dhis2-users team mailing list archive
-
dhis2-users team
-
Mailing list archive
-
Message #10812
Re: Browser not working
What I am seeing (comparing firefox to chrome) is that chrome is ignoring
the set-cookie it gets from the login.action and doesn't use it in the
redirected request.
So for example
POST /hmis/dhis-web-commons-security/login.action HTTP/1.1
Host: hmis.moh.gov.rw
Connection: keep-alive
Content-Length: 36
Cache-Control: max-age=0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: https://hmis.moh.gov.rw
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/48.0.2564.116 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer:
https://hmis.moh.gov.rw/hmis/dhis-web-commons/security/login.action;jsessionid=9AAEAFA84230F8727E1A6B77D80B2C01
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Cookie: JSESSIONID=9AAEAFA84230F8727E1A6B77D80B2C01
produces this response
HTTP/1.1 302 Found
Server: nginx/1.4.6 (Ubuntu)
Date: Tue, 19 Jul 2016 22:15:16 GMT
Content-Length: 0
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Set-Cookie: JSESSIONID=2065911121DF703529E7F9CBDB526AF6; Path=/hmis/;
HttpOnly
Location: https://hmis.moh.gov.rw/hmis
(Note the set-cookie)
Now when firefox follows the redirect it includes that cookie and the user
logs in successfully, but chrome produces the following response to the 302:
GET /hmis HTTP/1.1
Host: hmis.moh.gov.rw
Connection: keep-alive
Cache-Control: max-age=0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/48.0.2564.116 Safari/537.36
Referer:
https://hmis.moh.gov.rw/hmis/dhis-web-commons/security/login.action;jsessionid=9AAEAFA84230F8727E1A6B77D80B2C01
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
As you see chrome has ignored the Cookie. It looks very similar to an old
"misbehaviour" in chrome described here :
https://bugs.chromium.org/p/chromium/issues/detail?id=150066. Like there
is something about the response which chrome doesn't like and hence
silently drops the cookie.
That's all I can say for now.
On 19 July 2016 at 22:46, Bob Jolliffe <bobjolliffe@xxxxxxxxx> wrote:
> Not really related, but those double GETs I see probably indicate that you
> are redirecting to http and that in turn to https. Can you check that in
> developer tools?
>
> On 19 July 2016 at 22:30, Olav Poppe <olav.poppe@xxxxxx> wrote:
>
>> The two servers I’m currently experiencing this with is using
>> dhis2-tools, and I assume the one Tony wrote about earlier is using the
>> same.
>>
>> As for logs, catalina.out shows the following:
>> * WARN 2016-07-19 21:18:41,983 Authentication event
>> *AuthenticationSuccessEvent*: olavpo; details:
>> org.springframework.security.web.authentication.WebAuthenticationDetails@380f4:
>> RemoteIpAddress: 127.0.0.1; SessionId: 2FD09C6C6D9D1DEE16E8E38A8F7A38DE
>> (LoggerListener.java [tomcat-http-9])
>> * WARN 2016-07-19 21:18:41,984 Authentication event
>> SessionFixationProtectionEvent: olavpo; details:
>> org.springframework.security.web.authentication.WebAuthenticationDetails@380f4:
>> RemoteIpAddress: 127.0.0.1; SessionId: 2FD09C6C6D9D1DEE16E8E38A8F7A38DE
>> (LoggerListener.java [tomcat-http-9])
>> * WARN 2016-07-19 21:18:41,984 Authentication event
>> InteractiveAuthenticationSuccessEvent: olavpo; details:
>> org.springframework.security.web.authentication.WebAuthenticationDetails@380f4:
>> RemoteIpAddress: 127.0.0.1; SessionId: 2FD09C6C6D9D1DEE16E8E38A8F7A38DE
>> (LoggerListener.java [tomcat-http-9])
>> * INFO 2016-07-19 21:18:41,987 'olavpo' update
>> org.hisp.dhis.user.UserCredentials, name: Olav Poppe, uid: R8ZvjXptEW2
>> (AuditLogUtil.java [tomcat-http-9])
>>
>> And nginx access.log the following (nothing in error.log):
>> 1.76.8.51 - - [19/Jul/2016:21:28:02 +0000] "GET
>> /dhis/dhis-web-commons-stream/ping.action?_=1468963693718 HTTP/1.1" 200 34 "
>> https://XXX/dhis/dhis-web-dataentry/index.action
>> <https://xxx/dhis/dhis-web-dataentry/index.action>" "Mozilla/5.0
>> (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
>> Chrome/53.0.2785.8 Safari/537.36"
>> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "POST
