Trouble with SSL + Login Redirection URI

Author Message

Pascal France

Thursday 20 December 2007 5:14:40 pm

Hi,

I've set login redirection for private accesses on my site.
I didn't defined specific siteaccess for the users who access these private parts.
To achieve redirection I set these lines in the site.ini.append.php file of my public siteaccess:

[UserSettings]
RegistrationEmail=
LogoutRedirect=/
LoginRedirectionUriAttribute[group]=redirection_uri

Then I've added a Text line datatype (ID = redirection_uri) to the user_group class.
At the end, I filled in the "Redirection URI" field of my User Groups.
And all the redirections work perfectely.

But since I've set the SSl zones, I've some redirection troubles.
In settings/override/site.ini.append.php I've added:

[SiteSettings]
DefaultAccess=xxxx
SiteList[]=xxx
SSLPort=443

[SSLZoneSettings]
SSLZones=enabled
ModuleViewAccessMode[user/login]=ssl
ModuleViewAccessMode[content/*]=keep

And here is the entire part of the ezp+ssl configuration of my apache2.conf:

SSLProtocol +TLSv1 +SSLv3
SSLCACertificateFile "/usr/lib/ssl/AC_cfdt/private/AC_cfdt.crt"
SSLCertificateFile "/usr/lib/ssl/AC_cfdt/certs/server_signed.pem"
SSLCertificateKeyFile "/usr/lib/ssl/AC_cfdt/private/server_tls.pem"

<VirtualHost 88.191.30.14:443>

    ServerName "www.mysite.fr"
    DocumentRoot /usr/local/www
    SSLEngine On
    DirectoryIndex index.php index.html

<Directory /usr/local/www>
    Options -Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
</Directory>

<IfModule mod_php4.c>
    php_admin_flag safe_mode Off
    php_admin_value register_globals    0
    php_value magic_quotes_gpc  0
    php_value magic_quotes_runtime  0
    php_value allow_call_time_pass_reference 0
</IfModule>

<IfModule mod_rewrite.c>
    RewriteEngine On
    Rewriterule ^/var/storage/.* - [L]
    Rewriterule ^/var/[^/]+/storage/.* - [L]
    RewriteRule ^/var/cache/texttoimage/.* - [L]
    RewriteRule ^/var/[^/]+/cache/texttoimage/.* - [L]
    Rewriterule ^/design/[^/]+/(stylesheets|images|javascript)/.* - [L]
    Rewriterule ^/share/icons/.* - [L]
    Rewriterule ^/extension/[^/]+/design/[^/]+/(stylesheets|images|javascripts?)/.* - [L]
    Rewriterule ^/packages/styles/.+/(stylesheets|images|javascript)/[^/]+/.* - [L]
    RewriteRule ^/packages/styles/.+/thumbnail/.* - [L]
    RewriteRule ^/favicon.ico - [L]
    RewriteRule ^/robots.txt - [L]

    RewriteRule ^/phpMyAdmin_21122 - [L]
    RewriteRule ^/repTemporaire - [L]
    RewriteRule ^/* /index.php
</IfModule>

</VirtualHost>


NameVirtualHost 88.191.30.14:80
<VirtualHost 88.191.30.14:80>
        ServerAdmin webmaster@localhost

        DocumentRoot /usr/local/www
        DirectoryIndex maintenance.txt index.php index.html.fr index.html.en index.html
        <Directory /usr/local/www>
                Options -Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        <IfModule mod_php4.c>
                php_admin_flag safe_mode Off
                php_admin_value register_globals    0
                php_value magic_quotes_gpc  0
                php_value magic_quotes_runtime  0
                php_value allow_call_time_pass_reference 0
        </IfModule>

        <IfModule mod_rewrite.c>
                RewriteEngine On
                Rewriterule ^/var/storage/.* - [L]
                Rewriterule ^/var/[^/]+/storage/.* - [L]
                RewriteRule ^/var/cache/texttoimage/.* - [L]
                RewriteRule ^/var/[^/]+/cache/texttoimage/.* - [L]
                Rewriterule ^/design/[^/]+/(stylesheets|images|javascript)/.* - [L]
                Rewriterule ^/share/icons/.* - [L]
                Rewriterule ^/extension/[^/]+/design/[^/]+/(stylesheets|images|javascripts?)/.* - [L]
                Rewriterule ^/packages/styles/.+/(stylesheets|images|javascript)/[^/]+/.* - [L]
                RewriteRule ^/packages/styles/.+/thumbnail/.* - [L]
                RewriteRule ^/favicon.ico - [L]
                RewriteRule ^/robots.txt - [L]

                RewriteRule ^/phpMyAdmin_21122 - [L]
                RewriteRule ^/repTemporaire - [L]
                RewriteRule ^/* /index.php
        </IfModule>
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature Off
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
    <Directory "/usr/local/www/phpMyAdmin_21122">
        Redirect / https://www.musite.fr/
    </Directory>
</VirtualHost>

The first trouble I've met is the https URI of the user login page which contains 2 consecutive slashes:

https://www.mysite.fr//user/login

I can't remove the second slash and I can't understand where does it come from.
The second problem is the content of the redirection page (the home page displayed once the user is logged in) which correspond no more with the page I set in the User Group. The URI of this page is the right one but contains 2 consecutive slashes too. Removing one has no effect after I reload the page.
In fact, it seems the user is not "really" (??) logged in: I mean the name of the user and the "Disconnect" link are no more displayed whereas they where without SSL and, moreover, the Homepage link has a very strange behavior:
- the first time I click on, I get about the half of the things the user should see
- and I have to click on it a second time to see the entire well page (with user name, "Disconnect" link, the right menus, and so on...)

However, with SSL I've absolutely no problem with the admin interface redirection page of the editors. Maybe this is due to I've created one siteaccess per editor and I don't use LoginRedirectionUriAttribute[group] for them...

Any help is wellcome

Pascal

Ce qui embellit le désert c'est qu'il cache un puits... quelque part... (A. de Saint-Exupéry) - http://luxpopuli.fr/eZ-Publish

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.