Question posted in
Some documentation to get you started can be found here.

Getting logged out immediately after logging into an Apache webapp (OpenClinica)

I am running an OpenClinica install on my webserver and experience the following problem on Google Chrome only:

  • I access the landing page
  • I log into the root (or any other) account
  • On the logged in overview, I click any link (eg. list all patients)
  • I get logged out and thrown back to the landing page

This happens only on Google Chrome. Here are the relevant entries from the access.log – can anyone make sense of these? I don’t have any knowledge of HTTP status codes.

[03/Sep/2019:13:29:09 +0200] "POST /OpenClinica/j_spring_security_check HTTP/1.1" 302 328 "http://my-url.com/OpenClinica/pages/login/login;jsessionid=E6A0E2838AA51B1DA9F6AED47C42D5CD" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:09 +0200] "GET /OpenClinica/favicon.ico HTTP/1.1" 304 177 "http://my-url.com/OpenClinica/pages/login/login;jsessionid=E6A0E2838AA51B1DA9F6AED47C42D5CD" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:09 +0200] "GET /OpenClinica/MainMenu HTTP/1.1" 200 8269 "http://my-url.com/OpenClinica/favicon.ico" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:10 +0200] "GET /favicon.ico HTTP/1.1" 302 421 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:10 +0200] "GET /OpenClinica/pages/login/login;jsessionid=EA92FE865CF5345428D7538D18871D99 HTTP/1.1" 200 4770 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"

Click on List all patients

[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/ListStudySubjects HTTP/1.1" 302 272 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/pages/login/login HTTP/1.1" 200 4770 "http://my-url.com/OpenClinica/MainMenu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /favicon.ico HTTP/1.1" 302 422 "http://my-url.com/OpenClinica/pages/login/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/pages/login/login;jsessionid=9625D469100D1871538197FE241DECCB HTTP/1.1" 200 4770 "http://my-url.com/OpenClinica/pages/login/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
[03/Sep/2019:13:29:12 +0200] "GET /OpenClinica/RssReader HTTP/1.1" 200 757 "http://my-url.com/OpenClinica/pages/login/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"

Now I do have some whacky redirect rules, which I think are the root cause of the problem. They were written as a fix to a different problem – when logging in to the system, instead of regularly looking at the favicon, the browser (any browser) would attempt to OPEN the favicon.ico as a picture, leading to, depending on the browser, a 404 page or the favicon being opened as a picture full screen. Here are the redirect rules:

<VirtualHost *:80>
  ServerAdmin webmaster@localhost
  ServerName www.my-url.com

  ProxyPreserveHost On

  ProxyPass /OpenClinica/favicon.ico http://localhost:8080/OpenClinica/
  ProxyPassReverse /OpenClinica/favicon.ico http://localhost:8080/OpenClinica/

  ProxyPass /OpenClinica/ http://localhost:8080/OpenClinica/
  ProxyPassReverse /OpenClinica/ http://localhost:8080/OpenClinica/

  ProxyPass / http://localhost:8080/OpenClinica/
  ProxyPassReverse / http://localhost:8080/OpenClinica/
</VirtualHost>
Tags:

2

Answers


  1. 0

    Not used the specific application. As I see it, if you login while on / and you receive a cookie that is for /OpenClinica/ then: clicking on a relative link (that will keep you on /) would prevent the browser from re-sending the received cookie to the server.

    I would replace the last 2 entries with something like:

    RedirectMatch ^/$ /OpenClinica/

    I did not exactly understand the issue with favicon but maybe you want to apply the same rule there.

    Note: For RedirectMatch to work , mod_alias should be enabled.

    Another thing: I see ProxyPreserveHost enabled. This means that OpenClinica should be aware of its external host name.

    Login or Signup to reply.
  2. 0

    So that server is listening to port :80, but those proxy rules are all on port :8080 … while I merely wonder why you need to configure proxy rules on localhost?

    Just drop all of them and ignore the favicon issue meanwhile… the jsessionid being passed along with the URL rather hints for the server not handling the session properly, because such ID usually belongs into the request headers; putting them into the URL is the fallback option (because anyone who can see the logs can hijack these sessions, while in progress… no need for a password). With HTTPS it’s not that bad, but on HTTP this is also visible in eventual proxy logs.

    Honestly, I don’t think this is a Chrome problem, but rather the vhost configuration and/or sessions problem.
    It seems to stem from the vhost not having a DocumentRoot directive – and so it will inherit the global configuration, which seems to be one level above /OpenClinica.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search