[LON-CAPA-admin] cookie invalid

hkng hkng at fsu.edu
Wed Sep 18 15:35:37 EDT 2013


I posted this question before but never got any response. When student
login using a portable device (like iPad) and using the cellular network to
the lonbalancer, the student is be authenticated and is then transferred to
one of the access server. However, the session immediately got kick back to
the lonbalancer, and because the system uses SSO, it immediately transfers
the session back to the access server. It forms an endless loop and the
student never get to the roles page.

Checking the logs this is what I can determine.

In the activities log, there are lots of sequential entries like

1379531706:fsua0:Switch Server to fsua2 with role <ip address> almost
always coming from mobile-xxx-mycingular.net

Checking the lonbalancer log (under /var/log/httpd) there are entries like

ssl_access_log:ip address - - [18/Sep/2013:15:23:31 -0400] "GET
/adm/roles?ticket=ST-1954238-wIoLGFGIQacDNCdcsrXy-casprd2 HTTP/1.1" 200

ssl_error_log:[Wed Sep 18 15:10:33 2013] [error] access to
/home/httpd/html/adm/switchserver failed for <ip address>, reason: Cookie
not valid

In the access server log, there is no entries with the ip address but there
are entries with the username like

access_log:<different ip address from lonbalancer> - -
[18/Sep/2013:15:10:32 -0400] "GET /adm/login HTTP/1.1" 200 2795 "
"Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_3 like Mac OS X) AppleWebKit/536.26
(KHTML, like Gecko) Version/6.0 Mobile/10B329 Safari/8536.25"

Some how when the session is transferred from the lonbalancer to the access
server, a different ip address is reported to the access server. This is
the only clue I can find as to why the student cannot get to the roles
page. Maybe it is a red herring. So question is has anyone seen this
behavior before? Also, why is the ip address different?

Any pointers?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.lon-capa.org/pipermail/lon-capa-admin/attachments/20130918/f147c20b/attachment.html>

More information about the LON-CAPA-admin mailing list