[ckan-dev] User sessions don't work

Adrià Mercader adria.mercader at okfn.org
Thu Jan 12 14:55:37 UTC 2017


Hi Antonio,

Ignore the cookies for a moment. In your first email you suggested that the
admin user worked fine but the non-admin users didn't work (were logged
out).
Can you confirm if this is still the case? I would imagine that if there is
a problem with cookies and the server configuration it would affect all
users regardless of if they are admins or not.

The cookie that deals with authentication is the auth_tkt, the one named
"ckan" is the one used by the beaker session, currently only used for Flash
messages.

Also are you using any custom extensions? Does the problem still happen
with extensions disabled?

Adrià

On 12 January 2017 at 09:13, Antonio Jesús Sánchez Padial <
antonio.sanchez at inia.es> wrote:

> Hi everyone,
>
> I have continued studying and testing.
>
> When I first sent this issue my configuration was different than the one
> proposed at "Deploying a source install".
> <http://docs.ckan.org/en/latest/maintaining/installing/deployment.html>I
> had tried to simplify it removing the nginx server, and dispatching
> everything from nginx.
>
> So I went back, and set it up again with both servers apache and nginx
> following every step in the guide.
>
> The situation right is the following:
>
> - When I run it on production mode, ckan seems to work ok. I go to login.
> My browser gets a `ckan` cookie. When I authenticate myself, it still seems
> to work and I got to my dashboard. Then whatever link I take the session is
> broken, and I got logged out. I got the same fails if I access via IP or
> domain, http://10.2.80.33 or http://data.inia.es. The machine isn't
> currently accesible from the outside.
>
> - When I run it on debug mode, using paster, I got a "Internal Server
> Error" because my user can't write the ckan cookie created by www-data in
> production mode previously. Once I remove the `ckan` cookie in my browser,
> everything works fine. I can login, navigate, etc. I could check there's no
> `ckan` cookie but an `auth_tkt` cookie.
>
> - When I log in on production mode, I can briefly see the `auth_tkt`
> cookie in my firebug inspector, but then it's removed and replaced with the
> `ckan` cookie.
>
> Could anyone through a clue about what's happening here? Or what can I do
> to obtain further information from my system?
>
> Thanks a lot, I'm at this point when you are learning more and more the
> system, but got stuck and frustrated with no idea how to go on.
>
> Best regards,
>
> El 07/12/2016 a las 9:09, Antonio Jesús Sánchez Padial escribió:
>
> Hi Carl,
>
> Thanks for your support.
>
> We are running CKAN behind Apache (in port 80). Requests are served via
> WSGI. CKAN config file says it runs on port 5000, but I think that only
> happens in debug mode, doesn't it?
>
> This is my Apache VirtualHost configuration for CKAN, though I think it's
> the standard one:
>
> <VirtualHost *:80>
>     ServerName data.inia.es
>     WSGIScriptAlias / /etc/ckan/default/apache.wsgi
>     # pass authorization info on (needed for rest api)
>     WSGIPassAuthorization On
>     # Deploy as a daemon (avoids conflicts between CKAN instances)
>     WSGIDaemonProcess ckan_default display-name=ckan_default processes=2
> threads=15
>     WSGIProcessGroup ckan_default
>     ErrorLog /var/log/apache2/ckan_default.error.log
>     CustomLog /var/log/apache2/ckan_default.custom.log combined
>     <IfModule mod_rpaf.c>
>         RPAFenable On
>         RPAFsethostname On
>         RPAFproxy_ips 127.0.0.1
>     </IfModule>
> </VirtualHost>
>
> I didn't find anything remarkable in the logs, either.
>
> Best regards,
>
> El 05/12/2016 a las 15:48, Carl Lange escribió:
>
> Hi Antonio,
>
> Is your CKAN behind basic HTTP authentication?
> Is your CKAN hosted at a port other than 80?
> Did you do anything special with the nginx settings at
> /etc/nginx/sites-available/ckan?
>
> Cheers,
> Carl
>
>
> On Mon, 5 Dec 2016 at 12:57 Antonio Jesús Sánchez Padial <
> antonio.sanchez at inia.es> wrote:
>
>> Hi CKAN friends,
>>
>> probably this is a very basic question, but I feel I need some guidance
>> at this moment.
>>
>> We have installed CKAN in our private network. We can login and it works
>> fine with the admin user. We have created also some non-admin users to
>> play with. When we login with those users it seems to work, but when we
>> navigate to any other page in the CKAN site the session is lost (the
>> login and register links appear in the top bar, instead of the user
>> information).
>>
>> Can anyone point us where to find additional information about what are
>> we doing wrong? I couldn't find anything on google, or ckan doc, but I
>> feel like I'm not using the proper wording.
>>
>> Thanks,
>>
>> --
>> Antonio Jesús Sánchez Padial
>> Jefe del Servicio de Biometría
>> antonio.sanchez at inia.es
>> Tlfno: +34 91 347 6831 <+34%20913%2047%2068%2031>
>> INIA, Ctra.m de La Coruña, km.7
>> 28040 Madrid
>>
>> Boletín Agrobits de ciencia de datos en investigación agraria
>>    http://agrobits.spadial.com
>>
>> _______________________________________________
>> ckan-dev mailing list
>> ckan-dev at lists.okfn.org
>> https://lists.okfn.org/mailman/listinfo/ckan-dev
>> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>>
>
>
> _______________________________________________
> ckan-dev mailing listckan-dev at lists.okfn.orghttps://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>
>
> --
> Antonio Jesús Sánchez Padial
> Jefe del Servicio de Biometríaantonio.sanchez at inia.es
> Tlfno: +34 91 347 6831 <+34%20913%2047%2068%2031>
> INIA, Ctra.m de La Coruña, km.7
> 28040 Madrid
>
> Boletín Agrobits de ciencia de datos en investigación agraria
>   http://agrobits.spadial.com
>
>
>
> _______________________________________________
> ckan-dev mailing listckan-dev at lists.okfn.orghttps://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>
>
> --
> Antonio Jesús Sánchez Padial
> Jefe del Servicio de Biometríaantonio.sanchez at inia.es
> Tlfno: +34 91 347 6831 <+34%20913%2047%2068%2031>
> INIA, Ctra.m de La Coruña, km.7
> 28040 Madrid
>
> Boletín Agrobits de ciencia de datos en investigación agraria
>   http://agrobits.spadial.com
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20170112/69c55a0f/attachment-0003.html>


More information about the ckan-dev mailing list