Trouble with SSL + Login Redirection URI

Next topic

Author	Message
Pascal France	Thursday 20 December 2007 5:14:40 pm Hi, I've set login redirection for private accesses on my site. I didn't defined specific siteaccess for the users who access these private parts. To achieve redirection I set these lines in the site.ini.append.php file of my public siteaccess: [UserSettings] RegistrationEmail= LogoutRedirect=/ LoginRedirectionUriAttribute[group]=redirection_uri Then I've added a Text line datatype (ID = redirection_uri) to the user_group class. At the end, I filled in the "Redirection URI" field of my User Groups. And all the redirections work perfectely. But since I've set the SSl zones, I've some redirection troubles. In settings/override/site.ini.append.php I've added: [SiteSettings] DefaultAccess=xxxx SiteList[]=xxx SSLPort=443 [SSLZoneSettings] SSLZones=enabled ModuleViewAccessMode[user/login]=ssl ModuleViewAccessMode[content/]=keep And here is the entire part of the ezp+ssl configuration of my apache2.conf: SSLProtocol +TLSv1 +SSLv3 SSLCACertificateFile "/usr/lib/ssl/AC_cfdt/private/AC_cfdt.crt" SSLCertificateFile "/usr/lib/ssl/AC_cfdt/certs/server_signed.pem" SSLCertificateKeyFile "/usr/lib/ssl/AC_cfdt/private/server_tls.pem" <VirtualHost 88.191.30.14:443> ServerName "www.mysite.fr" DocumentRoot /usr/local/www SSLEngine On DirectoryIndex index.php index.html <Directory /usr/local/www> Options -Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> <IfModule mod_php4.c> php_admin_flag safe_mode Off php_admin_value register_globals 0 php_value magic_quotes_gpc 0 php_value magic_quotes_runtime 0 php_value allow_call_time_pass_reference 0 </IfModule> <IfModule mod_rewrite.c> RewriteEngine On Rewriterule ^/var/storage/. - [L] Rewriterule ^/var/[^/]+/storage/.* - [L] RewriteRule ^/var/cache/texttoimage/.* - [L] RewriteRule ^/var/[^/]+/cache/texttoimage/.* - [L] Rewriterule ^/design/[^/]+/(stylesheets\|images\|javascript)/.* - [L] Rewriterule ^/share/icons/.* - [L] Rewriterule ^/extension/[^/]+/design/[^/]+/(stylesheets\|images\|javascripts?)/.* - [L] Rewriterule ^/packages/styles/.+/(stylesheets\|images\|javascript)/[^/]+/.* - [L] RewriteRule ^/packages/styles/.+/thumbnail/.* - [L] RewriteRule ^/favicon.ico - [L] RewriteRule ^/robots.txt - [L] RewriteRule ^/phpMyAdmin_21122 - [L] RewriteRule ^/repTemporaire - [L] RewriteRule ^/* /index.php </IfModule> </VirtualHost> NameVirtualHost 88.191.30.14:80 <VirtualHost 88.191.30.14:80> ServerAdmin webmaster@localhost DocumentRoot /usr/local/www DirectoryIndex maintenance.txt index.php index.html.fr index.html.en index.html <Directory /usr/local/www> Options -Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> <IfModule mod_php4.c> php_admin_flag safe_mode Off php_admin_value register_globals 0 php_value magic_quotes_gpc 0 php_value magic_quotes_runtime 0 php_value allow_call_time_pass_reference 0 </IfModule> <IfModule mod_rewrite.c> RewriteEngine On Rewriterule ^/var/storage/.* - [L] Rewriterule ^/var/[^/]+/storage/.* - [L] RewriteRule ^/var/cache/texttoimage/.* - [L] RewriteRule ^/var/[^/]+/cache/texttoimage/.* - [L] Rewriterule ^/design/[^/]+/(stylesheets\|images\|javascript)/.* - [L] Rewriterule ^/share/icons/.* - [L] Rewriterule ^/extension/[^/]+/design/[^/]+/(stylesheets\|images\|javascripts?)/.* - [L] Rewriterule ^/packages/styles/.+/(stylesheets\|images\|javascript)/[^/]+/.* - [L] RewriteRule ^/packages/styles/.+/thumbnail/.* - [L] RewriteRule ^/favicon.ico - [L] RewriteRule ^/robots.txt - [L] RewriteRule ^/phpMyAdmin_21122 - [L] RewriteRule ^/repTemporaire - [L] RewriteRule ^/* /index.php </IfModule> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature Off Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> <Directory "/usr/local/www/phpMyAdmin_21122"> Redirect / https://www.musite.fr/ </Directory> </VirtualHost> The first trouble I've met is the https URI of the user login page which contains 2 consecutive slashes: https://www.mysite.fr//user/login I can't remove the second slash and I can't understand where does it come from. The second problem is the content of the redirection page (the home page displayed once the user is logged in) which correspond no more with the page I set in the User Group. The URI of this page is the right one but contains 2 consecutive slashes too. Removing one has no effect after I reload the page. In fact, it seems the user is not "really" (??) logged in: I mean the name of the user and the "Disconnect" link are no more displayed whereas they where without SSL and, moreover, the Homepage link has a very strange behavior: - the first time I click on, I get about the half of the things the user should see - and I have to click on it a second time to see the entire well page (with user name, "Disconnect" link, the right menus, and so on...) However, with SSL I've absolutely no problem with the admin interface redirection page of the editors. Maybe this is due to I've created one siteaccess per editor and I don't use LoginRedirectionUriAttribute[group] for them... Any help is wellcome Pascal Ce qui embellit le désert c'est qu'il cache un puits... quelque part... (A. de Saint-Exupéry) - http://luxpopuli.fr/eZ-Publish

