tickets #40025
closed
cookies sent by {www,news,lizards,bugzilla,forums}.o.o break freeipa.i.o.o login, paste.o.o and specific links on monitor.o.o
Added by tampakrap over 5 years ago.
Updated about 4 years ago.
Category:
Servers hosted in NBG
Description
When trying to log in to https://freeipa.infra.opensuse.org we get an error "Your session has expired. Please re-login.". The workaround is to use a private (anonymous) browser window
UPDATE: the problem has been identified, it is on MF-IT side who have been contacted already. Also, more services are known to break due to the same issue, see below
Looks like this is caused by a cookie that gets set by news.o.o:
curl -v https://news.opensuse.org/ >/dev/null
[...]
< Set-Cookie: TbBx5iTmnWSKRFA@=v18zFvAA@@H51; Domain=.opensuse.org; Path=/
If you don't read the news.o.o often enough - www.o.o and bugzilla send out similar cookies :-(
Deleting this cookie (notice the somewhat unusual name which includes an @) helps - unless you visit news.o.o or www.o.o again and get a fresh cookie.
Note that this cookie causes more damage - it also breaks paste.o.o (which is way worse than breaking freeipa) and some detail pages on monitor.o.o.
- Subject changed from logging in to https://freeipa.i.o.o fails with session expired error to cookies sent by {www,news,bugzilla}.o.o break freeipa.i.o.o login, paste.o.o and specific links on monitor.o.o
- Assignee set to cboltz
- Description updated (diff)
- Private changed from Yes to No
- Subject changed from cookies sent by {www,news,bugzilla}.o.o break freeipa.i.o.o login, paste.o.o and specific links on monitor.o.o to cookies sent by {www,news,bugzilla,forums}.o.o break freeipa.i.o.o login, paste.o.o and specific links on monitor.o.o
As I just found out, forums.o.o also sends out the evil cookie.
The earliest mention of the paste.o.o breakage I could find was on 2018-07-24. This is not too far from the planned downtime on 2018-07-13, which included infrastructure updates (new hardware?) in Provo.
- Subject changed from cookies sent by {www,news,bugzilla,forums}.o.o break freeipa.i.o.o login, paste.o.o and specific links on monitor.o.o to cookies sent by {www,news,lizards,bugzilla,forums}.o.o break freeipa.i.o.o login, paste.o.o and specific links on monitor.o.o
One more - lizards.o.o also sends the evil cookie.
Michal fixed this on paste.opensuse.org
freeipa and parts of monitor.o.o are still broken by the evil cookie, but at least they "only" affect the heroes instead of all users.
- Status changed from New to Feedback
cboltz wrote:
Michal fixed this on paste.opensuse.org
freeipa and parts of monitor.o.o are still broken by the evil cookie, but at least they "only" affect the heroes instead of all users.
At least for me, progress.opensuse.org and monitor.opensuse.org/icinga/ work in parallel tabs without problem.
Does the Problem still exist?
- Status changed from Feedback to Closed
I didn't see the problem on monitor.o.o since months, therefore I'll assume it's fixed there.
No idea about FreeIPA - it insists on having a valid referrer, therefore I always have to start a separate browser (with less restrictive config) which doesn't have any bugzilla cookies ;-)
Given that (possibly) only FreeIPA is affected (and that more serviced will be moved away from MF-IT), I'll close this ticket as "seems to work now".
Also available in: Atom
PDF