seems to behave differently. The 1st works with explicit trailing / works, the second does not.
I’m feeling this has something to do with code that deals with cookie or session logic (referred to base path is somehow changed in this part of the code in 2.24).
Issue is not with Nginx config nor Tomcat config. This has something to do with the way DHIS2 is produce wrong URL in location header.
Above Nginx config seems to ‘fix’ the problem problem though.
···
On 20 July 2016 at 11:22, Bob Jolliffe bobjolliffe@gmail.com wrote:
I have a workaround which a few folk have confirmed is working.
Please just try and add a trailing ‘/’ to the url. ie instead of going to “https://mydomain/dhis”, try “https://mydomain/dhis/”.
Steven Uggowitzer
eSHIfT Partner Network, Entuura Ventures Ltd
Tel: +41 22 366 1920
Mob: +41 79 719 4180
Skype: fendant123
LinkedIn: http://ch.linkedin.com/in/stevenuggowitzer
On 20 July 2016 at 04:38, ifeanyiokoye@yahoo.com wrote:
Hello Everyone,
We are using Tomcat as web server not nginx.
We also did not use dhis2-tools.
Thanks
From: Bob Jolliffe
Sent: Tuesday, 19 July 2016 23:33
To: Olav Poppe
Cc: DHIS Users; Steven Uggowitzer
Subject: Re: [Dhis2-users] Browser not working
What I am seeing (comparing firefox to chrome) is that chrome is ignoring the set-cookie it gets from the login.action and doesn’t use it in the redirected request.
So for example
POST /hmis/dhis-web-commons-security/login.action HTTP/1.1
Host: hmis.moh.gov.rw
Connection: keep-alive
Content-Length: 36
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Origin: https://hmis.moh.gov.rw
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://hmis.moh.gov.rw/hmis/dhis-web-commons/security/login.action;jsessionid=9AAEAFA84230F8727E1A6B77D80B2C01
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Cookie: JSESSIONID=9AAEAFA84230F8727E1A6B77D80B2C01
produces this response
HTTP/1.1 302 Found
Server: nginx/1.4.6 (Ubuntu)
Date: Tue, 19 Jul 2016 22:15:16 GMT
Content-Length: 0
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Set-Cookie: JSESSIONID=2065911121DF703529E7F9CBDB526AF6; Path=/hmis/; HttpOnly
Location: https://hmis.moh.gov.rw/hmis
(Note the set-cookie)
Now when firefox follows the redirect it includes that cookie and the user logs in successfully, but chrome produces the following response to the 302:
GET /hmis HTTP/1.1
Host: hmis.moh.gov.rw
Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36
Referer: https://hmis.moh.gov.rw/hmis/dhis-web-commons/security/login.action;jsessionid=9AAEAFA84230F8727E1A6B77D80B2C01
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
As you see chrome has ignored the Cookie. It looks very similar to an old “misbehaviour” in chrome described here : https://bugs.chromium.org/p/chromium/issues/detail?id=150066. Like there is something about the response which chrome doesn’t like and hence silently drops the cookie.
That’s all I can say for now.
On 19 July 2016 at 22:46, Bob Jolliffe bobjolliffe@gmail.com wrote:
Not really related, but those double GETs I see probably indicate that you are redirecting to http and that in turn to https. Can you check that in developer tools?
On 19 July 2016 at 22:30, Olav Poppe olav.poppe@me.com wrote:
The two servers I’m currently experiencing this with is using dhis2-tools, and I assume the one Tony wrote about earlier is using the same.