Author

Message

Thursday 20 December 2007 5:14:40 pm

Hi,

I've set login redirection for private accesses on my site.
I didn't defined specific siteaccess for the users who access these private parts.
To achieve redirection I set these lines in the site.ini.append.php file of my public siteaccess:

[UserSettings]
RegistrationEmail=
LogoutRedirect=/
LoginRedirectionUriAttribute[group]=redirection_uri

Then I've added a Text line datatype (ID = redirection_uri) to the user_group class.
At the end, I filled in the "Redirection URI" field of my User Groups.
And all the redirections work perfectely.

But since I've set the SSl zones, I've some redirection troubles.
In settings/override/site.ini.append.php I've added:

[SiteSettings]
DefaultAccess=xxxx
SiteList[]=xxx
SSLPort=443

[SSLZoneSettings]
SSLZones=enabled
ModuleViewAccessMode[user/login]=ssl
ModuleViewAccessMode[content/*]=keep

And here is the entire part of the ezp+ssl configuration of my apache2.conf:

SSLProtocol +TLSv1 +SSLv3
SSLCACertificateFile "/usr/lib/ssl/AC_cfdt/private/AC_cfdt.crt"
SSLCertificateFile "/usr/lib/ssl/AC_cfdt/certs/server_signed.pem"
SSLCertificateKeyFile "/usr/lib/ssl/AC_cfdt/private/server_tls.pem"

<VirtualHost 88.191.30.14:443>

    ServerName "www.mysite.fr"
    DocumentRoot /usr/local/www
    SSLEngine On
    DirectoryIndex index.php index.html

<Directory /usr/local/www>
    Options -Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
</Directory>

<IfModule mod_php4.c>
    php_admin_flag safe_mode Off
    php_admin_value register_globals    0
    php_value magic_quotes_gpc  0
    php_value magic_quotes_runtime  0
    php_value allow_call_time_pass_reference 0
</IfModule>

<IfModule mod_rewrite.c>
    RewriteEngine On
    Rewriterule ^/var/storage/.* - [L]
    Rewriterule ^/var/[^/]+/storage/.* - [L]
    RewriteRule ^/var/cache/texttoimage/.* - [L]
    RewriteRule ^/var/[^/]+/cache/texttoimage/.* - [L]
    Rewriterule ^/design/[^/]+/(stylesheets|images|javascript)/.* - [L]
    Rewriterule ^/share/icons/.* - [L]
    Rewriterule ^/extension/[^/]+/design/[^/]+/(stylesheets|images|javascripts?)/.* - [L]
    Rewriterule ^/packages/styles/.+/(stylesheets|images|javascript)/[^/]+/.* - [L]
    RewriteRule ^/packages/styles/.+/thumbnail/.* - [L]
    RewriteRule ^/favicon.ico - [L]
    RewriteRule ^/robots.txt - [L]

    RewriteRule ^/phpMyAdmin_21122 - [L]
    RewriteRule ^/repTemporaire - [L]
    RewriteRule ^/* /index.php
</IfModule>

</VirtualHost>


NameVirtualHost 88.191.30.14:80
<VirtualHost 88.191.30.14:80>
        ServerAdmin webmaster@localhost

        DocumentRoot /usr/local/www
        DirectoryIndex maintenance.txt index.php index.html.fr index.html.en index.html
        <Directory /usr/local/www>
                Options -Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        <IfModule mod_php4.c>
                php_admin_flag safe_mode Off
                php_admin_value register_globals    0
                php_value magic_quotes_gpc  0
                php_value magic_quotes_runtime  0
                php_value allow_call_time_pass_reference 0
        </IfModule>

