Forum OpenACS Q&A: Subsite login redirect loop?

Collapse
Posted by Michael Steigman on
I've been working on a subsite based intranet which uses the host-node map. I'm just about done so I decided to tell the subsite not to inherit permissions from the main site and added a special permission, read for all intranet party members. Now when I visit the actual intranet URL, I'm getting stuck in an infinite loop instead of seeing a login page. Mozilla says "Redirection limit for this URL exceeded. Unable to load the requested page." In the log, I see:
172.17.1.105 - - [12/Apr/2003:12:14:45 -0400] "GET /register/?return_url=%2fintranet%2f HTTP/1.1" 302 413 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020918"
172.17.1.105 - - [12/Apr/2003:12:14:45 -0400] "GET /register/?return_url=%2fintranet%2fregister%2f%3freturn%5furl%3d%252fintranet%252f HTTP/1.1" 302 472 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020918"
172.17.1.105 - - [12/Apr/2003:12:14:46 -0400] "GET /register/?return_url=%2fintranet%2fregister%2f%3freturn%5furl%3d%252fintranet%252fregister%252f%253freturn%255furl%253d%25252fintranet%25252f HTTP/1.1" 302 543 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020918"
172.17.1.105 - - [12/Apr/2003:12:14:47 -0400] "GET /register/?return_url=%2fintranet%2fregister%2f%3freturn%5furl%3d%252fintranet%252fregister%252f%253freturn%255furl%253d%25252fintranet%25252fregister%25252f%25253freturn%25255furl%25253d%2525252fintranet%2525252f HTTP/1.1" 302 626 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020918"
172.17.1.105 - - [12/Apr/2003:12:14:47 -0400] "GET /register/?return_url=%2fintranet%2fregister%2f%3freturn%5furl%3d%252fintranet%252fregister%252f%253freturn%255furl%253d%25252fintranet%25252fregister%25252f%25253freturn%25255furl%25253d%2525252fintranet%2525252fregister%2525252f%2525253freturn%2525255furl%2525253d%252525252fintranet%252525252f HTTP/1.1" 302 721 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020918"
Etc., etc., etc. Any ideas?
Collapse
Posted by Cathy Sarisky on
Sounds like unregistered or not logged in users don't have ANY permissions on the subsite, which means they're not allowed to SEE the login page.  (I've done that one too.)  You probably want to give The Public read privs on the subsite itself (so that they can log in), and then remove or don't inherit it on mounted packages.

(If you don't want them see even that first page, check that they're logged in and redirect them to the login screen if they aren't, or modify the content displayed.)

HTH

Collapse
Posted by Michael Steigman on
Thanks, Cathy. That was part of it - I allowed permissions to be inherited and blocked inheritance at the package level and that seemed to work ok. I'm running into similar infinite loop problems, however, if I try to prevent the public from viewing the first page. For example, if I throw an ad_maybe_redirect_for_registration in the index page, I get the same loop. Ditto for the following:
if {[ad_conn user_id] == 0} {
    ad_returnredirect "/register/"
}
Also tried "/intranet/register/index" (/intranet being the subsite node) and others for the redirect argument. The redirect to /register/ works fine from the applications but not from the home page. Why would that be?
Collapse
Posted by Bruno Mattarollo on
I am having this same problem using Camino 0.7 on mac for a recently upgraded to OpenACS 4.6.2/dotLRN 1.0 website. On the homepage it doesn't work. I have granted "Read" to "The Public" on the Main Site ...
Collapse
Posted by Bruno Mattarollo on
Ok ... looks like "The Public" is "party_id 1" instead of "0" ... Will look in CVS for some updates ;)
Collapse
Posted by Bruno Mattarollo on
Ok ... what you have to do (at least that solved my problems) is grant "read" to "Object 0" on the Main Site ...
Collapse
Posted by Michael Steigman on
A day or two after my original posting I came back to this and tried something different which seems to have worked - adding the subsite node to URLs.

if {[ad_conn user_id] == 0} {
ad_returnredirect "http://myintranet.com/intranet/register/?return_url=/intranet/"
}

where /intranet/ is the ACS subsite which the host-node directs myintranet.com to.

After seeing Bruno's postings this morning, I went back and experimented again and now it seems to work no matter what I try, be it ad_maybe_redirect_for_registration or any combo of URLs in my own user_id test. In the intervening period, I've moved developement from Oracle to Postgresql (clean 4.6.2 ish CVS install) so I'm really clueless at this point as to what's going on. I'm happy things are working but I'm curious if any changes were made to the request processor that would have affected this between 4.6.1 and 4.6.2.