dhis2-users team mailing list archive

[Bob Jolliffe <bobjolliffe@xxxxxxxxx>]

I have a workaround which a few folk have confirmed is working.

Please just try and add a trailing '/'  to the url.  ie instead of going to
"https://mydomain/dhis";, try "https://mydomain/dhis/";.

On 20 July 2016 at 04:38, <ifeanyiokoye@xxxxxxxxx> wrote:

> ‎Hello Everyone,
> We are using Tomcat as web server not nginx.
>
> We also did not use dhis2-tools.
>
> Thanks
>
>
> *From: *Bob Jolliffe
> *Sent: *Tuesday, 19 July 2016 23:33
> *To: *Olav Poppe
> *Cc: *DHIS Users; Steven Uggowitzer
> *Subject: *Re: [Dhis2-users] Browser not working
>
> What I am seeing (comparing firefox to chrome) is that chrome is ignoring
> the set-cookie it gets from the login.action and doesn't use it in the
> redirected request.
>
> So for example
>
> POST /hmis/dhis-web-commons-security/login.action HTTP/1.1
> Host: hmis.moh.gov.rw
> Connection: keep-alive
> Content-Length: 36
> Cache-Control: max-age=0
> Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
> Origin: https://hmis.moh.gov.rw
> Upgrade-Insecure-Requests: 1
> User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/48.0.2564.116 Safari/537.36
> Content-Type: application/x-www-form-urlencoded
> Referer:
> https://hmis.moh.gov.rw/hmis/dhis-web-commons/security/login.action;jsessionid=9AAEAFA84230F8727E1A6B77D80B2C01
> Accept-Encoding: gzip, deflate
> Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
> Cookie: JSESSIONID=9AAEAFA84230F8727E1A6B77D80B2C01
>
> produces this response
> HTTP/1.1 302 Found
> Server: nginx/1.4.6 (Ubuntu)
> Date: Tue, 19 Jul 2016 22:15:16 GMT
> Content-Length: 0
> Connection: keep-alive
> X-XSS-Protection: 1; mode=block
> X-Frame-Options: DENY
> X-Content-Type-Options: nosniff
> Set-Cookie: JSESSIONID=2065911121DF703529E7F9CBDB526AF6; Path=/hmis/;
> HttpOnly
> Location: https://hmis.moh.gov.rw/hmis
>
> (Note the set-cookie)
>
> Now when firefox follows the redirect it includes that cookie and the user
> logs in successfully, but chrome produces the following response to the 302:
>
> GET /hmis HTTP/1.1
> Host: hmis.moh.gov.rw
> Connection: keep-alive
> Cache-Control: max-age=0
> Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
> Upgrade-Insecure-Requests: 1
> User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/48.0.2564.116 Safari/537.36
> Referer:
> https://hmis.moh.gov.rw/hmis/dhis-web-commons/security/login.action;jsessionid=9AAEAFA84230F8727E1A6B77D80B2C01
> Accept-Encoding: gzip, deflate, sdch
> Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
>
> As you see chrome has ignored the Cookie.  It looks very similar to an old
> "misbehaviour" in chrome described here :
> https://bugs.chromium.org/p/chromium/issues/detail?id=150066.  Like there
> is something about the response which chrome doesn't like and hence
> silently drops the cookie.
>
> That's all I can say for now.
>
>
> On 19 July 2016 at 22:46, Bob Jolliffe <bobjolliffe@xxxxxxxxx> wrote:
>
>> Not really related, but those double GETs I see probably indicate that
>> you are redirecting to http and that in turn to https.  Can you check that
>> in developer tools?
>>
>> On 19 July 2016 at 22:30, Olav Poppe <olav.poppe@xxxxxx> wrote:
>>
>>> The two servers I’m currently experiencing this with is using
>>> dhis2-tools, and I assume the one Tony wrote about earlier is using the
>>> same.
>>>
>>> As for logs, catalina.out shows the following:
>>> * WARN  2016-07-19 21:18:41,983 Authentication event
>>> *AuthenticationSuccessEvent*: olavpo; details:
>>> org.springframework.security.web.authentication.WebAuthenticationDetails@380f4:
>>> RemoteIpAddress: 127.0.0.1; SessionId: 2FD09C6C6D9D1DEE16E8E38A8F7A38DE
>>> (LoggerListener.java [tomcat-http-9])
>>> * WARN  2016-07-19 21:18:41,984 Authentication event
>>> SessionFixationProtectionEvent: olavpo; details:
>>> org.springframework.security.web.authentication.WebAuthenticationDetails@380f4:
>>> RemoteIpAddress: 127.0.0.1; SessionId: 2FD09C6C6D9D1DEE16E8E38A8F7A38DE
>>> (LoggerListener.java [tomcat-http-9])
>>> * WARN  2016-07-19 21:18:41,984 Authentication event
>>> InteractiveAuthenticationSuccessEvent: olavpo; details:
>>> org.springframework.security.web.authentication.WebAuthenticationDetails@380f4:
>>> RemoteIpAddress: 127.0.0.1; SessionId: 2FD09C6C6D9D1DEE16E8E38A8F7A38DE
>>> (LoggerListener.java [tomcat-http-9])
>>> * INFO  2016-07-19 21:18:41,987 'olavpo' update
>>> org.hisp.dhis.user.UserCredentials, name: Olav Poppe, uid: R8ZvjXptEW2
>>> (AuditLogUtil.java [tomcat-http-9])
>>>
>>> And nginx access.log the following (nothing in error.log):
>>> 1.76.8.51 - - [19/Jul/2016:21:28:02 +0000] "GET
>>> /dhis/dhis-web-commons-stream/ping.action?_=1468963693718 HTTP/1.1" 200 34 "
>>> https://XXX/dhis/dhis-web-dataentry/index.action
>>> <https://xxx/dhis/dhis-web-dataentry/index.action>" "Mozilla/5.0
>>> (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
>>> Chrome/53.0.2785.8 Safari/537.36"
>>> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "POST
>>> /staging/dhis-web-commons-security/login.action HTTP/1.1" 302 0 "
>>> https://XXX/staging/dhis-web-commons/security/login.action
>>> <https://xxx/staging/dhis-web-commons/security/login.action>"
>>> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML,
>>> like Gecko) Chrome/51.0.2704.106 Safari/537.36"
>>> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET /staging HTTP/1.1"
>>> 301 193 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5)
>>> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
>>> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET /staging HTTP/1.1"
>>> 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5)
>>> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"
>>> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET
>>> /staging/dhis-web-commons/security/login.action HTTP/1.1" 301 193 "-"
>>> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML,
>>> like Gecko) Chrome/51.0.2704.106 Safari/537.36"
>>> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET
>>> /staging/dhis-web-commons/security/login.action HTTP/1.1" 200 1439 "-"
>>> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML,
>>> like Gecko) Chrome/51.0.2704.106 Safari/537.36"
>>> 212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] "GET
>>> /staging/api/staticContent/logo_front HTTP/1.1" 302 0 "
>>> https://XXX/staging/dhis-web-commons/security/login.action
>>> <https://xxx/staging/dhis-web-commons/security/login.action>"
>>> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML,
>>> like Gecko) Chrome/51.0.2704.106 Safari/537.36"
>>> 41.76.8.51 - - [19/Jul/2016:21:28:33 +0000] "GET
>>> /dhis/dhis-web-commons-stream/ping.action?_=1468963724720 HTTP/1.1" 200 34 "
>>> https://XXX/dhis/dhis-web-dataentry/index.action
>>> <https://xxx/dhis/dhis-web-dataentry/index.action>" "Mozilla/5.0
>>> (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
>>> Chrome/53.0.2785.8 Safari/537.36"
>>>
>>> And I can also add that I have the same issue with Chrome Canary.
>>>
>>> Olav
>>>
>>>
>>>
>>>
>>> 19. jul. 2016 kl. 20.27 skrev Steven Uggowitzer <whotopia@xxxxxxxxx>:
>>>
>>> Jason, what aspects of the Nginx config?
>>> I have at least a dozen sites running with same parameters (using
>>> include blocks) and only the ones with 2.24 seem to be having this issue.
>>>
>>> Would it help to post those parameters?   What did you conclude was
>>> causing the problem when you last encountered it?
>>>
>>> S
>>>
>>>
>>> --------------------------
>>> Steven Uggowitzer
>>> eSHIfT Partner Network,  Entuura Ventures Ltd
>>> Tel: +41 22 366 1920
>>> Mob: +41 79 719 4180
>>> Skype: fendant123
>>> LinkedIn: http://ch.linkedin.com/in/stevenuggowitzer
>>>
>>> On 19 July 2016 at 19:17, Jason Pickering <jason.p.pickering@xxxxxxxxx>
>>> wrote:
>>>
>>>> I have seen this before as well, but never like it has been described
>>>> here. In my case, it was related to an incorrect nginx config.
>>>>
>>>> Is there something common here? Are all of you using dhis-tools, or
>>>> homebaked nginx configurations?
>>>>
>>>> Does the browser/Tomcat/nginx log provide any useful information?
>>>>
>>>> Do you observe the same thing if you attempt to hit DHIS2 directly
>>>> without going through the reverse proxy?
