New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot login after update from 3.5.1 to 3.6.1 #13678
Comments
Sorry I'm not quite understanding where the problem is. You log in, but nothing happens? From which version did you update? |
I login and I get the redirection after a successful login, but it's the
login page which is displayed again. I did debug the code a bit, it looks
like the session cookie is created but after the redirection, it has
disappeared.
Le mer. 7 nov. 2018 à 18:20, Thomas Steur <notifications@github.com> a
écrit :
… Sorry I'm not quite understanding where the problem is. You log in, but
nothing happens?
From which version did you update?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#13678 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AACyrBi_bywYwM9cwPCNFd44QtYZYWuOks5usxZxgaJpZM4YSlDg>
.
|
Is the proxy maybe configured to forward the previous cookie name but not the new cookie name (I think the cookie name changed but not sure) |
Just a guess: Did you update to Firefox 63 at the same time the problem started appearing? |
The proxy is configured to forward everything, it might have an issue though. I'm testing with various browsers without privacy extensions turned on. After a successfull login,
So I guess the I was wrong, the cookie is correctly sent by the browser. |
I tried to debug more, but I think it's related to #12208 and I'm giving up. This new secure session stuff feels a bit too complicated to me. I understand it's good security practice to fail without error messages, but it's frustrating. I have no idea where the problem is and the code base is too complex to debug for external people. I'm available if you need more information. |
Well, my bad. The cookie was set correctly but the session fingerprint wasn't initialised because the Login plugin wasn't updated to 3.6.1. I updated the plugin and now it works. It also explain the lack of error messages, it was a weird configuration (3.6.1 core and 3.5.1 login plugin). Cheers. |
Cheers for letting us know |
Hi Guys, Sadly, I am running into the same problem. Last week I had this exact same problem with 3.6.3 running on a kubernetes cluster using a copy of the docker images provides in the matomo-docker repository. I am storing the sessions in Redis, the PIWIK session shows up in redis and is the same ID as the one in my cookie. Still I am getting redirected to the login page after succesful login. Is there a way to figure out what versions of plugins I am using without access to the admin panel? |
A correct login/password redirects to the login page with a
302
HTTP code. No errors and no login.The installation is a bit special, using AWS ECS (I know) and an AWS load balancer as HTTPS reverse proxy. The proxy does not support
X-Forwarded-Host
headers or similar, but it used to work.The text was updated successfully, but these errors were encountered: