Username not valid using SSL
Reported by Christoph Koehler | June 15th, 2009 @ 10:17 AM
Hey Ben,
Thanks for making authlogic, it seems to be a great fit for our project!
I have a problem with an error when I try to login on an SSL website. I get a "Username is not valid" error. I know the user exists, and it's the right password. It works fine when I run a quick script/server on the same box, same environment, same release version of the app, just not SSL.
Let me know if you need more info to fix this. The app is not public and I don't want to post a public link.
Thanks!
Christoph
Comments and changes to this ticket
-
Ben Johnson June 20th, 2009 @ 04:41 AM
- State changed from “new” to “open”
That sounds like something beyond the scope of authlogic. Can you confirm that you are even getting the correct information from the params?
-
Christoph Koehler June 20th, 2009 @ 09:44 AM
Ben,
It looks okay to me. Here is the log entry, sanitized for a bit of privacy:
Processing UserSessionsController#create (for 123.123.123.1234 at 2009-06-20 08:40:02) [POST] Parameters: {"commit"=>"Submit", "user_session"=>{"username"=>"admin", "password"=>"notreallythepassword"}, "authenticity_token"=>"qpLY0w5N/w6dqoO3VpwhOFW2ZIPx7+S54AXPcpvkOx4="} Rendering template within layouts/application Rendering user_sessions/new Completed in 14ms (View: 3, DB: 8) | 200 OK [https://mydomain.com/user_sessions]A user with that username and password exists in the database.
Thanks for looking at this!
Christoph
-
Ben Johnson June 24th, 2009 @ 01:51 AM
- State changed from “open” to “resolved”
Hi Christoph, it's really hard for me to determine the issue here. SSL shouldn't change anything, its just ruby. My guess is that there is something weird going on with the cookies. If you want additional help I would need to actually play around with the application which probably isn't possible, and I'm not sure I would have time to do that this week. I hope you solve the issue, but I don't know how much help I can really be. Sorry ot be a debbie downer.
-
Christoph Koehler June 24th, 2009 @ 09:25 AM
Ben,
Thanks for the help so far. I really need to get this resolved and don't mind doing that myself if I know what to look at. I will check out cookies.
One other thing that came to mind is that I am using passenger. I wonder if that's the problem. Is there any way to have Rails show what exactly failed the validation? That may help.Thanks again.
Christoph
-
Christoph Koehler June 24th, 2009 @ 10:47 AM
Ben,
I am getting close to solving it. It works fine in development mode, but not in production. SSL or passenger don't seem to make any difference. This is on the server. Locally, both development and production work fine.
Anything you can think of that would cause this?
Thanks!
-
Christoph Koehler June 24th, 2009 @ 11:41 AM
Alright, the problem has to do with config.cache_classes = true, which tells me just about nothing. Setting that to false, as in development, makes it work.
The problem only occurs in Passenger, version 2.2.4 for me. It works fine in script/server Mongrel, as well as locally in WEBrick.
Setting config.cache_classes = false works around that and is good enough for me.Thanks for your time!
Christoph
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.
Ben Johnson
Christoph Koehler