[LON-CAPA-admin] cookie invalid

Stuart Raeburn raeburn at msu.edu
Wed Sep 18 17:14:22 EDT 2013 

Hi,

> ssl_error_log:[Wed Sep 18 15:10:33 2013] [error] access to
> /home/httpd/html/adm/switchserver failed for <ip address>, reason: Cookie
> not valid

A post to the admin mailing list which discusses the origin of that  
item in ssl_error_log is here:

http://mail.lon-capa.org/pipermail/lon-capa-admin/2013-January/002692.html

I will follow-up with an additional response to your post once I have  
taken a look at the load balancing code included in LON-CAPA 2.10.1

Stuart Raeburn
LON-CAPA Academic Consortium


Quoting hkng <hkng at fsu.edu>:

> Hi,
>
> I posted this question before but never got any response. When student
> login using a portable device (like iPad) and using the cellular network to
> the lonbalancer, the student is be authenticated and is then transferred to
> one of the access server. However, the session immediately got kick back to
> the lonbalancer, and because the system uses SSO, it immediately transfers
> the session back to the access server. It forms an endless loop and the
> student never get to the roles page.
>
> Checking the logs this is what I can determine.
>
> In the activities log, there are lots of sequential entries like
>
> 1379531706:fsua0:Switch Server to fsua2 with role <ip address> almost
> always coming from mobile-xxx-mycingular.net
>
> Checking the lonbalancer log (under /var/log/httpd) there are entries like
>
> ssl_access_log:ip address - - [18/Sep/2013:15:23:31 -0400] "GET
> /adm/roles?ticket=ST-1954238-wIoLGFGIQacDNCdcsrXy-casprd2 HTTP/1.1" 200
> 11318
>
> ssl_error_log:[Wed Sep 18 15:10:33 2013] [error] access to
> /home/httpd/html/adm/switchserver failed for <ip address>, reason: Cookie
> not valid
>
> In the access server log, there is no entries with the ip address but there
> are entries with the username like
>
> access_log:<different ip address from lonbalancer> - -
> [18/Sep/2013:15:10:32 -0400] "GET /adm/login HTTP/1.1" 200 2795 "
> http://loncapa2.fsu.edu/adm/login?domain=fsu&username=xxxxx&token=24824_128_186_7_151_9"
> "Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_3 like Mac OS X) AppleWebKit/536.26
> (KHTML, like Gecko) Version/6.0 Mobile/10B329 Safari/8536.25"
>
> Some how when the session is transferred from the lonbalancer to the access
> server, a different ip address is reported to the access server. This is
> the only clue I can find as to why the student cannot get to the roles
> page. Maybe it is a red herring. So question is has anyone seen this
> behavior before? Also, why is the ip address different?
>
> Any pointers?
>
> Thanks,
> -hk
>



Stuart Raeburn
LON-CAPA Academic Consortium

More information about the LON-CAPA-admin mailing list