-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Debian Squeeze on Linux qa01 2.6.26-2-vserver-amd64 #1 SMP Tue Jan 25 06:09:17 UTC 2011 x86_64 GNU/Linux
Mac OS X 10.7.3 x86_64
FC13, Tomcat 6, Jenkins 1.480.2
When clicking the "Remember me on this computer" during login, after some time the user is logged out.
I'm using Active Directory as Security Realm.
Example protocol:
I logged in at 09:19 and checked the "Remember me on this computer" checkbox.
At 10:10 I freshly opened the jenkins front page again and I was logged it.
At 11:38 again, and I found myself logged out.
All tests were conducted with Firefox 4, accepting cookies and such.
This is reproducible on an installation via Debian package. At the time of writing the version number is 1.405
- is duplicated by
-
-
- Closed
-
- is related to
-
-
- Resolved
-
[JENKINS-9258] "Remember me" doesn't work with Active Directory plugin
mfn
created issue -
Simon Wiest
added a comment - Are you running several Hudson instances on the same server, but on different ports (e.g. myserver:8080, myserver:8081, myserver:8082)?
The browser cookies that are used to track your successful login unfortunately only store the server name of the URL (e.g. myserver), but not the port (e.g. 8080, 8081, 8082). Thus, if you log into the Hudson instance of server myserver:8080 and then into myserver:8081, the browser cookie for 'myserver' will now track your session on myserver:8081. This essentially logs you out of myserver:8080.
Simon Wiest
added a comment - Are you running several Hudson instances on the same server, but on different ports (e.g. myserver:8080, myserver:8081, myserver:8082)?
The browser cookies that are used to track your successful login unfortunately only store the server name of the URL (e.g. myserver), but not the port (e.g. 8080, 8081, 8082). Thus, if you log into the Hudson instance of server myserver:8080 and then into myserver:8081, the browser cookie for 'myserver' will now track your session on myserver:8081. This essentially logs you out of myserver:8080.
mfn
added a comment - In my case, no, I'm only running on instance at one port on a given hostname.
More specific, I'm running the Debian package on port 8081 but accessing it via apache on port 80 with mod_proxy, my virtualhost looks like this:
<VirtualHost *:80>
ServerName jenkins.qa01
ServerAlias jenkins.qa01
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost on
ProxyPass / http://localhost:8081/ retry=1
</VirtualHost>
mfn
added a comment - In my case, no, I'm only running on instance at one port on a given hostname.
More specific, I'm running the Debian package on port 8081 but accessing it via apache on port 80 with mod_proxy, my virtualhost looks like this:
<VirtualHost *:80>
ServerName jenkins.qa01
ServerAlias jenkins.qa01
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost on
ProxyPass / http://localhost:8081/ retry=1
</VirtualHost>
Peter McLaren
made changes -
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Peter McLaren
made changes -
| Status | Original: In Progress [ 3 ] | New: Open [ 1 ] |
| Link |
New:
This issue is duplicated by |
Firecookie (with Firebug) reports that the Expires date for ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE is invalid.
Date: Mon, 03 Sep 2012 12:45:56 GMT
Set-Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=****; Expires=Mon, 17-Sep-12 12:45:56 GMT; Path=/
Note that the Expires date has hyphens in, which (unlike the Date header) is not valid according to RFC 822.
Nick Parrish
added a comment - We see this a lot at our company, too. We are using Jenkins 1.458 and use the Active Directory plugin for authentication.
We have seen it with clients on various OS / browsers.
I, too, looked at the cookies on my machine with firecookie, and the "Expires" value for ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE seems valid (it expires a couple weeks from now).
We run Jenkins on port 8080, but forward port 80 to 8080 using iptables, but no client uses 8080 (that I know of).
Nick Parrish
added a comment - We see this a lot at our company, too. We are using Jenkins 1.458 and use the Active Directory plugin for authentication.
We have seen it with clients on various OS / browsers.
I, too, looked at the cookies on my machine with firecookie, and the "Expires" value for ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE seems valid (it expires a couple weeks from now).
We run Jenkins on port 8080, but forward port 80 to 8080 using iptables, but no client uses 8080 (that I know of). We run our instance as a simple setup on a ubuntu 10.04 machine. Runs on port 8080 but forwarded from port 80. There is only one url that we use including the port (default, since we use 80 in practice).
Apparently the trick would be to update web.xml to include this right after the description (or later):
<session-config>
<session-timeout>1440</session-timeout>
</session-config>
This would tell WinStone (or Tomcat) to have a session expiration of 24h (24*60=1440). The problem is that it would require to extract jenkins.war, patch web.xml and re-zip jenkins.war. Not very automated to get the autoupdates.
ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE is set when 'Remember Me' is checked, it seems valid and expire after 2 weeks.
I also get this issue, using as a windows service