[LON-CAPA-users] connection issue re library server

Stuart Peter Raeburn lon-capa-users@mail.lon-capa.org
Wed, 02 Mar 2005 14:36:36 -0500 

Hi Ray, Hong Kie, Jim, Todd & Lars, 

Installation of peer-to-peer software such as Kazaa can result in 
simultaneous installation of parasiteware or adware which hijacks a user's 
web browser.  This is known to be an issue that can affect users of Internet 
Explorer and Windows.  The parasiteware responds to the 403 HTTP response 
code sent by the LON-CAPA server by displaying some other site (e.g., a 
search engine site etc.) rather than the LON-CAPA log-in page sent by the 
server.  The redirection with 403 code (back to /adm/login) occurs whenever 
a user attempts to display a page which requires a valid session cookie for 
access, but no cookie has been supplied by the browser. 

Going to /adm/login directly to log-in can avoid this problem if parasitewar 
is installed,  but problems will be encountered subsequently should LON-CAPA 
send a 403 response code for any subsequent pages. 

If a user encounters the following:
(a) successfully displays the log-in screen,
(b) successfully logs-in
(c) is bounced back to the log-in page instead of seeing the roles screen 
(or the first page of the course, if user has only one role) ... 

this suggests that the browser did not supply the required cookie (either 
because cookies are completely disabled or are blocked for the particular 
LON-CAPA server).  On the server itself a record of the result of the user's 
attempted login will be found in /home/httpd/perl/logs/lonnet.log 

At MSU, problems with LON-CAPA have been reported when ZoneAlarm and Windows 
XP firewalls were both enabled on a single computer. Recommeded action 
appears in the MSU LON-CAPA FAQ for students 
(http://loncapa.msu.edu//student/faq.html): 

"Windows XP has a built-in software firewall that is turned on by default 
after upgrading to SP2. If you use this firewall and ZoneAlarm, certain 
functions in the LON-CAPA learning management system do not work. Solution: 
use one firewall or the other, but not both." 

Stuart Raeburn
MSU LON-CAPA support/development 

Ray Batchelor writes: 

> Hi Hong Kie, Jim, Todd & Lars, 
> 
> No, I have not had any resolution for my remote instructor, but he can connect 
> OK from home.... just not from his workplace.
> I will ask him about his ISP, operating systems and firewalls from both those 
> locations. It is interesting that he can connect from work to our access 
> servers but not to our library server (which is much slower and struggling on 
> one cpu at the moment).  I was kind-of hoping that this issue would go away 
> when we finally upgrade our library server, but, if some of you folks are 
> having the same trouble anyway, I become less hopeful. 
> 
> Possibly (but not necessarily) related, is the fact that students here, who 
> have had a similar kind of problem, can get around it.  Our local 
> authentication (I believe) depends on cookies from our institutional CKID 
> server and so people who are already authenticated (e.g. by logging onto the 
> my.sfu.ca  portal) go straight into loncapa without needing the login screen. 
> 
> I have had a few students who have found that this route works for them, 
> whereas using the login screen fails, in a fashion similar to what Jim has 
> described. 
> 
> Some time back, Stuart posted an explanation of how pestware, that is often 
> associated with peer-to-peer software, diverts browsers using error codes 
> that loncapa relies on.  
> I often have to tell student to clean up their computers or use a different 
> one. 
> 
> Some of these login problems seem to go away if they switch from using IE to 
> using Mozilla. 
> 
> 
> That's about all I can add to this discussion at the moment. 
> 
> Cheers,
> Ray 
> 
> I 
> 
> _______________________________________________
> LON-CAPA-users mailing list
> LON-CAPA-users@mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-users 
>