[ckan-dev] User sessions don't work

Antonio Jesús Sánchez Padial antonio.sanchez at inia.es
Thu Jan 12 16:21:07 UTC 2017 

Hi Adrià,

I went through the cookies way because of the difference found in debug 
vs production mode. However, your view makes a lot a sense, i will 
explore it.

The admin user works fine, I can navigate with no issues through the 
application.

I have removed all the plugins but the default ones

    ckan.plugins: stats text_view recline_view

With NO change in the behaviour, I mean sessions doesn't work .

is there any way to stop using beaker? I found weird that the auth_tkt 
cookie dissapears. Where is its lifetime set?

Thanks a lot,

El 12/01/2017 a las 15:55, Adrià Mercader escribió:
> Hi Antonio,
>
> Ignore the cookies for a moment. In your first email you suggested 
> that the admin user worked fine but the non-admin users didn't work 
> (were logged out).
> Can you confirm if this is still the case? I would imagine that if 
> there is a problem with cookies and the server configuration it would 
> affect all users regardless of if they are admins or not.
>
> The cookie that deals with authentication is the auth_tkt, the one 
> named "ckan" is the one used by the beaker session, currently only 
> used for Flash messages.
>
> Also are you using any custom extensions? Does the problem still 
> happen with extensions disabled?
>
> Adrià
>
> On 12 January 2017 at 09:13, Antonio Jesús Sánchez Padial 
> <antonio.sanchez at inia.es <mailto:antonio.sanchez at inia.es>> wrote:
>
>     Hi everyone,
>
>     I have continued studying and testing.
>
>     When I first sent this issue my configuration was different than
>     the one proposed at "Deploying a source install".
>     <http://docs.ckan.org/en/latest/maintaining/installing/deployment.html>I
>     had tried to simplify it removing the nginx server, and
>     dispatching everything from nginx.
>
>     So I went back, and set it up again with both servers apache and
>     nginx following every step in the guide.
>
>     The situation right is the following:
>
>     - When I run it on production mode, ckan seems to work ok. I go to
>     login. My browser gets a `ckan` cookie. When I authenticate
>     myself, it still seems to work and I got to my dashboard. Then
>     whatever link I take the session is broken, and I got logged out.
>     I got the same fails if I access via IP or domain,
>     http://10.2.80.33 or http://data.inia.es. The machine isn't
>     currently accesible from the outside.
>
>     - When I run it on debug mode, using paster, I got a "Internal
>     Server Error" because my user can't write the ckan cookie created
>     by www-data in production mode previously. Once I remove the
>     `ckan` cookie in my browser, everything works fine. I can login,
>     navigate, etc. I could check there's no `ckan` cookie but an
>     `auth_tkt` cookie.
>
>     - When I log in on production mode, I can briefly see the
>     `auth_tkt` cookie in my firebug inspector, but then it's removed
>     and replaced with the `ckan` cookie.
>
>     Could anyone through a clue about what's happening here? Or what
>     can I do to obtain further information from my system?
>
>     Thanks a lot, I'm at this point when you are learning more and
>     more the system, but got stuck and frustrated with no idea how to
>     go on.
>
>     Best regards,
>
>
>     El 07/12/2016 a las 9:09, Antonio Jesús Sánchez Padial escribió:
>>
>>     Hi Carl,
>>
>>     Thanks for your support.
>>
>>     We are running CKAN behind Apache (in port 80). Requests are
>>     served via WSGI. CKAN config file says it runs on port 5000, but
>>     I think that only happens in debug mode, doesn't it?
>>
>>     This is my Apache VirtualHost configuration for CKAN, though I
>>     think it's the standard one:
>>
>>         <VirtualHost *:80>
>>             ServerName data.inia.es <http://data.inia.es>
>>             WSGIScriptAlias / /etc/ckan/default/apache.wsgi
>>             # pass authorization info on (needed for rest api)
>>             WSGIPassAuthorization On
>>             # Deploy as a daemon (avoids conflicts between CKAN
>>         instances)
>>             WSGIDaemonProcess ckan_default display-name=ckan_default
>>         processes=2 threads=15
>>             WSGIProcessGroup ckan_default
>>             ErrorLog /var/log/apache2/ckan_default.error.log
>>             CustomLog /var/log/apache2/ckan_default.custom.log combined
>>             <IfModule mod_rpaf.c>
>>                 RPAFenable On
>>                 RPAFsethostname On
>>                 RPAFproxy_ips 127.0.0.1
>>             </IfModule>
>>         </VirtualHost>
>>
>>     I didn't find anything remarkable in the logs, either.
