Roles and Permissions Caching Issue

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
7/6/2005 10:38:24 AM
Todd Stone
Gravatar
Total Posts 45
View Posts

Roles and Permissions Caching Issue

While doing some testing I ran into this problem with Roles and Permissions:

I have two users setup, one with "Admin" role and another with a new role I created named "Club Members".  I have flushed all my "Temporary Internet Files and Cookies" within Internet Explorer 6.0 SP2.  The first user I login as sets the Role Permission for all users who login afterwards on the same computer reguardless of their own Role Permission.

If "User A" (admin user) logs in first, then logs out and logs back in as "User B" (club members),  "User B" then has admin rights and can perform updates as an admin user would.  If you flush the "Temporary Internet Files and Cookies" between logins, permissions work correctly and this does not happen.  If preformed the other way around, when "User B" is the first to login, then logs out and logs back in as "User A", then "User A" can not perform any updates to the site.

Somehow the permission role is being cached on the local system and not being flushed after logging out or logging in.  Logging in as two seperate users from the same computer probably won't happen much, except for those of us who are doing developement and testing.

I'm using MojoPortal svn revision 221 hosted at GrokThis.net using a PostgreSQL database.

7/6/2005 1:38:49 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Roles and Permissions Caching Issue

I suspect this is going to turn out as a mono bug as I have not seen this in my testing on Windows.

I will try and come up with a simple test case this weekend.

The logout code is like this

Response.Cookies["portalroles"].Value = null;
            Response.Cookies["portalroles"].Expires = new System.DateTime(1999, 10, 12);
            Response.Cookies["portalroles"].Path = "/";
            FormsAuthentication.SignOut();
      
            Response.Redirect(SiteUtils.GetSiteRoot(), false);

I can try some different things and see if there is a workaround. For example I will try setting the cookie to string.Empty instead of null and try DateTime.Now.AddYears(-1)

I can also try some alternate syntax to set the cookie like

HttpCookie roleCookie = new HttpCookie("portalroles", string.Empty);
 roleCookie.Expires = DateTime.Now.AddYears(-1);
 HttpContext.Current.Response.Cookies.Add(roleCookie);

and see if that helps

It does sound like its the roles cookie is  where the problem is happening. Sounds like it is sticking around after logout.
There have been some bugs in the cookie implementation of mono before.

I'll post again after I get a chance to investigate it further.
7/6/2005 2:00:39 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Roles and Permissions Caching Issue

I just changed the syntax for the cookie code and committed to svn if you want to test it out. It was very minor changes in the Logout.aspx.cs and Gloabal.asax.cs but I have a feeling it will fix the problem because its similar to a workaround I did for a previous cookie bug in mono.

Thanks,

Joe
7/7/2005 7:05:55 AM
Todd Stone
Gravatar
Total Posts 45
View Posts

Re: Roles and Permissions Caching Issue

Joe,  I've updated to svn revision 223, recompiled and placed the updated mojoPortal.Web.dll on the site and restarted apache.  I am still getting the same results.  I've tried waiting about 5 minutes after logging out before logging back in and I still get the same results.  The only way to correct is to remove the cookie between logins.

7/9/2005 6:19:56 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Roles and Permissions Caching Issue

This does appear to be a bug in mono 1.1.7 but it seems to be fixed as of svn rev 46532 of mono 1.1.8 as it behaves incorrectly on this site which is on 1.1.7 but correctly on my demo site at 1.1.8 r46532

To see this login to this site then right click home and open a second tab or window, then in this second window navigate to http://www.mojoportal.com/TestCookie.aspx and it will display your encrypted role cookie
Logout in the first window and refresh the test cookie page and it will still show your encrypted role cookie

Repeat the same steps at demo.mojoportal.com and you will see that when you logout the roles cookie is cleared, of course the url to the cookie test on the demo site is
http://demo.mojoportal.com/TestCookie.aspx
You must sign in to post in the forums. This thread is closed to new posts.