As for logs, catalina.out shows the following:
- WARN 2016-07-19 21:18:41,983 Authentication event AuthenticationSuccessEvent: olavpo; details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1; SessionId: 2FD09C6C6D9D1DEE16E8E38A8F7A38DE (LoggerListener.java [tomcat-http-9])
- WARN 2016-07-19 21:18:41,984 Authentication event SessionFixationProtectionEvent: olavpo; details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1; SessionId: 2FD09C6C6D9D1DEE16E8E38A8F7A38DE (LoggerListener.java [tomcat-http-9])
- WARN 2016-07-19 21:18:41,984 Authentication event InteractiveAuthenticationSuccessEvent: olavpo; details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1; SessionId: 2FD09C6C6D9D1DEE16E8E38A8F7A38DE (LoggerListener.java [tomcat-http-9])
- INFO 2016-07-19 21:18:41,987 ‘olavpo’ update org.hisp.dhis.user.UserCredentials, name: Olav Poppe, uid: R8ZvjXptEW2 (AuditLogUtil.java [tomcat-http-9])
And nginx access.log the following (nothing in error.log):
1.76.8.51 - - [19/Jul/2016:21:28:02 +0000] “GET /dhis/dhis-web-commons-stream/ping.action?_=1468963693718 HTTP/1.1” 200 34 “https://XXX/dhis/dhis-web-dataentry/index.action” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.8 Safari/537.36”
212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] “POST /staging/dhis-web-commons-security/login.action HTTP/1.1” 302 0 “https://XXX/staging/dhis-web-commons/security/login.action” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36”
212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] “GET /staging HTTP/1.1” 301 193 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36”
212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] “GET /staging HTTP/1.1” 302 0 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36”
212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] “GET /staging/dhis-web-commons/security/login.action HTTP/1.1” 301 193 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36”
212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] “GET /staging/dhis-web-commons/security/login.action HTTP/1.1” 200 1439 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36”
212.60.79.122 - - [19/Jul/2016:21:28:26 +0000] “GET /staging/api/staticContent/logo_front HTTP/1.1” 302 0 “https://XXX/staging/dhis-web-commons/security/login.action” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36”
41.76.8.51 - - [19/Jul/2016:21:28:33 +0000] “GET /dhis/dhis-web-commons-stream/ping.action?_=1468963724720 HTTP/1.1” 200 34 “https://XXX/dhis/dhis-web-dataentry/index.action” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.8 Safari/537.36”
And I can also add that I have the same issue with Chrome Canary.
Olav
- jul. 2016 kl. 20.27 skrev Steven Uggowitzer whotopia@gmail.com:
Jason, what aspects of the Nginx config?
I have at least a dozen sites running with same parameters (using include blocks) and only the ones with 2.24 seem to be having this issue.
Would it help to post those parameters? What did you conclude was causing the problem when you last encountered it?
S
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp
Steven Uggowitzer
eSHIfT Partner Network, Entuura Ventures Ltd
Tel: +41 22 366 1920
Mob: +41 79 719 4180
Skype: fendant123
LinkedIn: http://ch.linkedin.com/in/stevenuggowitzer
On 19 July 2016 at 19:17, Jason Pickering jason.p.pickering@gmail.com wrote:
I have seen this before as well, but never like it has been described here. In my case, it was related to an incorrect nginx config.
Is there something common here? Are all of you using dhis-tools, or homebaked nginx configurations?
Does the browser/Tomcat/nginx log provide any useful information?
Do you observe the same thing if you attempt to hit DHIS2 directly without going through the reverse proxy?
Regards,
Jason
On Tue, Jul 19, 2016 at 6:45 PM, Steven Uggowitzer whotopia@gmail.com wrote:
It’s for Chrome and Safari here.
One interesting symptom: when logging in with correct username and password the resulting URL includes jsessionid, but bounces back to the login screen, versus incorrect authentication parameters result in “Wrong username or password”. See attached screen shot for comparison:
<Screen Shot 2016-07-19 at 18.43.18.png>
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp
–
Jason P. Pickering
email: jason.p.pickering@gmail.com
tel:+46764147049
Steven Uggowitzer
eSHIfT Partner Network, Entuura Ventures Ltd
Tel: +41 22 366 1920
Mob: +41 79 719 4180
Skype: fendant123
LinkedIn: http://ch.linkedin.com/in/stevenuggowitzer
On 19 July 2016 at 18:04, Bob Jolliffe bobjolliffe@gmail.com wrote:
Is this only in chrome?
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp
On 19 July 2016 at 17:01, Olav Poppe olav.poppe@me.com wrote:
I can confirm that I now see the same issue in non-2.22 as well. Very strange behavior - I can at times log in, but is then logged off when navigation between different modules.
- jul. 2016 kl. 15.28 skrev Olav Poppe olav.poppe@me.com:
Forwarding to user list. Not 2.24 issue then it seems.
