 |
+1, and more information: After following (in my case) https://logout@10.x.x.x/?logout , Firefox warns: " You are about to log in to the site "10.x.x.x" with the username "logout", but the website does not require authentication. This may be an attempt to trick you. Is "10.x.x.x" the site you want to visit? " If I confirm Yes, I am shown my Apache 2 Test Page, and I am not prompted for any authentication. From here, when I open https://10.x.x.x/racktables I am not prompted for credentials, and I am already logged in as admin. I observe this in Firefox 36.0.4 and Chrome 41.0.2272.101 m. In IE 11, the 'logout' link does not even appear to have a target. Next step: If I navigate within RackTables, then hover over 'logout,' the link has become https://logout@10.x.x.x/racktables/?logout In Chrome, when I click 'logout,' the page does not change, but I am prompted for credentials. If I decline to provide them, the browser shows "This system requires authentication. You should use a username and a password." If I immediately re-attempt https://10.x.x.x/racktables, I am not prompted for credentials and am already logged in as admin. In Firefox, when I clock 'logout,' the page does not change, but I am prompted for credentials. If I decline to provide them, the browser shows "This system requires authentication. You should use a username and a password" (same as Chrome). But, if I immediately re-attempt https://10.x.x.x/racktables, I am prompted for credentials and must provide them. Summarizing: * If *no* navigation within RackTables is performed after login, the logout URL does not contain the segment "/racktables". When clicking 'logout', the session appears to be not destroyed. * If navigation *is* performed within RackTables, the logout URL *does* contain the segment "/racktables". When clicking 'logout', the session appears to be destroyed in Firefox, but *not* destroyed in Chrome. * No matter what, IE 11 doesn't even realize that 'logout' is a link. |
 |
Hi. I am new to racktables. I know the above problem in terms of "won't work with https". I think the main problem is when you switch from http to https. + installed and setup racktables with http -> logout link a bit strange - but works okay + switched to https -> logout link does not work anymore + switched back to http (commenting out lines in site.conf) -> logout link works The messages @pRZelAHkmB78 showed are exactly what happens when switched to https. All example links above use https. So I assume I have exactly the same problem but only when I use https. My question is: what do I have to do to enable racktables logout over https? I attached the different "log out boxes" regarding http (working) and https (not working). Please excuse the use of German language in these images. The text says what @pRZelAHkmB7 wrote. Auswahl_833.png (15,207 bytes) Auswahl_834.png (16,025 bytes) |
|
|
I think my problem is due to my setup. I run racktables in lxd container with apache reverse proxy. Outside i run https, but inside the container i run only http. This part of the code is causing my problems, because the serving host (in the container) hasn't https running: function showLogoutURL () { $https = (isset ($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 's' : ''; // some more code printf ('http%s://logout@%s%s?logout', $https, $_SERVER['SERVER_NAME'], $dirname); ### I commented setting $https and changed the line to printf ('https://logout@%s%s?logout', $_SERVER['SERVER_NAME'], $dirname); Sorry for the noise! |
 |
Finally I was able to reproduce this bug and find why it happens. No solution yet. |
|
|
Bug 496 has the resolution for this problem, all other similar bugs have been marked as duplicate. Closing. |
- Anonymous
