I have installed WebIssues Server 0.8.4 on my site, installed WebIssues Client 0.9.4 on my pc.
When I try to login, client said "300 login required".
There was hothing about this issue on forums, only that node but problem was not solved there.
I used Wireshark to find out what happend.
First, client sent to serverHELLO
Server anweredSERVER 'WIServer' '4d3c9063-bcfc-436a-9261-fe2469cb6d3d'
and set up two(!) cookies.
Set-Cookie: WebIssuesSID=76cec8458dc38e896a5e6e476db94c17; path=/
Set-Cookie: Apache=xx.xx.xx.xx.398971238761915918; path=/; expires=Sat, 03-Apr-10 12:31:55 GMT
(i replaced ip to xx.xx.xx.xx)
That's ok.
In next step client send login request to serverLOGIN 'admin' 'admin'
And send cookie, but only one of two that was reseivedCookie: WebIssuesSID=76cec8458dc38e896a5e6e476db94c17; path=/
That's not good, because server didn't found apache cookie and with answerUSER 1 2
returned new apache cookie (it's impossible on my hosting to config apache not to open that session)Set-Cookie: Apache=xx.xx.xx.xx.40732123876191642; path=/; expires=Sat, 03-Apr-10 12:31:56 GMT
Next, client send requestLIST FEATURES
but with last reseived cookie onlyCookie: Apache=xx.xx.xx.xx.40732123876191642; path=/; expires=Sat, 03-Apr-10 12:31:56 GMT
So we have no WebIssues php session that we are logged in. And so we get err 300 incorrect login.
Problem in than server sent two cookies instead of one (as supposed), and client incorrectly send them back to server (only first of them).
Once again. We get
Set-Cookie: WebIssuesSID=76cec8458dc38e896a5e6e476db94c17; path=/
Set-Cookie: Apache=xx.xx.xx.xx.398971238761915918; path=/; expires=Sat, 03-Apr-10 12:31:55 GMT
And returnCookie: WebIssuesSID=76cec8458dc38e896a5e6e476db94c17; path=/
Within something like this:Cookie: WebIssuesSID=76cec8458dc38e896a5e6e476db94c17; Apache=xx.xx.xx.xx.398971238761915918
That is because function handleCommandResponse() in scr/commands/commandmanager.cpp incorrectly parses the "Set-Cookie" fields in response.
So, we need to get sessions from all "Set-Cookie" fields in response. For example, we can get all strings with allValues, truncate all text after first semicolon (with semicolon) (if it present) and join strings with "; ".
(session always plased before first ";", does it?)
Here is the way to fix it (placed on line 338 in scr/commands/commandmanager.cpp):
// Comment next three lines.
// QString cookie = response.value( "Set-Cookie" );
// if ( !cookie.isEmpty() )
// m_cookie = cookie;
// Place that right after old commented code
QStringList cookies = response.allValues( "Set-Cookie" );
if ( !cookies.isEmpty() ) {
int index_of_semicolon;
for ( int i = 0; i < cookies.size(); i++ ) {
if ( (index_of_semicolon = cookies[i].indexOf( ";" )) != -1 ) {
cookies[i].truncate( index_of_semicolon );
}
}
m_cookie = cookies.join( "; " );
}We will get correct cookie string to send to server and clien will work correctly.
I've had never work with QT, so I don't know how to do it with the best way. Anyway that need to be tested.
I hope that was good idea to post that solution and you're wouldn't be angry with me.
Sorry for my poor english.
Regards,
Anton Vasiliev.
- Log in to post comments
You're right, the code handling cookies in the client is not correct. It works as long as there is only one cookie so I never fixed it. Thanks for analyzing the problem and for sending the patch. I will fix this in the next version.
Regards,
Michał
I'm glad that I could help.
Thank you for great project. =)