>> /staging/dhis-web-commons-security/login.action HTTP/1.1" 302 0 "
>> https://XXX/staging/dhis-web-commons/security/login.action
>> <https://xxx/staging/dhis-web-commons/security/login.action>"
>> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML,
>> like Gecko) Chrome/51.0.2704.106 Safari/537.36"
>> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET /staging HTTP/1.1"
>> 301 193 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5)
>> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
>> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET /staging HTTP/1.1"
>> 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5)
>> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
>> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET
>> /staging/dhis-web-commons/security/login.action HTTP/1.1" 301 193 "-"
>> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML,
>> like Gecko) Chrome/51.0.2704.106 Safari/537.36"
>> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET
>> /staging/dhis-web-commons/security/login.action HTTP/1.1" 200 1439 "-"
>> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML,
>> like Gecko) Chrome/51.0.2704.106 Safari/537.36"
>> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET
>> /staging/api/staticContent/logo_front HTTP/1.1" 302 0 "
>> https://XXX/staging/dhis-web-commons/security/login.action
>> <https://xxx/staging/dhis-web-commons/security/login.action>"
>> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML,
>> like Gecko) Chrome/51.0.2704.106 Safari/537.36"
>> 41.76.8.51 - - [19/Jul/2016:21:28:33 +0000] "GET
>> /dhis/dhis-web-commons-stream/ping.action?_=1468963724720 HTTP/1.1" 200 34 "
>> https://XXX/dhis/dhis-web-dataentry/index.action
>> <https://xxx/dhis/dhis-web-dataentry/index.action>" "Mozilla/5.0
>> (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
>> Chrome/53.0.2785.8 Safari/537.36"
>>
>> And I can also add that I have the same issue with Chrome Canary.
>>
>> Olav
>>
>>
>>
>>
>> 19. jul. 2016 kl. 20.27 skrev Steven Uggowitzer <whotopia@xxxxxxxxx>:
>>
>> Jason, what aspects of the Nginx config?
>> I have at least a dozen sites running with same parameters (using include
>> blocks) and only the ones with 2.24 seem to be having this issue.
>>
>> Would it help to post those parameters? What did you conclude was
>> causing the problem when you last encountered it?
>>
>> S
>>
>>
>> --------------------------
>> Steven Uggowitzer
>> eSHIfT Partner Network, Entuura Ventures Ltd
>> Tel: +41 22 366 1920
>> Mob: +41 79 719 4180
>> Skype: fendant123
>> LinkedIn: http://ch.linkedin.com/in/stevenuggowitzer
>>
>> On 19 July 2016 at 19:17, Jason Pickering <jason.p.pickering@xxxxxxxxx>
>> wrote:
>>
>>> I have seen this before as well, but never like it has been described
>>> here. In my case, it was related to an incorrect nginx config.
>>>
>>> Is there something common here? Are all of you using dhis-tools, or
>>> homebaked nginx configurations?
>>>
>>> Does the browser/Tomcat/nginx log provide any useful information?
>>>
>>> Do you observe the same thing if you attempt to hit DHIS2 directly
>>> without going through the reverse proxy?
>>>
>>> Regards,
>>> Jason
>>>
>>>
>>> On Tue, Jul 19, 2016 at 6:45 PM, Steven Uggowitzer <whotopia@xxxxxxxxx>
>>> wrote:
>>>
>>>> It's for Chrome and Safari here.
>>>> One interesting symptom: when logging in with correct username and
>>>> password the resulting URL includes jsessionid, but bounces back to the
>>>> login screen, versus incorrect authentication parameters result in "Wrong
>>>> username or password". See attached screen shot for comparison:
>>>>
>>>>
>>>> <Screen Shot 2016-07-19 at 18.43.18.png>
>>>>
>>>> --------------------------
>>>> Steven Uggowitzer
>>>> eSHIfT Partner Network, Entuura Ventures Ltd
>>>> Tel: +41 22 366 1920
>>>> Mob: +41 79 719 4180
>>>> Skype: fendant123
>>>> LinkedIn: http://ch.linkedin.com/in/stevenuggowitzer
>>>>
>>>> On 19 July 2016 at 18:04, Bob Jolliffe <bobjolliffe@xxxxxxxxx> wrote:
>>>>
>>>>> Is this only in chrome?
