[imp] Let's try that again

Tobias Drewry tdrewry at bu.edu
Tue Oct 5 06:43:00 PDT 2004 

>> Zitat von tdrewry at bu.edu:
>>
>> the Setup:
>>
>> Server (solaris)
>> - Horde/IMP/Turba/Ingo CVS versions 3,4,2 and 1 accordingly.
>>
>> - Horde is configured with http authentication.
>>
>> - Imp is setup to use hordeauth and we only have single server configured.
>>
>> Over ethernet this works like a champ.
>>
>> the Problem:
>>
>> So, we have people dialing up and accessing Horde/IMP.  If this
>> client is using
>> IE, Netscape 7.x or even AOL's 'Web browers', there is no problem.  However,
>> when
>> a client access Horde/IMP via firefox or mozilla IMP fails to
>> successfully grab
>> the credentials.  The client is presented with the IMP login page (very much
>> not what is desired since it's not really configured to go anywhere) and a
>> successful click of the browsers refresh key corrects the error and displays
>> the mail box correctly.
>>
>> the Question:
>>
>> Is this a resolvable issue from withing IMP? Or should I be pointing
>> my concerns
>> over to Mozilla and Firefox's people?

> From: Jan Schneider <jan at horde.org>
>
> First of all, check with a newer Firefox version if this is not the most
> recent one. If it still happens, compare the HTTP headers that the browsers
> send when accessing IMP *after* doing the HTTP authentication.
>
> Jan.

Alright, http headers this time ;)

Successful:

https://www.bu.edu/webmail/horde/?weblogin_random=1575b466b4f6446474977614142433b613a715

REQUEST:

GET /webmail/horde/?weblogin_random=1575b466b4f6446474977614142433b613a715
HTTP/1.1
Host: www.bu.edu
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7)
Gecko/20040803 Firefox/0.9.3
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://weblogin.bu.edu//web@login3?jsv=1.5p&br=un&fl=6
Cookie: Horde=0cb8e6bc6291a829967e651c27864b2e;
auth_key=a449d11644f88574c86897716db78c85;
imp_key=c4ae3462aeede6deb4248aca79abe890;
weblogin3=88a1915bcd5c1a759e005de4043c0ce6:cussp-srv2; credsrv3=cussp-srv2

RESPONCE:

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2004 13:18:34 GMT
Server: Apache/1.3.26 (Unix) PHP/4.3.8 mod_perl/1.27
X-Powered-By: PHP/4.3.8
Set-Cookie: Horde=0cb8e6bc6291a829967e651c27864b2e; path=/webmail/horde;
domain=www.bu.edu; secure
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Via: 1.1 www.bu.edu
X-Cache: MISS from www.bu.edu
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked

Failed:

https://www.bu.edu/webmail/horde/login.php?Horde=0cb8e6bc6291a829967e651c27864b2e

REQUEST:

GET /webmail/horde/login.php?Horde=0cb8e6bc6291a829967e651c27864b2e HTTP/1.1
Host: www.bu.edu
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7)
Gecko/20040803 Firefox/0.9.3
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://weblogin.bu.edu//web@login3?jsv=1.5p&br=un&fl=6
Cookie: Horde=0cb8e6bc6291a829967e651c27864b2e;
weblogin3=ffa07c0b8b174ad60f252e600b0738c1:cussp-srv2; credsrv3=cussp-srv2

RESPONSE:

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2004 13:10:22 GMT
Server: Apache/1.3.26 (Unix) PHP/4.3.8 mod_perl/1.27
X-Powered-By: PHP/4.3.8
Set-Cookie: Horde=0cb8e6bc6291a829967e651c27864b2e; path=/webmail/horde;
domain=www.bu.edu; secure
Set-Cookie: auth_key=a449d11644f88574c86897716db78c85; path=/webmail/horde;
domain=www.bu.edu; secure
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Via: 1.1 www.bu.edu
X-Cache: MISS from www.bu.edu
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked


These were each generated from a clean browser (completely closed browser and
re-opened).  It's also worth noting that as of yesterday, as we've introduced
more testers, we've noticed the error occuring under IE as well.

The following headers were generated after the browser refresh key was pressed
from the failed attempt shown above:

https://www.bu.edu/webmail/horde/login.php?Horde=0cb8e6bc6291a829967e651c27864b2e

REQUEST:

GET /webmail/horde/login.php?Horde=0cb8e6bc6291a829967e651c27864b2e HTTP/1.1
Host: www.bu.edu
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7)
Gecko/20040803 Firefox/0.9.3
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://weblogin.bu.edu//web@login3?jsv=1.5p&br=un&fl=6
Cookie: Horde=0cb8e6bc6291a829967e651c27864b2e;
auth_key=a449d11644f88574c86897716db78c85;
imp_key=c4ae3462aeede6deb4248aca79abe890;
weblogin3=ffa07c0b8b174ad60f252e600b0738c1:cussp-srv2; credsrv3=cussp-srv2
Cache-Control: max-age=0

RESPONCE:

HTTP/1.1 200 OK
Date: Tue, 05 Oct 2004 13:12:25 GMT
Server: Apache/1.3.26 (Unix) PHP/4.3.8 mod_perl/1.27
X-Powered-By: PHP/4.3.8
Set-Cookie: Horde=0cb8e6bc6291a829967e651c27864b2e; path=/webmail/horde;
domain=www.bu.edu; secure
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Via: 1.1 www.bu.edu
X-Cache: MISS from www.bu.edu
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked

As you can see the Cookie is now well formed.

Any advice?

Also, sorry about the mix up yesterday with the headers vs "headers"  I was
wondering what those would prove..
--
Tobias Drewry
Boston University


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the imp mailing list