>>
>>     Best regards,
>>
>>
>>     El 05/12/2016 a las 15:48, Carl Lange escribió:
>>>     Hi Antonio,
>>>
>>>     Is your CKAN behind basic HTTP authentication?
>>>     Is your CKAN hosted at a port other than 80?
>>>     Did you do anything special with the nginx settings at
>>>     /etc/nginx/sites-available/ckan?
>>>
>>>     Cheers,
>>>     Carl
>>>
>>>
>>>     On Mon, 5 Dec 2016 at 12:57 Antonio Jesús Sánchez Padial
>>>     <antonio.sanchez at inia.es <mailto:antonio.sanchez at inia.es>> wrote:
>>>
>>>         Hi CKAN friends,
>>>
>>>         probably this is a very basic question, but I feel I need
>>>         some guidance
>>>         at this moment.
>>>
>>>         We have installed CKAN in our private network. We can login
>>>         and it works
>>>         fine with the admin user. We have created also some
>>>         non-admin users to
>>>         play with. When we login with those users it seems to work,
>>>         but when we
>>>         navigate to any other page in the CKAN site the session is
>>>         lost (the
>>>         login and register links appear in the top bar, instead of
>>>         the user
>>>         information).
>>>
>>>         Can anyone point us where to find additional information
>>>         about what are
>>>         we doing wrong? I couldn't find anything on google, or ckan
>>>         doc, but I
>>>         feel like I'm not using the proper wording.
>>>
>>>         Thanks,
>>>
>>>         --
>>>         Antonio Jesús Sánchez Padial
>>>         Jefe del Servicio de Biometría
>>>         antonio.sanchez at inia.es <mailto:antonio.sanchez at inia.es>
>>>         Tlfno: +34 91 347 6831 <tel:+34%20913%2047%2068%2031>
>>>         INIA, Ctra.m de La Coruña, km.7
>>>         28040 Madrid
>>>
>>>         Boletín Agrobits de ciencia de datos en investigación agraria
>>>         http://agrobits.spadial.com
>>>
>>>         _______________________________________________
>>>         ckan-dev mailing list
>>>         ckan-dev at lists.okfn.org <mailto:ckan-dev at lists.okfn.org>
>>>         https://lists.okfn.org/mailman/listinfo/ckan-dev
>>>         <https://lists.okfn.org/mailman/listinfo/ckan-dev>
>>>         Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>>>         <https://lists.okfn.org/mailman/options/ckan-dev>
>>>
>>>
>>>
>>>     _______________________________________________
>>>     ckan-dev mailing list
>>>     ckan-dev at lists.okfn.org <mailto:ckan-dev at lists.okfn.org>
>>>     https://lists.okfn.org/mailman/listinfo/ckan-dev
>>>     <https://lists.okfn.org/mailman/listinfo/ckan-dev>
>>>     Unsubscribe:https://lists.okfn.org/mailman/options/ckan-dev
>>>     <https://lists.okfn.org/mailman/options/ckan-dev>
>>     -- 
>>     Antonio Jesús Sánchez Padial
>>     Jefe del Servicio de Biometría
>>     antonio.sanchez at inia.es <mailto:antonio.sanchez at inia.es>
>>     Tlfno:+34 91 347 6831 <tel:+34%20913%2047%2068%2031>
>>     INIA, Ctra.m de La Coruña, km.7
>>     28040 Madrid
>>
>>     Boletín Agrobits de ciencia de datos en investigación agraria
>>        http://agrobits.spadial.com
>>
>>     _______________________________________________
>>     ckan-dev mailing list
>>     ckan-dev at lists.okfn.org <mailto:ckan-dev at lists.okfn.org>
>>     https://lists.okfn.org/mailman/listinfo/ckan-dev
>>     <https://lists.okfn.org/mailman/listinfo/ckan-dev>
>>     Unsubscribe:https://lists.okfn.org/mailman/options/ckan-dev
>>     <https://lists.okfn.org/mailman/options/ckan-dev>
>
>     -- 
>     Antonio Jesús Sánchez Padial
>     Jefe del Servicio de Biometría
>     antonio.sanchez at inia.es <mailto:antonio.sanchez at inia.es>
>     Tlfno:+34 91 347 6831 <tel:+34%20913%2047%2068%2031>
>     INIA, Ctra.m de La Coruña, km.7
>     28040 Madrid
>
>     Boletín Agrobits de ciencia de datos en investigación agraria
>        http://agrobits.spadial.com
>
>     _______________________________________________ ckan-dev mailing
>     list ckan-dev at lists.okfn.org <mailto:ckan-dev at lists.okfn.org>
>     https://lists.okfn.org/mailman/listinfo/ckan-dev
>     <https://lists.okfn.org/mailman/listinfo/ckan-dev> Unsubscribe:
>     https://lists.okfn.org/mailman/options/ckan-dev
>     <https://lists.okfn.org/mailman/options/ckan-dev> 
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
-- 
Antonio Jesús Sánchez Padial
Jefe del Servicio de Biometría
antonio.sanchez at inia.es
Tlfno: +34 91 347 6831
INIA, Ctra.m de La Coruña, km.7
28040 Madrid

Boletín Agrobits de ciencia de datos en investigación agraria
   http://agrobits.spadial.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20170112/c088c202/attachment-0003.html>

More information about the ckan-dev mailing list