[Setup] Problem logging into plone sites when they are accessed via an apache proxy

COWDEROY, Alan ACOWDEROY at reseau-gds.fr
Fri Mar 20 10:03:01 UTC 2009 

I have a problem logging into my plone sites when I access them via an apache proxy.

I am migrating my plone sites from 2.0.3 to 2.5.1 and to a different machine. The problem though occurs both on migrated and newly created plone sites so it is not migration related. The new machine is a fresh install (software versions below).

The effect is as follows :

- For anonymous users everything works fine, the apache proxy functions perfectly.
- If i access my plone sites directly on the port zope listens on I can login without problem.
- But, if I attempt to login to the sites while accessing them via the apache proxy I get one of three results :

Either :
- a) I am silently returned to the page on which I clicked the link to get to the login page. There is no error, nothing in the logs. I am not logged in (no user options menu or user actions bar) site behaves as for an anonymous user (but still correctly apart from the missing login).

- or b) I receive a login confirmation screen informing me that I am now logged in. The screen has the usual user options menu (my files, prefs etc) and actions (content, modify, share, etc). BUT if I now navigate away from this page I lose my authentication, no more user options, the system behaves as if I had never logged in.

- or c) and last but not least - sometimes the login just works fine!!

I have been unable to isolate under what circumstances I get the failure. It does not seem to be related to specific terminals or users. It also evolves over time, one day works just fine, the next not.

So as best I can see the problem seems to be with the session management. I can't see that it is with apache which appears to be correctly routing the requests. The effect rather resembles what happens if you login via an ip address (say) and then access the site via a domain name - plone "forgets" you are logged in because you are no longer using the same address and it hasn't placed a cookie for the second one.

These results are the same on both firefox and ie (not tested with anything else)

Most gratefull for any assistance with this problem which is preventing me from migrating certain sites.

Regards
Alan Cowderoy

apache2 proxy configuration is as follows :

I route to virtual hosts by sub domain name so ProxyPass is sufficient, don't need the extra flexibility of rewrites.

<VirtualHost portail.gaz-de-strasbourg.local>
    ServerName portail.gaz-de-strasbourg.local
    ServerAlias portail
<Proxy *>
order deny,allow
allow from all
</Proxy>
ProxyPass / http://my server ip address:10080/VirtualHostBase/http/portail.gaz-de-strasbourg.local:80/portail/VirtualHostRoot/
ProxyPassReverse / http://my server ip address:10080/VirtualHostBase/http/portail.gaz-de-strasbourg.local:80/portail/VirtualHostRoot/
</VirtualHost>

software versions for target machine are :
Zope 2.9.6-final
Python Version 2.4.4
Plone 2.5.1
Apache 2
running on Linux/Debian

More information about the Setup mailing list