This question about Authentication or Authorisation: Answered
foswiki 1.1.9 keeps asking for password
Hello all,
My problem is the following: as soon as I enter any sort of restriction in the Web Preferences on any of my Webs, foswiki will keep asking me for a password every time I try to do the restricted action. It is behaving as if it can't remember who is logged in, even though the correct logged in user appears at the top left.
For instance, the settings for one web are:
- Set DENYWEBVIEW =
- Set ALLOWWEBVIEW = AdminGroup
- Set DENYWEBCHANGE =
- Set ALLOWWEBCHANGE = AdminGroup
- Set DENYWEBRENAME =
- Set ALLOWWEBRENAME = AdminGroup
Now it will correctly restrict the viewing, editing and rename only if a user from the admin group is doing it, but every time I go back to the webhome or try to edit something, it will ask for the user and password again.
Additionally it does not seem to exhibit this behaviour on all machines and on all webbrowsers when I access it, even though the browsers are configured the same everywhere (Foswiki sems to work normally all the time on some machines with opera, but only some of the time on some machines using firefox, and on my main machine it never works correctly). Frankly I find this behaviour is bizarre.
Any Ideas what could cause something like this?
Thanks in advance!
--
FestusFiend - 12 Apr 2016
Does
foswiki ask for the login using the Template login page, ie
https://foswiki.org/bin/login or is the browser asking for the userid/password. If it's the latter, then it is possibly a web server configuration issue rather than Foswiki.
--
GeorgeClark - 12 Apr 2016
Dear George,
sorry for not posting clearly. Yes, it goes back to the foswiki login template, so it is not an apache config problem via some obscure "require" directive somewhere (probably).
In fact, the only way I got it to work in a less-annoying way right now is to set the web permissions to allow anyone to do anything and to slap an apache login over the foswiki/bin directory so people have to pass an apache login before being allowed to do anything at all in the bin directory. This works ok, and it works for all machine/browser combinations.
This is a messy and tempory resolution though, since if people want to edit something, they have to login twice, once via apache and once via the foswiki template, so their signature can be applied to any edits.
cheers,
--
FestusFiend - 18 Apr 2016
Is there any chance your browser is blocking cookies? Or something is interfering with the browser / server connection, like a proxy that has multiple users all sharing the same IP address? If the client cookie isn't available or used, Foswiki will "forget" the login. By using apache authentication, the identity is established in a different way. Some things to check:
- In configure: Security and Authentication section, under the various tabs:
-
{UseClientSessions}
is enabled
-
{Sessions}{ExpireAfter}
is set to a reasonably large number.
-
{Sessions}{UseIPMatching}
(expert setting) is not checked
-
{Sessions}{MapIP2SID}
(expert setting) is not checked
-
{AuthScripts}
set to the default list of scripts
Sorry for the delay. I'm not sure what else could be causing Foswiki to lose track of the authorized user.
--
GeorgeClark - 24 Apr 2016