>>>>
>>>> Regards,
>>>> Jason
>>>>
>>>>
>>>> On Tue, Jul 19, 2016 at 6:45 PM, Steven Uggowitzer <whotopia@xxxxxxxxx>
>>>> wrote:
>>>>
>>>>> It's for Chrome and Safari here.
>>>>> One interesting symptom:  when logging in with correct username and
>>>>> password the resulting URL includes jsessionid, but bounces back to the
>>>>> login screen, versus incorrect authentication parameters result in "Wrong
>>>>> username or password".   See attached screen shot for comparison:
>>>>>
>>>>>
>>>>> <Screen Shot 2016-07-19 at 18.43.18.png>
>>>>>
>>>>> --------------------------
>>>>> Steven Uggowitzer
>>>>> eSHIfT Partner Network,  Entuura Ventures Ltd
>>>>> Tel: +41 22 366 1920
>>>>> Mob: +41 79 719 4180
>>>>> Skype: fendant123
>>>>> LinkedIn: http://ch.linkedin.com/in/stevenuggowitzer
>>>>>
>>>>> On 19 July 2016 at 18:04, Bob Jolliffe <bobjolliffe@xxxxxxxxx> wrote:
>>>>>
>>>>>> Is this only in chrome?
>>>>>>
>>>>>> On 19 July 2016 at 17:01, Olav Poppe <olav.poppe@xxxxxx> wrote:
>>>>>>
>>>>>>> I can confirm that I now see the same issue in non-2.22 as well.
>>>>>>> Very strange behavior - I can at times log in, but is then logged off when
>>>>>>> navigation between different modules.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> 19. jul. 2016 kl. 15.28 skrev Olav Poppe <olav.poppe@xxxxxx>:
>>>>>>>
>>>>>>> Forwarding to user list. Not 2.24 issue then it seems.
>>>>>>>
>>>>>>> Olav
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Videresendt melding:
>>>>>>>
>>>>>>> *Fra: *ifeanyiokoye@xxxxxxxxx
>>>>>>> *Emne: **Re: [Dhis2-users] Browser not working*
>>>>>>> *Dato: *19. juli 2016 kl. 15.19.34 GMT
>>>>>>> *Til: *Olav Poppe <olav.poppe@xxxxxx>
>>>>>>>
>>>>>>> Just to add that I'm using version 2.22 build 22086
>>>>>>>
>>>>>>>
>>>>>>> *From: *Olav Poppe
>>>>>>> *Sent: *Tuesday, 19 July 2016 16:08
>>>>>>> *To: *ifeanyiokoye@xxxxxxxxx
>>>>>>> *Cc: *Bob Jolliffe; Ntawuyirusha Emmanuel; DHIS Users
>>>>>>> *Subject: *Re: [Dhis2-users] Browser not working
>>>>>>>
>>>>>>> Hi, I can add that I have the same problem on two different servers:
>>>>>>> logging in with Chrome (or Safari) does not work, Firefox works fine.
>>>>>>> Instances are both 2.24 build. Nginx 1.4.6 are running on both servers.
>>>>>>> Both servers have other non-2.24 instances that does not have the same
>>>>>>> problem.
>>>>>>>
>>>>>>> To add to the problem, the DHIS 2 top menu does not work in Firefox,
>>>>>>> e.g. nothing works…Not sure if that’s a general problem or not. Again, menu
>>>>>>> works in non-24 instances.
>>>>>>>
>>>>>>> Regards
>>>>>>> Olav
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> 19. jul. 2016 kl. 14.41 skrev ifeanyiokoye@xxxxxxxxx:
>>>>>>>
>>>>>>> Dear Bob,
>>>>>>> I am having this same issue to with Chrome. After entering the log
>>>>>>> in credentials, it opens a page with API data and does not log in. If I am
>>>>>>> lucky and have a data entry page open, then I can log in at the prompt and
>>>>>>> that works.
>>>>>>> Our instance is set to load the dashboard as the opening page.
>>>>>>>
>>>>>>> Have to keep struggling with it till it eventually logs in.
>>>>>>>
>>>>>>> Thanks
>>>>>>>   Original Message
>>>>>>> From: Bob Jolliffe
>>>>>>> Sent: Tuesday, 19 July 2016 14:58
>>>>>>> To: Ntawuyirusha Emmanuel
>>>>>>> Cc: dhis2-users
>>>>>>> Subject: Re: [Dhis2-users] Browser not working
>>>>>>>
>>>>>>> Hi Emmanuel
>>>>>>>
>>>>>>> I am following up on a separate thread. I'll copy you into that.