        <IfModule mod_rewrite.c>
                RewriteEngine On
                Rewriterule ^/var/storage/.* - [L]
                Rewriterule ^/var/[^/]+/storage/.* - [L]
                RewriteRule ^/var/cache/texttoimage/.* - [L]
                RewriteRule ^/var/[^/]+/cache/texttoimage/.* - [L]
                Rewriterule ^/design/[^/]+/(stylesheets|images|javascript)/.* - [L]
                Rewriterule ^/share/icons/.* - [L]
                Rewriterule ^/extension/[^/]+/design/[^/]+/(stylesheets|images|javascripts?)/.* - [L]
                Rewriterule ^/packages/styles/.+/(stylesheets|images|javascript)/[^/]+/.* - [L]
                RewriteRule ^/packages/styles/.+/thumbnail/.* - [L]
                RewriteRule ^/favicon.ico - [L]
                RewriteRule ^/robots.txt - [L]

                RewriteRule ^/phpMyAdmin_21122 - [L]
                RewriteRule ^/repTemporaire - [L]
                RewriteRule ^/* /index.php
        </IfModule>
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature Off
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
    <Directory "/usr/local/www/phpMyAdmin_21122">
        Redirect / https://www.musite.fr/
    </Directory>
</VirtualHost>

The first trouble I've met is the https URI of the user login page which contains 2 consecutive slashes:

https://www.mysite.fr//user/login

I can't remove the second slash and I can't understand where does it come from.
The second problem is the content of the redirection page (the home page displayed once the user is logged in) which correspond no more with the page I set in the User Group. The URI of this page is the right one but contains 2 consecutive slashes too. Removing one has no effect after I reload the page.
In fact, it seems the user is not "really" (??) logged in: I mean the name of the user and the "Disconnect" link are no more displayed whereas they where without SSL and, moreover, the Homepage link has a very strange behavior:
- the first time I click on, I get about the half of the things the user should see
- and I have to click on it a second time to see the entire well page (with user name, "Disconnect" link, the right menus, and so on...)

However, with SSL I've absolutely no problem with the admin interface redirection page of the editors. Maybe this is due to I've created one siteaccess per editor and I don't use LoginRedirectionUriAttribute[group] for them...

Any help is wellcome

Pascal

Ce qui embellit le désert c'est qu'il cache un puits... quelque part... (A. de Saint-Exupéry) - http://luxpopuli.fr/eZ-Publish

eZ debug

Timing:	Jan 19 2025 06:28:03
Script start
Timing:	Jan 19 2025 06:28:03
Module start 'layout'
Timing:	Jan 19 2025 06:28:03
Module start 'content'
Timing:	Jan 19 2025 06:28:04
Module end 'content'
Timing:	Jan 19 2025 06:28:04
Script end

Main resources:

Total runtime	0.8354 sec
Peak memory usage	4,096.0000 KB
Database Queries	46

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0064	589.2734	152.6406
Module start 'layout'	0.0065	0.0033	741.9141	39.4766
Module start 'content'	0.0097	0.8239	781.3906	456.7109
Module end 'content'	0.8336	0.0017	1,238.1016	12.4375
Script end	0.8354		1,250.5391

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0033	0.3941	16	0.0002
Check MTime	0.0013	0.1580	16	0.0001
Mysql Total
Database connection	0.0013	0.1537	1	0.0013
Mysqli_queries	0.7917	94.7703	46	0.0172
Looping result	0.0004	0.0536	44	0.0000
Template Total	0.8009	95.9	2	0.4004
Template load	0.0021	0.2543	2	0.0011
Template processing	0.7987	95.6087	2	0.3994
Template load and register function	0.0002	0.0275	1	0.0002
states
state_id_array	0.0008	0.1017	1	0.0008
state_identifier_array	0.0009	0.1117	2	0.0005
Override
Cache load	0.0017	0.2023	26	0.0001
Sytem overhead
Fetch class attribute can translate value	0.0007	0.0793	1	0.0007
Fetch class attribute name	0.0008	0.0943	1	0.0008
XML
Image XML parsing	0.0001	0.0122	1	0.0001
class_abstraction
Instantiating content class attribute	0.0000	0.0006	1	0.0000
General
dbfile	0.0007	0.0893	10	0.0001
String conversion	0.0000	0.0007	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
1	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
7	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
4	content/datatype/view/ezxmltags/line.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/line.tpl
3	content/datatype/view/ezxmltags/literal.tpl	<No override>	extension/community/design/standard/templates/content/datatype/view/ezxmltags/literal.tpl
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 17 Number of unique templates used: 6

Time used to render debug report: 0.0001 secs