>>>>>
>>>>> On 19 July 2016 at 17:01, Olav Poppe <olav.poppe@xxxxxx> wrote:
>>>>>
>>>>>> I can confirm that I now see the same issue in non-2.22 as well. Very
>>>>>> strange behavior - I can at times log in, but is then logged off when
>>>>>> navigation between different modules.
>>>>>>
>>>>>>
>>>>>>
>>>>>> 19. jul. 2016 kl. 15.28 skrev Olav Poppe <olav.poppe@xxxxxx>:
>>>>>>
>>>>>> Forwarding to user list. Not 2.24 issue then it seems.
>>>>>>
>>>>>> Olav
>>>>>>
>>>>>>
>>>>>>
>>>>>> Videresendt melding:
>>>>>>
>>>>>> *Fra: *ifeanyiokoye@xxxxxxxxx
>>>>>> *Emne: **Re: [Dhis2-users] Browser not working*
>>>>>> *Dato: *19. juli 2016 kl. 15.19.34 GMT
>>>>>> *Til: *Olav Poppe <olav.poppe@xxxxxx>
>>>>>>
>>>>>> Just to add that I'm using version 2.22 build 22086
>>>>>>
>>>>>>
>>>>>> *From: *Olav Poppe
>>>>>> *Sent: *Tuesday, 19 July 2016 16:08
>>>>>> *To: *ifeanyiokoye@xxxxxxxxx
>>>>>> *Cc: *Bob Jolliffe; Ntawuyirusha Emmanuel; DHIS Users
>>>>>> *Subject: *Re: [Dhis2-users] Browser not working
>>>>>>
>>>>>> Hi, I can add that I have the same problem on two different servers:
>>>>>> logging in with Chrome (or Safari) does not work, Firefox works fine.
>>>>>> Instances are both 2.24 build. Nginx 1.4.6 are running on both servers.
>>>>>> Both servers have other non-2.24 instances that does not have the same
>>>>>> problem.
>>>>>>
>>>>>> To add to the problem, the DHIS 2 top menu does not work in Firefox,
>>>>>> e.g. nothing works…Not sure if that’s a general problem or not. Again, menu
>>>>>> works in non-24 instances.
>>>>>>
>>>>>> Regards
>>>>>> Olav
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> 19. jul. 2016 kl. 14.41 skrev ifeanyiokoye@xxxxxxxxx:
>>>>>>
>>>>>> Dear Bob,
>>>>>> I am having this same issue to with Chrome. After entering the log in
>>>>>> credentials, it opens a page with API data and does not log in. If I am
>>>>>> lucky and have a data entry page open, then I can log in at the prompt and
>>>>>> that works.
>>>>>> Our instance is set to load the dashboard as the opening page.
>>>>>>
>>>>>> Have to keep struggling with it till it eventually logs in.
>>>>>>
>>>>>> Thanks
>>>>>> Original Message
>>>>>> From: Bob Jolliffe
>>>>>> Sent: Tuesday, 19 July 2016 14:58
>>>>>> To: Ntawuyirusha Emmanuel
>>>>>> Cc: dhis2-users
>>>>>> Subject: Re: [Dhis2-users] Browser not working
>>>>>>
>>>>>> Hi Emmanuel
>>>>>>
>>>>>> I am following up on a separate thread. I'll copy you into that.
>>>>>>
>>>>>> I see it is a problem, seemingly related to chrome mishandling the
>>>>>> JSESSIONID cookie so even though the credentials are tested and dhis2
>>>>>> logs a successful authentication, the browser cookie doesn't match the
>>>>>> session id in dhis and so you don't get in. I am really not sure why
>>>>>> What I also don't know is what might have changed to cause this to
>>>>>> happen. I am assuming you didn't just wake up one morning and this
>>>>>> started to happen. There has been some change to nginx configuration
>>>>>> or dhis2 upgrade or something similar.
