Issue with login, keeps redirecting unless cookies are cleared

Jaimin · May 10, 2023, 10:36am

Hi,

I am creating this thread with regards to an issue that several users in our journal have been emailing about and we have investigated. We are currently using OJS 3.3.0.13 on our journal.

The issue:

The user logs in, while choosing “Keep me logged in”.
Logs out soon enough
Logs in again with the same option chosen “Keep me logged in”.
Somehow two versions of cookies are created (not always).
Once there are two versions of the cookies and the user tries to login again, it keeps redirecting to the login page over and over again (fixes on its own after some time/after several login attempts).

We have set a custom “session_cookie_name” and “session_check_ip” is off.

The issue is totally related to cookies, however my explanation might not be be fully accurate in depicting how to cookie issue is actually happening. Technical individuals might understand better.

If the user clears all the cookies for the website, they are able to login without a problem.

Can you please share a fix for this so that no manual intervention would be required?

Best Regards.

Jaimin · May 10, 2023, 10:37am

Not sure if this is relevant, but sharing it anyways.

jnoronha · May 10, 2023, 11:58pm

Hi @Jaimin,

Try changing the session cookie name back to the default and see what happens:

session_cookie_name = OJSSID

Best regards,
Josh

Jaimin · May 11, 2023, 6:30pm

Hi @jnoronha,

Thanks for your reply.

Same results are produced after changing it to the defaults, additionally not only does it redirect to the same login page a few times. Once logged in, after clicking the logout button from the panel, it will redirect to the dashboard again a few times until the logout finally works.

Best Regards,
Jaimin

jonasraoni · May 14, 2023, 8:46pm

@Jaimin, another possibility is that you’re affected by a bug which was fixed in OJS 3.4 (not released yet), see Unable to login when there's many session cookies · Issue #8544 · pkp/pkp-lib · GitHub.

Basically if you access the journal through https://journal.com, then use a subdomain, like https://WWW.journal.com, it will generate this issue.

You’ve got to ensure your journal listens on a fixed domain. Or redirect to the right one before it reaches the OJS code.

Best,
Jonas Raoni

Jaimin · May 15, 2023, 7:15am

Hi @jonasraoni,

Thanks for your reply, I tried to replicate the issue that you described and that seems to be the best explanation for this.

Please let me know if this is a good enough temporary resort to this issue until the upgrade is out:

RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]

Simple addition to the .htaccess file.

Best Regards,
Jaimin

jonasraoni · May 15, 2023, 7:49am

I’m not going to test your redirect, but yeah, that’s the way to go

Best,
Jonas Raoni

jonasraoni · May 22, 2023, 5:00am

This topic was automatically closed after 6 days. New replies are no longer allowed.