Hello,
we are encountering the problem that cookies for remembering the login are not saved / created when accessing our xwiki server with an DNS alias.
We use the XWiki 15.9+1 XJetty .DEB package with an nginx server - currently in an very simple port 80 only configuration. The nginx script is taken from here: https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Installation/InstallationWAR/InstallationTomcat/#HHttp28unsecure29
When accessing the servers FQDN and logging in with selecting the “remember me” option, 5 cookies are created (validation, rememberme, password, username and JSESSIONID). After restarting the browser I am logged in as expected.
But when accessing the server by its DNS alias however and logging in with selecting the “remember me” option only two cookies get created (username and JESSIONID).
That has the consequence, that simply restarting the browser loggs you out.
I can reproduce the problem with Edge, Firefox. The browsers are of course not configured to delete cookies after closing.
Obviosly I need to configure something somewhere but I don’t have a clue. I tried changing the servername in the nginx configuration but that didn’t change a thing.
Can you hint me at where I have to look/search?
Does the neccessary changes to correctly save the cookies be done to the configurations of nginx, xjetty, xwiki or the Debian system itself? The xwiki and xjetty configurations don’t seem to have an configuration value of a servername - at least I didn’t found one, so they are not the ones I suspect.
Thank you in advance
I now made some progress in ruling out possible causes and I am even more confused.
Of course I reseted my local DNS caches as well as Browsers after each attempt.
- When using the xjetty port directly (8080) the issue is the same (works with original hostname FQDN but not DNS alias FQDN), so nginx is ruled out as possible cause.
- I tried another server using a Debain 11.8 with the tomcat9 .DEB package and again tried directly on port 8080 without reverse proxy to the hostname “server-xwiki-01.subdomain.domain.de” as well as the DNS name “xwiki1.subdomain.domain.de” and the issue is the same(works with original hostname FQDN but not DNS alias FQDN).
- I tried using an additional DNS Host records instead of Alias that shows to the original DNS record and the issue still persists (works with original hostname FQDN but not DNS alias FQDN)
- I tried chaning debians /etc/hosts and /etc/hostname to the new name - hostname shows “xwiki1” and hostname --fqdn shows like “xwiki1.subdomain.domain.de” - issue is the same (works with original hostname FQDN but with new hostname FQDN)
- I tried setting the xwiki.home in /etc/xwiki/xwiki.cfg and restarted tomcat9 - issue is the same (works with original hostname FQDN but not with new FQDN)
- When accessing the DNS alias or Hostname directly without DNS-FQDN the issue is not persistent! So when opening directly “xwiki1” without “.subdomain.domain.de” the issue does not occour, the cookies are created correctly!
So the issue seemingly is narrowed down:
- Cookies are created when when using the original Hostname FQDN when the server was installed, as well as the new DNS (but only withoud domain) as wenn as original Hostname (without domain)
- The Cookies are not created when using the new FQDN
Somehow something in the xwiki installation “remembers” the original hostname when the debian server was installed and only when using that FQDN the cookies are created correctly.
Im completely confused by now.
Ok I found the issue, it was our local proxy (tinyproxy) that seemingly destroys/eats XWiki cookies… That combined with an weird Windows proxy exception list made it that the FQDNs with the shorter hostname like “xwiki.subdomain.domain.de” were all connected to the cookie-eating tinyproxy.
To make my confusion worse: Firefox had set “use system proxy settings” but the proxy exception list was empty, but not greyd out. Because of that I expected it to have no exceptions and only use the proxy URL and port that are configured for the system and did not consider anything related to proxies and proxy exceptions. But actually its quite the contrary. Even though it is fillable, even when its empty (or especially when its empty?), Firefox is using the systems proxy exception list too.
Becasue of that Firefox had the exact same issues like Edge.
Now my shorter XWiki DNS alias is on the systems proxy exception list and everything is fine with cookies, im not gonna investigate why tinyproxy is eating XWikis cookies…