>>>>>>
>>>>>> On 19 July 2016 at 14:40, Ntawuyirusha Emmanuel <ntawemma@xxxxxxxxx>
>>>>>> wrote:
>>>>>>
>>>>>> i tried to uninstall and reinstall it again but the issue is still
>>>>>> remaining, Note that this is happening to all users using Goggle
>>>>>> Chrome as
>>>>>> most of them are familiar with it.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> On Mon, Jul 18, 2016 at 7:49 PM, Knut Staring <knutst@xxxxxxxxx>
>>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> Maybe try to reinstall Chrome.
>>>>>>
>>>>>> Knut
>>>>>>
>>>>>>
>>>>>> On Tuesday, July 19, 2016, Ntawuyirusha Emmanuel <ntawemma@xxxxxxxxx>
>>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> Thank you Bob,
>>>>>>
>>>>>> I tried to use New Incognito windows and Clear browsing data but the
>>>>>> issue is remaining for Google Chrome , actually when we restart the
>>>>>> server
>>>>>> the username and password work only once and then after the problem
>>>>>> persist.
>>>>>> we are still waiting for your support.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> On Mon, Jul 18, 2016 at 12:42 PM, Bob Jolliffe <bobjolliffe@xxxxxxxxx
>>>>>> >
>>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> oops, forgot users ...
>>>>>>
>>>>>> ---------- Forwarded message ----------
>>>>>> From: Bob Jolliffe <bobjolliffe@xxxxxxxxx>
>>>>>> Date: 18 July 2016 at 11:40
>>>>>> Subject: Re: [Dhis2-users] Browser not working
>>>>>> To: Emmanuel Ntawuyirusha <ntawemma@xxxxxxxxx>
>>>>>>
>>>>>>
>>>>>> Hi Emmanuel
>>>>>>
>>>>>> If it works with firefox then it is really likely to be a chrome cache
>>>>>> issue. Try and login with chrome incognito mode. If that works then
>>>>>> you can be reasonably sure.
>>>>>>
>>>>>> If so, then try ...
>>>>>>
>>>>>> https://www.dhis2.org/tutorials/how-to-really-clear-browser-cache
>>>>>>
>>>>>> Bob
>>>>>>
>>>>>> On 18 July 2016 at 11:08, Emmanuel Ntawuyirusha <ntawemma@xxxxxxxxx>
>>>>>> wrote:
>>>>>>
>>>>>> Deal all, we are facing the issue of using Google Chrome, when using
>>>>>> username and password there is a message saying wrong username and
>>>>>> password.
>>>>>> But it is working well with Mozilla Firefox. We tried to clean cash
>>>>>> but
>>>>>> nothing improved
>>>>>> Does any one know what to do to fix this problem.
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Mailing list: https://launchpad.net/~dhis2-users
>>>>>> Post to : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>>>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Mailing list: https://launchpad.net/~dhis2-users
>>>>>> Post to : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>>>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Mr. Emmanuel NTAWUYIRUSHA*
>>>>>> HMIS/MOH
>>>>>> Telephone: *+250 788408772*
>>>>>> Email: ntawemma@xxxxxxxxx
>>>>>> "Do Good. Do It Well."
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Knut Staring
>>>>>> Dept. of Informatics, University of Oslo
>>>>>> Norway: +4791880522
>>>>>> Skype: knutstar
>>>>>> http://dhis2.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Mr. Emmanuel NTAWUYIRUSHA*
>>>>>> HMIS/MOH
>>>>>> Telephone: *+250 788408772*
>>>>>> Email: ntawemma@xxxxxxxxx
>>>>>> "Do Good. Do It Well."
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Mailing list: https://launchpad.net/~dhis2-users
>>>>>> Post to : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>>>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>>
>>>>>> _______________________________________________
>>>>>> Mailing list: https://launchpad.net/~dhis2-users
>>>>>> Post to : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>>>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Mailing list: https://launchpad.net/~dhis2-users
>>>>>> Post to : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>>>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Mailing list: https://launchpad.net/~dhis2-users
>>>>> Post to : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Mailing list: https://launchpad.net/~dhis2-users
>>>> Post to : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>>> More help : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>>
>>>
>>> --
>>> Jason P. Pickering
>>> email: jason.p.pickering@xxxxxxxxx
>>> tel:+46764147049
>>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-users
>> Post to : dhis2-users@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~dhis2-users
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-users
>> Post to : dhis2-users@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~dhis2-users
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>
Follow ups
References