>>>>>>>
>>>>>>> I see it is a problem, seemingly related to chrome mishandling the
>>>>>>> JSESSIONID cookie so even though the credentials are tested and dhis2
>>>>>>> logs a successful authentication, the browser cookie doesn't match
>>>>>>> the
>>>>>>> session id in dhis and so you don't get in. I am really not sure why
>>>>>>> What I also don't know is what might have changed to cause this to
>>>>>>> happen. I am assuming you didn't just wake up one morning and this
>>>>>>> started to happen. There has been some change to nginx configuration
>>>>>>> or dhis2 upgrade or something similar.
>>>>>>>
>>>>>>> On 19 July 2016 at 14:40, Ntawuyirusha Emmanuel <ntawemma@xxxxxxxxx>
>>>>>>> wrote:
>>>>>>>
>>>>>>> i tried to uninstall and reinstall it again but the issue is still
>>>>>>> remaining, Note that this is happening to all users using Goggle
>>>>>>> Chrome as
>>>>>>> most of them are familiar with it.
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>> On Mon, Jul 18, 2016 at 7:49 PM, Knut Staring <knutst@xxxxxxxxx>
>>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>> Maybe try to reinstall Chrome.
>>>>>>>
>>>>>>> Knut
>>>>>>>
>>>>>>>
>>>>>>> On Tuesday, July 19, 2016, Ntawuyirusha Emmanuel <ntawemma@xxxxxxxxx
>>>>>>> >
>>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>> Thank you Bob,
>>>>>>>
>>>>>>> I tried to use New Incognito windows and Clear browsing data but the
>>>>>>> issue is remaining for Google Chrome , actually when we restart the
>>>>>>> server
>>>>>>> the username and password work only once and then after the problem
>>>>>>> persist.
>>>>>>> we are still waiting for your support.
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>> On Mon, Jul 18, 2016 at 12:42 PM, Bob Jolliffe <
>>>>>>> bobjolliffe@xxxxxxxxx>
>>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>> oops, forgot users ...
>>>>>>>
>>>>>>> ---------- Forwarded message ----------
>>>>>>> From: Bob Jolliffe <bobjolliffe@xxxxxxxxx>
>>>>>>> Date: 18 July 2016 at 11:40
>>>>>>> Subject: Re: [Dhis2-users] Browser not working
>>>>>>> To: Emmanuel Ntawuyirusha <ntawemma@xxxxxxxxx>
>>>>>>>
>>>>>>>
>>>>>>> Hi Emmanuel
>>>>>>>
>>>>>>> If it works with firefox then it is really likely to be a chrome
>>>>>>> cache
>>>>>>> issue. Try and login with chrome incognito mode. If that works then
>>>>>>> you can be reasonably sure.
>>>>>>>
>>>>>>> If so, then try ...
>>>>>>>
>>>>>>> https://www.dhis2.org/tutorials/how-to-really-clear-browser-cache
>>>>>>>
>>>>>>> Bob
>>>>>>>
>>>>>>> On 18 July 2016 at 11:08, Emmanuel Ntawuyirusha <ntawemma@xxxxxxxxx>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Deal all, we are facing the issue of using Google Chrome, when using
>>>>>>> username and password there is a message saying wrong username and
>>>>>>> password.
>>>>>>> But it is working well with Mozilla Firefox. We tried to clean cash
>>>>>>> but
>>>>>>> nothing improved
>>>>>>> Does any one know what to do to fix this problem.
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Mailing list: https://launchpad.net/~dhis2-users
>>>>>>> Post to : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Mailing list: https://launchpad.net/~dhis2-users
>>>>>>> Post to : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> *Mr. Emmanuel NTAWUYIRUSHA*
>>>>>>> HMIS/MOH
>>>>>>> Telephone: *+250 788408772*
>>>>>>> Email: ntawemma@xxxxxxxxx
>>>>>>> "Do Good. Do It Well."
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Knut Staring
>>>>>>> Dept. of Informatics, University of Oslo
>>>>>>> Norway: +4791880522
>>>>>>> Skype: knutstar
>>>>>>> http://dhis2.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> *Mr. Emmanuel NTAWUYIRUSHA*
>>>>>>> HMIS/MOH
>>>>>>> Telephone: *+250 788408772*
>>>>>>> Email: ntawemma@xxxxxxxxx
>>>>>>> "Do Good. Do It Well."
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Mailing list: https://launchpad.net/~dhis2-users
>>>>>>> Post to : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Mailing list: https://launchpad.net/~dhis2-users
>>>>>>> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Mailing list: https://launchpad.net/~dhis2-users
>>>>>>> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>>>>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Mailing list: https://launchpad.net/~dhis2-users
>>>>>> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>>>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Mailing list: https://launchpad.net/~dhis2-users
>>>>> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Jason P. Pickering
>>>> email: jason.p.pickering@xxxxxxxxx
>>>> tel:+46764147049
>>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~dhis2-users
>>> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~dhis2-users
>>> Post to     : dhis2-users@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~dhis2-users
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>
>