[Mailman-Users] admin web interface is not saving changes and asksme to re-enter password

[Cornils, Karin]

Thanks Mark, you're right about the cookie.  I had tried different
workstations and IE 6 & 7 browser versions to no effect (even in Accept
All Cookies mode and setting the Mailman site as trusted). But when I
try it on Firefox and Safari, it works - the reauthentication problem
doesn't happen in either of those browsers.  And that's on the same
desktop where the problem happens in IE.  In fact, the same IE browser
works fine against an old version of the list (2.1.5) but fails with
2.1.9. 

In the packet trace, you see the Mailman send out the cookie in both the
Firefox and IE versions, but on the return, you see the Cookie sent from
Firefox, but don't see it sent back from IE  (Please let me know if
sending the tcp streams to you offline would be useful). (I don't see
the cookie in IE - apparently the session cookies in IE are cached in
memory).

So it seems that something in the upgrade post-2.1.5 has some issues
with IE, or I'm missing something in the configuration (I've tried both
source and package installations, Apache and Apache2, getting the same
problem).  

Since it's not an option for me to ask all the admins to use Firefox,
I'd like to know if anyone has a Debian/Mailman 2.1.9 config working
with the IE browser..

Thanks,
Karin 

-----Original Message-----

Cornils, Karin wrote:

>This is on a Debian 4 package installation of Mailman 2.1.9 w. Apache2.
>I have tried all the FAQ suggestions in the FAQs that seem to relate to
>this issue: 
>4.71
>4.45
>4.27
>4.2.9
>4.65
>4.69  
>All  to no avail - details below - does anyone have any other
>suggestions?



It has to be a cookie issue. When you enter a valid password, the
authentication page sets a session cookie with authentication data.
This cookie is for the domain of the authentication page and has a
name which is <listname>+<context>. E.g., for login with the admin
password for mylist, the name of the cookie is mylist+admin. The
cookie data are used to validate the cookie.

Can you see this cookie in your browser after you log in? It is a
session cookie, and I don't think you can see it in MSIE, at least I
don't know how - it's not with the persistent cookies in "Temporary
Internet Files".

Have you tried different browsers, different computers?

The issue pretty much has to be that the cookie isn't getting to the
browser because it is blocked on the way, the browser isn't accepting
it, the browser isn't returning it because it's not for the right
domain, or it is being blocked on the way back to the web server.

Ideally, you could run a packet sniffer on the connection and see if
the cookie is going back and forth. This would at least localize the
problem to the work station or the host.

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,

The information contained in this email message may be privileged, confidential and protected from disclosure. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think that you have received this email message in error, please notify the sender by reply email and delete the message and any attachments.