Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16278

"Remember me on this computer" does not work, cookie is not accepted in new session

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: core
    • Environment:
      Jenkins 1.498 on Debian Squeeze with Java 1.6.0_26
    • Similar Issues:

      Description

      As of Jenkins version 1.498 the "Remember me" login cookie is not accepted resulting in a necessary login each time a new Jenkins session is started (loss of session cookie). The versions 1.496 and 1.497 did not show this issue.

      We are using Jenkin's built-in user authentication

        Attachments

          Issue Links

            Activity

            Hide
            lime Hendrik Millner added a comment -

            Hi Kim,

            May I also ask you to set up a logger according to comment https://issues.jenkins-ci.org/browse/JENKINS-16278?focusedCommentId=174193&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-174193 please? It would be great to be sure whether a correct remember me cookie is created, or not.

            Show
            lime Hendrik Millner added a comment - Hi Kim, May I also ask you to set up a logger according to comment https://issues.jenkins-ci.org/browse/JENKINS-16278?focusedCommentId=174193&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-174193 please? It would be great to be sure whether a correct remember me cookie is created, or not.
            Hide
            rupunzlkim Kim Abbott added a comment - - edited

            Thank you Hendrik, I did set up a logger, here is what appears repeatedly from Jenkins 3.

            SecurityContextHolder not populated with remember-me token, as it already contained: 'org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken@edd9cf3c: Username: hudson.security.HudsonPrivateSecurityRealm$Details@7e08bf1b; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@3bcc: RemoteIpAddress: <my PC IP>; SessionId: null; Granted Authorities: authenticated'

            And this is the exact same message I get from Jenkins 2.

            The entry from Jenkins 1 though is a bit different - note there is a SessionID value:

            SecurityContextHolder not populated with remember-me token, as it already contained: 'org.acegisecurity.providers.UsernamePasswordAuthenticationToken@9a1e6431: Username: hudson.security.HudsonPrivateSecurityRealm$Details@305806; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@ffff8868: RemoteIpAddress: <my PC IP>; SessionId: 1sc6t6z8jn1cr2fvqou5qovze; Granted Authorities: authenticated'

             

            Show
            rupunzlkim Kim Abbott added a comment - - edited Thank you Hendrik, I did set up a logger, here is what appears repeatedly from Jenkins 3. SecurityContextHolder not populated with remember-me token, as it already contained: 'org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken@edd9cf3c: Username: hudson.security.HudsonPrivateSecurityRealm$Details@7e08bf1b; Password: [PROTECTED] ; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@3bcc: RemoteIpAddress: <my PC IP>; SessionId: null; Granted Authorities: authenticated' And this is the exact same message I get from Jenkins 2. The entry from Jenkins 1 though is a bit different - note there is a SessionID value: SecurityContextHolder not populated with remember-me token, as it already contained: 'org.acegisecurity.providers.UsernamePasswordAuthenticationToken@9a1e6431: Username: hudson.security.HudsonPrivateSecurityRealm$Details@305806; Password: [PROTECTED] ; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@ffff8868: RemoteIpAddress: <my PC IP>; SessionId: 1sc6t6z8jn1cr2fvqou5qovze; Granted Authorities: authenticated'  
            Hide
            lime Hendrik Millner added a comment -

            This shows that your authentication is retained by the session ID cookie, at least if it is not null. Does this message look different after you were kicked out from the system? Please check the log on the Jenkins instance, you were kicked out of. Actually, you should be re-authenticated by your session ID cookie, at least as long as you do not close your browser, or any add-on deletes the cookie. Do you have simultaneous session ID cookies for all of your Jenkins instances in your browser, after you logged in into all instances? Or only one cookie for the last instance, you logged into? The session ID cookies expire only when you close your browser.

            Anyways, the different Jenkins instances should not be able to influence each other in you browser, especially if they are hosted on different servers. Do you route the Jenkins UIs through one and the same web server, so that the cookies from the different instances may collide (e.g. http://myserver/jenkins1/ and http://myserver/jenkins2/) ?

            Show
            lime Hendrik Millner added a comment - This shows that your authentication is retained by the session ID cookie, at least if it is not null. Does this message look different after you were kicked out from the system? Please check the log on the Jenkins instance, you were kicked out of. Actually, you should be re-authenticated by your session ID cookie, at least as long as you do not close your browser, or any add-on deletes the cookie. Do you have simultaneous session ID cookies for all of your Jenkins instances in your browser, after you logged in into all instances? Or only one cookie for the last instance, you logged into? The session ID cookies expire only when you close your browser. Anyways, the different Jenkins instances should not be able to influence each other in you browser, especially if they are hosted on different servers. Do you route the Jenkins UIs through one and the same web server, so that the cookies from the different instances may collide (e.g. http://myserver/jenkins1/ and  http://myserver/jenkins2/) ?
            Hide
            rupunzlkim Kim Abbott added a comment -

            So, I am now noticing that it appears that I'm only running into an issue when I attempt to stay logged into the older Jenkins 1 alongside one of the newer Jenkins 2/3.  Lately appears that if I'm only trying to stay logged into either Jenkins 2/3 I stay logged in, but I can't maintain a login with Jenkins 1 and Jenkins 2/3.

            Show
            rupunzlkim Kim Abbott added a comment - So, I am now noticing that it appears that I'm only running into an issue when I attempt to stay logged into the older Jenkins 1 alongside one of the newer Jenkins 2/3.  Lately appears that if I'm only trying to stay logged into either Jenkins 2/3 I stay logged in, but I can't maintain a login with Jenkins 1 and Jenkins 2/3.
            Hide
            lime Hendrik Millner added a comment -

            I am sorry, I cannot help you without further and deeper insight into your system (browser/ server). It seems you have a problem with the Jenkins cookies in general, not with the remember me token in particular.

            Show
            lime Hendrik Millner added a comment - I am sorry, I cannot help you without further and deeper insight into your system (browser/ server). It seems you have a problem with the Jenkins cookies in general, not with the remember me token in particular.

              People

              • Assignee:
                lime Hendrik Millner
                Reporter:
                lime Hendrik Millner
              • Votes:
                29 Vote for this issue
                Watchers:
                35 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: