留言板
Session or cache problems (?)
Hi Guys,
I have a big problem with Liferay Sessions i think. It could also be a caching problem, but with com.liferay.portal.servlet.filters.layoutcache.LayoutCacheFilter=false in my portal-ext.properties there should be no more layout caching (or not??).
The problem is that (sometimes!) I can see the dock of another person that has logged in a short time ago. It is also possible that I get a private page from another user when I visit the first public page (home). This all happens when I'm not logged in - so any other visitor of my page is also able to get this very private information. This problem does not only appear on my computer (!!).
Does anybody know what is going on here?
Any hint would be great.
Thanx and sorry for my bad english.
Sincerly,
Patrick
I have a big problem with Liferay Sessions i think. It could also be a caching problem, but with com.liferay.portal.servlet.filters.layoutcache.LayoutCacheFilter=false in my portal-ext.properties there should be no more layout caching (or not??).
The problem is that (sometimes!) I can see the dock of another person that has logged in a short time ago. It is also possible that I get a private page from another user when I visit the first public page (home). This all happens when I'm not logged in - so any other visitor of my page is also able to get this very private information. This problem does not only appear on my computer (!!).
Does anybody know what is going on here?
Any hint would be great.
Thanx and sorry for my bad english.
Sincerly,
Patrick
Hi Patrick,
You seem to have a caching problem. Do you have any frontend proxy or caching web server in front of the application server?
Try accessing the application server directly and see if it still happens.
You seem to have a caching problem. Do you have any frontend proxy or caching web server in front of the application server?
Try accessing the application server directly and see if it still happens.
I'm running an Apache Webserver with a the jBoss tomcat bundle as a Proxy (Liferay 5.1.2). The Apache Webserver has no caching modules enabled. Can this cause any problems or side-effects? How can I disable all caching in Liferay?
Thanks for your reply!
Sincerly,
Patrick
Thanks for your reply!
Sincerly,
Patrick
This should not be a problem with Liferay caching. Have you tried accessing the JBoss server directly?
Hi Patrick,
i'have the same trouble as you : Sometimes, an User A see User B's page across the network/
For example, the greetings in the dock menu of User A is the User B one, or the post-login message in the portlet show User B name...
Did you find an answer to the bug ?
Jorge, could it come from some proxy server in my network, caching the page coming from 2 identical urls ?
i'have the same trouble as you : Sometimes, an User A see User B's page across the network/
For example, the greetings in the dock menu of User A is the User B one, or the post-login message in the portlet show User B name...
Did you find an answer to the bug ?
Jorge, could it come from some proxy server in my network, caching the page coming from 2 identical urls ?
Hi Christophe,
Yes, the only time I've seen a similar problem it was caused by a proxy in the network whose caching capabilities where improperly configured.
Yes, the only time I've seen a similar problem it was caused by a proxy in the network whose caching capabilities where improperly configured.
Judging from own experience, we have had massive cross-user data views due to misconfigured caching policy on proxy of corporate network.
It was not looking good from security point of view, as portal was "rendering" domino email of the user who accessed home url last. Once proxy fixed, cross-views went away.
It was not looking good from security point of view, as portal was "rendering" domino email of the user who accessed home url last. Once proxy fixed, cross-views went away.
I also have this problem - can bypass my local proxy but have the same problem with more than one of my users,
who are external - rather than get them all to start looking at their proxy setup (they are all in different companies!)
is there no way to force sessions to expire/clear cache when the user is logged out?
The www.liferay.com portal does not have this problem, so there must be something that I can configure at the portal
end, rather than client end surely?
Regards
Chris Parsons
who are external - rather than get them all to start looking at their proxy setup (they are all in different companies!)
is there no way to force sessions to expire/clear cache when the user is logged out?
The www.liferay.com portal does not have this problem, so there must be something that I can configure at the portal
end, rather than client end surely?
Regards
Chris Parsons
Victor Zorin:
Judging from own experience, we have had massive cross-user data views due to misconfigured caching policy on proxy of corporate network.
It was not looking good from security point of view, as portal was "rendering" domino email of the user who accessed home url last. Once proxy fixed, cross-views went away.
Hi Victor,
Can you please tell me what fixes did you apply to the proxy?
Hi Jorge,
How to disable the proxy caches? We are facing a similar issue.
Regards,
Gopinath.S
How to disable the proxy caches? We are facing a similar issue.
Regards,
Gopinath.S
Hi Gopinath ,
Which Liferay version you are using ?
Which Liferay version you are using ?
Hi,
Same problem here : user sessions look like they're all mixed up. But, while looking at the logs, I'm pretty sure there's no problem in my application and the misconfigured proxy cache is the real problem.
However, by reading this thread, I can't find a clear answer to this question : is there something to do on the liferay side for the proxy cache to behave the right way ? What is the "right" Liferay configuration ? I'm a total noob with filters, any help much appreciated...
Thank you,
Mathieu.
Same problem here : user sessions look like they're all mixed up. But, while looking at the logs, I'm pretty sure there's no problem in my application and the misconfigured proxy cache is the real problem.
However, by reading this thread, I can't find a clear answer to this question : is there something to do on the liferay side for the proxy cache to behave the right way ? What is the "right" Liferay configuration ? I'm a total noob with filters, any help much appreciated...
Thank you,
Mathieu.
Same here....
I already try adding this code
inside: portal_normal.vm of my theme
I already try adding this code
<meta http-equiv="Cache-Control" content="no-cache">
<meta http-equiv="Cache-Control" content="private">
<meta http-equiv="Cache-Control" content="no-store">
<meta http-equiv="Cache-Control" content="must-revalidate">
<meta http-equiv="Cache-Control" content="max-stale=0">
<meta http-equiv="Cache-Control" content="post-check=0">
<meta http-equiv="Cache-Control" content="pre-check=0">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Keep-Alive" content="timeout=3, max=993">
<meta http-equiv="Expires" content="Mon, 26 Jul 1997 05:00:00 GMT">
inside: portal_normal.vm of my theme
Hola Jorge.
Tengo el mismo problema que se menciona en este foro.
Usuarios en diferentes browsers, en diferentes computadores acceden al último usuario autentificado en el portal, teniendo acceso a todas sus páginas privadas. Es equivalente a loguearse con dicho usuario.
Esto sólo ocurre en clientes que están tras un proxy corporativo, que no tienen opción de modificar la configuración y quitar el proxy. Tampoco se puede pedir a los administradores del proxy que cambien algo dado que los usuarios usan liferay para cursos online y no es una herramienta de uso corporativo aún. Liferay pertenece en este caso a la institución educacional.
Te quería pedir si me puedes orientar en que debo hacer en liferay para salvar esta situación.
he intentado varias cosas, pero sin éxito: incorporar expiración de caché en los META de la página, confogurar los parámetros
session.enable.persistent.cookies
session.enable.url.with.session.id
pero sin éxito
me podrías orientar?
Gracias
Tengo el mismo problema que se menciona en este foro.
Usuarios en diferentes browsers, en diferentes computadores acceden al último usuario autentificado en el portal, teniendo acceso a todas sus páginas privadas. Es equivalente a loguearse con dicho usuario.
Esto sólo ocurre en clientes que están tras un proxy corporativo, que no tienen opción de modificar la configuración y quitar el proxy. Tampoco se puede pedir a los administradores del proxy que cambien algo dado que los usuarios usan liferay para cursos online y no es una herramienta de uso corporativo aún. Liferay pertenece en este caso a la institución educacional.
Te quería pedir si me puedes orientar en que debo hacer en liferay para salvar esta situación.
he intentado varias cosas, pero sin éxito: incorporar expiración de caché en los META de la página, confogurar los parámetros
session.enable.persistent.cookies
session.enable.url.with.session.id
pero sin éxito
me podrías orientar?
Gracias
I had same problem... but I suppose that there isn't nothing to do in Liferay side.
So, we solved this problem including some rules in proxy server, to not do cache for Liferay portal domain.
So, we solved this problem including some rules in proxy server, to not do cache for Liferay portal domain.
Hola Norman, tenemos el mismo problema que has indicado ¿has conseguido resolverlo de algún modo?
Hola,
I'll do this one in english sorry ^^
From my point of view, there is nothing to do on the liferay side. This problem is a proxy configuration problem.
However, we had the same issue a short time ago, and our client would'nt want to change its proxy rules, arguing that if its proxy was misconfigured, it could be the same in another company.
So we ended up trying to add META refresh tags in the theme like Dikie a few posts ago, but it didn't solve the problem. In the end the only solution was to add timestamps in the URL generated by the portal, so the proxy would let the request bypass it beacuase of the timestamp parameter.
So we rewrote a URL like http://blablabla.com/accueil into http://blablabla.com/accueil?timestamp=5465498715654, we tested it on a few pages, and that did the trick.
But finally, our client accepted to change its proxy rules ^^.
Hope this help (and good luck)
Mathieu
I'll do this one in english sorry ^^
From my point of view, there is nothing to do on the liferay side. This problem is a proxy configuration problem.
However, we had the same issue a short time ago, and our client would'nt want to change its proxy rules, arguing that if its proxy was misconfigured, it could be the same in another company.
So we ended up trying to add META refresh tags in the theme like Dikie a few posts ago, but it didn't solve the problem. In the end the only solution was to add timestamps in the URL generated by the portal, so the proxy would let the request bypass it beacuase of the timestamp parameter.
So we rewrote a URL like http://blablabla.com/accueil into http://blablabla.com/accueil?timestamp=5465498715654, we tested it on a few pages, and that did the trick.
But finally, our client accepted to change its proxy rules ^^.
Hope this help (and good luck)
Mathieu
Hello Mathieu
We will go by your suggestion of rewriting URLs with an "xyz" field to avoid problems with unwavering clients when it comes to proxy settings. Is there a way "quick' way of doing these rewrites within Liferay?
Thank you.
Alvin
We will go by your suggestion of rewriting URLs with an "xyz" field to avoid problems with unwavering clients when it comes to proxy settings. Is there a way "quick' way of doing these rewrites within Liferay?
Thank you.
Alvin
Hi,
After a few days of investigating this problem, my client finally decided to set up his proxy the right way, so I didn't need this functionnality any more.
But I think the right to do this would be to overload the taglib generating the render, action and resource url. You can do so with an ext project I reckon.
Also, I overloaded the javascript library I used (jquery) for ajax POSTs to add a time stamp parameter in every POST.
Good luck !
Mathieu.
After a few days of investigating this problem, my client finally decided to set up his proxy the right way, so I didn't need this functionnality any more.
But I think the right to do this would be to overload the taglib generating the render, action and resource url. You can do so with an ext project I reckon.
Also, I overloaded the javascript library I used (jquery) for ajax POSTs to add a time stamp parameter in every POST.
Good luck !
Mathieu.