeze.

Check what happens in your environment's log when reproducing the bug (for RAILS_ENV="production": production.log in redmine/log).

(using Firefox,Safari,Chrome on Mac):

is it only Mac issue, or on other platforms the result is the same?

Actions #11

Updated by Fritz brause over 14 years ago

Nikolay Kotlyarov wrote:

is it only Mac issue, or on other platforms the result is the same?

Same behavior on an WindowsXP FF

Actions #12

Updated by Fritz brause over 14 years ago

Maybe a Cookie Problem:
Because when i view at all the redmine-cookies, there is for each path an own cookie, is this a normal behavior?

Actions #13

Updated by Fritz brause over 14 years ago

Nikolay Kotlyarov wrote:

Check what happens in your environment's log when reproducing the bug (for RAILS_ENV="production": production.log in redmine/log).

My Logfile Login:


Processing AccountController#login (for 78.42.130.210 at 2010-05-05 22:34:30) [POST]
  Parameters: {"back_url"=>"https%3A%2F%2F+++%2Flogin%3Fback_url%3Dhttps%3A%2F%2F+++%2Fissues%2F6", "action"=>"login", "authenticity_token"=>"34b450a791fe21e942b0936fe663865d48c969d0", "username"=>"fb", "controller"=>"account", "password"=>"[FILTERED]", "login"=>"Anmelden \302\273"}
Redirected to controllermyactionpage
Completed in 15ms (DB: 9) | 302 Found [https://++/login]

Changing to the Issue Page:

Processing TimelogController#edit (for 78.42.130.210 at 2010-05-05 22:36:23) [GET]
  Parameters: {"issue_id"=>"7", "action"=>"edit", "controller"=>"timelog"}
Rendering template within layouts/base
Rendering timelog/edit
Completed in 61ms (View: 40, DB: 1) | 200 OK [https://+++/issues/7/time_entries/new]

After Submitting the timelog...

Processing TimelogController#edit (for 78.42.130.210 at 2010-05-05 22:37:23) [POST]
  Parameters: {"time_entry"=>{"comments"=>"134", "issue_id"=>"7", "activity_id"=>"9", "spent_on"=>"2010-05-05", "hours"=>"1"}, "back_url"=>"https%3A%2F%2F+++%2Fissues%2F7", "commit"=>"Save", "project_id"=>"redmine", "action"=>"edit", "authenticity_token"=>"f3facdd3991dd20d70381df4fdcfa069f197304d", "controller"=>"timelog"}
Rendering template within layouts/base

- The authenticity_token is note the same as after the login.
- i got 3 Cookies for 3 pathes with different values.

Actions #14

Updated by Nikolay Kotlyarov over 14 years ago

You are using secure connection. That's why cookies may be different each time..
Maybe that is due to your local network settings.. Or maybe that's due to server SSL settings.

How did you set up your redmine service? (apache(noSSL|OpenSSL)/nginx/etc + webrick/mongrel/thin/etc)

To localize the problem try the following:
log on to server(to exclude local network case) and see if the problem reproduces when
  • connecting directly from server to apache/etc (localhost/127.0.0.1/0.0.0.1)
  • connecting directly from server to mongrel/thin service (localgost:3000)
Actions #15

Updated by Fritz brause over 14 years ago

Nikolay Kotlyarov wrote:

You are using secure connection. That's why cookies may be different each time..

may i am wrong, but this shouldn't happen - the cookie may change his value but not one Cookie for each path: image attached:

How did you set up your redmine service? (apache(noSSL|OpenSSL)/nginx/etc + webrick/mongrel/thin/etc)

Apache mod_ssl, our setup runs on over 400 Servers.

To localize the problem try the following:
log on to server(to exclude local network case) and see if the problem reproduces when
  • connecting directly from server to apache/etc (localhost/127.0.0.1/0.0.0.1)

127.0.0.1 is localhost and not set to our Redmine Virtual Host ;-) I dont think this issue belongs to SSL.

Actions #16

Updated by Fritz brause over 14 years ago

an other related bug ? #5387

Actions #17

Updated by Fritz brause over 14 years ago

By the Way:

if i "update" the Issue, i can add a time an everthing ist well, but just logging an Time Log is not possible in any way for me.

Actions #18

Updated by Lluís Vilanova over 14 years ago

Issue #5387 contains an explanation of why this might have already been resolved.

Actions #19

Updated by Fritz brause over 14 years ago

hallo Lluís Vilanova, an Debian-Update fixed this for me.

Actions #20

Updated by Fritz brause over 14 years ago

Thanks a lot!

Actions #21

Updated by Felix Schäfer over 14 years ago

  • Status changed from New to Closed
  • Resolution set to Duplicate

I'll flag this as fixed, the resolution seems to be in #3968.

Actions #22

Updated by Ewan Makepeace about 14 years ago

  • Status changed from Closed to Reopened

In version Redmine 1.0.1.devel.4167 (MySQL) I am still seeing this problem every day. See #5230 ?

Actions #23

Updated by Felix Schäfer about 14 years ago

Ewan Makepeace wrote:

In version Redmine 1.0.1.devel.4167 (MySQL) I am still seeing this problem every day. See #5230 ?

What now, a cookie or an invalid authenticity token problem?

Actions #24

Updated by Jan Niggemann (redmine.org team member) almost 12 years ago

  • Status changed from Reopened to Closed
  • Resolution changed from Duplicate to No feedback

We are currently clearing the tracker, I'm closing this one because it lacks feedback and is about a very old release.

Actions #25

Updated by Toshi MARUYAMA over 9 years ago

  • Related to Defect #5230: Invalid form authenticity token. added
Actions

Also available in: Atom PDF