Olav
Videresendt melding:
Fra: ifeanyiokoye@yahoo.com
Emne: Re: [Dhis2-users] Browser not working
Dato: 19. juli 2016 kl. 15.19.34 GMT
Til: Olav Poppe olav.poppe@me.com
Just to add that I’m using version 2.22 build 22086
From: Olav Poppe
Sent: Tuesday, 19 July 2016 16:08
To: ifeanyiokoye@yahoo.com
Cc: Bob Jolliffe; Ntawuyirusha Emmanuel; DHIS Users
Subject: Re: [Dhis2-users] Browser not working
Hi, I can add that I have the same problem on two different servers: logging in with Chrome (or Safari) does not work, Firefox works fine. Instances are both 2.24 build. Nginx 1.4.6 are running on both servers. Both servers have other non-2.24 instances that does not have the same problem.
To add to the problem, the DHIS 2 top menu does not work in Firefox, e.g. nothing works…Not sure if that’s a general problem or not. Again, menu works in non-24 instances.
Regards
Olav
- jul. 2016 kl. 14.41 skrev ifeanyiokoye@yahoo.com:
Dear Bob,
I am having this same issue to with Chrome. After entering the log in credentials, it opens a page with API data and does not log in. If I am lucky and have a data entry page open, then I can log in at the prompt and that works.
Our instance is set to load the dashboard as the opening page.
Have to keep struggling with it till it eventually logs in.
Thanks
Original Message
From: Bob Jolliffe
Sent: Tuesday, 19 July 2016 14:58
To: Ntawuyirusha Emmanuel
Cc: dhis2-users
Subject: Re: [Dhis2-users] Browser not working
Hi Emmanuel
I am following up on a separate thread. I’ll copy you into that.
I see it is a problem, seemingly related to chrome mishandling the
JSESSIONID cookie so even though the credentials are tested and dhis2
logs a successful authentication, the browser cookie doesn’t match the
session id in dhis and so you don’t get in. I am really not sure why
What I also don’t know is what might have changed to cause this to
happen. I am assuming you didn’t just wake up one morning and this
started to happen. There has been some change to nginx configuration
or dhis2 upgrade or something similar.
On 19 July 2016 at 14:40, Ntawuyirusha Emmanuel ntawemma@gmail.com wrote:
i tried to uninstall and reinstall it again but the issue is still
remaining, Note that this is happening to all users using Goggle Chrome as
most of them are familiar with it.
Regards
On Mon, Jul 18, 2016 at 7:49 PM, Knut Staring knutst@gmail.com wrote:
Maybe try to reinstall Chrome.
Knut
On Tuesday, July 19, 2016, Ntawuyirusha Emmanuel ntawemma@gmail.com
wrote:
Thank you Bob,
I tried to use New Incognito windows and Clear browsing data but the
issue is remaining for Google Chrome , actually when we restart the server
the username and password work only once and then after the problem persist.
we are still waiting for your support.
Regards
On Mon, Jul 18, 2016 at 12:42 PM, Bob Jolliffe bobjolliffe@gmail.com
wrote:
oops, forgot users …
---------- Forwarded message ----------
From: Bob Jolliffe bobjolliffe@gmail.com
Date: 18 July 2016 at 11:40
Subject: Re: [Dhis2-users] Browser not working
To: Emmanuel Ntawuyirusha ntawemma@gmail.com
Hi Emmanuel
If it works with firefox then it is really likely to be a chrome cache
issue. Try and login with chrome incognito mode. If that works then
you can be reasonably sure.
If so, then try …
https://www.dhis2.org/tutorials/how-to-really-clear-browser-cache
Bob
On 18 July 2016 at 11:08, Emmanuel Ntawuyirusha ntawemma@gmail.com
wrote:
Deal all, we are facing the issue of using Google Chrome, when using
username and password there is a message saying wrong username and
password.
But it is working well with Mozilla Firefox. We tried to clean cash
but
nothing improved
Does any one know what to do to fix this problem.
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp
–
Mr. Emmanuel NTAWUYIRUSHA
HMIS/MOH
Telephone: +250 788408772
Email: ntawemma@gmail.com
“Do Good. Do It Well.”
–
Knut Staring
Dept. of Informatics, University of Oslo
Norway: +4791880522
Skype: knutstar
http://dhis2.org
–
Mr. Emmanuel NTAWUYIRUSHA
HMIS/MOH
Telephone: +250 788408772
Email: ntawemma@gmail.com
“Do Good. Do It Well.”
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp
Mailing list: https://launchpad.net/~dhis2-users
Post to : dhis2-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-users
More help : https://help.launchpad.net/ListHelp
