Re: [xwiki-users] Login cookie validation hash mismatch! Cookies have been tampered with

Clemens Klein-Robbenhaar <mailto:c.robbenhaar@espresto.com> 9 March 2016 at 14:29 The code where this happens is in: https://github.com/xwiki/xwiki-platform/blob/master/xwiki-platform-core/xwi… I have to admit that I do not know much about that corner of XWiki code some random pointers: There is some hint that switching IP's might cause the problem, as in: http://jira.xwiki.org/browse/XWIKI-2463 so maybe setting: xwiki.authentication.useip=false in WEB-INF/xwiki.cfg could help. Then, you can set xwiki.authentication.protection=none which should make the problem go away, but of course at the cost that the authenticator does not check the cookie is encrypted with the given key in xwiki.cfg. Aside of that I remember having a similar problem some time ago after changing the xwiki.authentication.validationKey / xwiki.authentication.encryptionKey in xwiki.cfg; but that vanished after clearing *all* cookies in the browser once. As I understood your users have already done this, so it is probably not related to this problem. ----- Ursprüngliche Nachricht ----- Von: Tobias Kirchhofer Am: Wednesday, 09.03.2016, 13:40 An: Xwiki Users Betreff: Re: [xwiki-users] Login cookie validation hash mismatch! Cookies have been tampered with _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users Tobias Kirchhofer <mailto:tobias@kirchhofer.net> 9 March 2016 at 13:40 This is the message which appears after 30 minutes: <http://xwiki.475771.n2.nabble.com/file/n7598389/screenshot_53.png> "You do not have permission to view the document or to perform that action." The we have to actively logout and close the browser window. By opening a new window and navigating to the wiki we can login again. Our developers say this is most likely a bug in the application. How can we debug this one? -- View this message in context: http://xwiki.475771.n2.nabble.com/Login-cookie-validation-hash-mismatch-Coo… Sent from the XWiki- Users mailing list archive at Nabble.com. _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users Tobias Kirchhofer <mailto:tobias@kirchhofer.net> 3 March 2016 at 12:48 We set up a new Box with a fresh install of a 7.4.1 version. While configuring and testing (permissions) everything all was perfect and clean. Then we migrated the pages from the old wiki (also 7.4.1 - we wanted a fresh install) - precisely only content pages, nothing else. Then we switched the IP for the old domain and all of our LDAP user populated the new wiki, one by one. Since the fresh start all users experience the trouble that after the end of the tomcat session (30 minutes) a re-login is required. After re-login a XWiki message appears "you do not have the appropriate rights" (or similar). Deletion of the cookie ~or closing the browser window and login again reestablishes normal functions until the tomcat session is over again. catalina.out: 2016-03-03 11:55:26,813 [https://wiki.sub.domain/xwiki/bin/view/Main/] WARN u.i.x.MyPersistentLoginManager - Login cookie validation hash mismatch! Cookies have been tampered with Research in this forum did bring up discussions about the mess from 2010 and bevor without any valuable pointers. We updated to 7.4.2 without any change for the situation. The site ist secure with a nginx proxy. Any ideas? -- View this message in context: http://xwiki.475771.n2.nabble.com/Login-cookie-validation-hash-mismatch-Coo… Sent from the XWiki- Users mailing list archive at Nabble.com. _______________________________________________ users mailing list users(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/users