Forum OpenACS Q&A: Can't login - site not setting ANY cookies!


I recently created a new OACS site and it was working fine until I tried to configure it to use SSL for logins using the nsopenssl library.

This appeared to NOT be working properly so I attempted to get rid of the SSL functionality by removing the nsopenssl load from config script and setting the parameter to not use SSL for logins etc.

Now for whatever reason I can't figure out, I can't login at all to this system, it just stays on login page. I did a bit of debugging and it appears that the site is not attempting to write ANY cookies (unlike my duplicate dev site which sets 4 cookies after login and IS working with SSL).

For some reason the main site doesn't even attempt to write the initial session cookie ad_session_id never mind the other ones ad_user_login etc.???? Anyone see a problem like this before? Any ideas? I'm more or less locked out of the main site now :(

ps. it's nothing obvious like enabling cookies in browser - i can log into dev site in another tab in the same FF or IE7 browser and i can see the cookies or site don't appear in FF cookie list window.

Posted by Dave Bauer on
First check if you have old stale cookies for that site in your browser, if so, remove those for that site, and try again.
Posted by H Potter on
Thanks for the reply but I tried all that and verified no site/cookies/exceptions exist for this site.

In Firefox 3:
Tools->options->privacy->show cookies... (remove cookies) (remove all cookies).

From here i can see exactly what's happening with cookies as you go to an OpenACS site...

It sets ad_session_id as you go to login page and after login it sets ad_user_login and if its secure sets ad_user_login_secure and ad_secure_token

When I go to site no attempt to write any cookie is made (i have "ask me every time" option set in Tools->options->privacy in FF).

IE7 doesn't really show what's happening as easily but it also doesn't work so doesn't appear to be browser issue.

Posted by H Potter on
Also I checked proc that I assume writes the session cookie 'sec_generate_session_id_cookie' in acs-tcl/tcl/security-procs.tcl and there is an ns_log in there that i expected to see in log...

ns_log notice "Security: [ns_time] sec_generate_session_id_cookie setting session_id=$session_id, user_id=$user_id, login_level=$login_level"

... but the line never appears even on the site that is working - is this proc not the one that writes the session cookie?