[Freeipa-users] [Centos7.2 Freeipa 4.2] browser : your session has expired
Petr Vobornik
pvoborni at redhat.com
Tue Feb 2 08:48:21 UTC 2016
The 401 after successful 200 is an issue with session which to browser
looks as expired session.
Please examine cookie headers of both the 'login_password' and the
subsequent 'json' request (as written in the other mail).
On 02/02/2016 09:40 AM, Christopher Lamb wrote:
>
> From: Alexander Bokovoy <abokovoy at redhat.com>
> To: Christopher Lamb/Switzerland/IBM at IBMCH
> Cc: Petr Vobornik <pvoborni at redhat.com>, freeipa-users at redhat.com,
> wodel youchi <wodel.youchi at gmail.com>
> Date: 02.02.2016 09:32
> Subject: Re: [Freeipa-users] [Centos7.2 Freeipa 4.2] browser : your
> session has expired
>
>
>
> On Tue, 02 Feb 2016, Christopher Lamb wrote:
>>
>> Hi Petr
>>
>> I get exactly the same behaviour ever so often. We are running IPA server
>> 4.2.0 15.0.1.el7_2.3, (though we got the same problem with earlier
> releases
>> too).
>>
>> In my case the laptop running Firefox / FreeIPA WebUI, and the OEL Server
>> running the IPA server have time within seconds / milliseconds of one
>> another. The server uses NTPD (and has full missile lock on the NTP pool
>> servers), and the laptop uses whatever OSX uses to keep time accurate.
>>
>> As I only need to use the FreeIPA WebUI rarely (every few months or so)
> the
>> exact behaviour is difficult to pin down. It seems to work like this:
>>
>> a) I will sometimes have access without the "your session has expired"
>> error. Typically this is when I have not used FreeIPA for a long time
>> (months).
>>
>> b) then some days later, when I revisit the WebUI, the "your session has
>> expired" error will crop up.
>>
>> c) as I have access to several workstations, each with several browsers
>> installed (IE, FF, Chrome, Safari etc.), I may get luck and find one that
>> does not give the error (while the others do).
>>
>> Just like the OP, the workstations are not FreeIPA hosts (or servers), and
>> we use login /pw for the WebUI.
> Can you hit ctrl+shift+I in Firefox (open development console), select
> 'Network' tab there, hit reload, and explore the requests/responses
> there when the error is manifested. Unfortunately, there is no way to
> copy out the whole traffic but you can at least make screenshots.
>
> This approach allows you to see what's happening inside the
> communication without need to decode SSL traffic in Wireshark.
> --
> / Alexander Bokovoy
>
--
Petr Vobornik
More information about the Freeipa-users
mailing list