Login issues - IE8, works in chrome

[trinode]

I'm having real problems with logging in on gargoyle, I had this in both my builds (before you supplied wndr3700 images), and the prebuilt builds now available here.

Basically it looks like it can verify the login, but won't put me in a "logged in" state? cookies or somesuch may be not working.

Video here:

http://www.youtube.com/watch?v=hZMCSBQuDJU

1) You see me type a random password, which gargoyle correctly displays "incorrect password".

2) Then I try and login with the correct password, it just presents the login screen again (but without "invalid password" displayed)

It works fine in google chrome, any ideas would truely be appreciated, I've been scratching my head about this for a very long time...

- Anthony

[trinode]

Heh, it loks like something at my end, I've got a laptop with a similar configuration (except it's x86 not x64) and it works, could you explain how the login / session works with respect to the client? That may help me work this out.

This is the only page I've noticed have problems, and I browse a lot , so I'm a bit confused.

- Anthony

[trinode]

Hmm, more news:-

if i go to http://gargoyle.lan I get directed to http://gargoyle.lan/login.sh as expected

if I then enter the password I end up still on the login page

but after this I can go to http://gargoyle.lan/ and see the overview page.

but if i try and access it via http://gargoyle.lan/overview.sh i end up with the login screen again. This is odd because they both are the same page. (all the other pages direct to login too.)

It sort of seems like the cookie check fails on anything other than that one page.

What could be different here?

- Anthony

[trinode]

Now that only working page isn't working (it's directing to the login page...)

If there are certain key points I can edit the scripts to echo some values to files to see what's going on if that helps?

I need to know what key points / functions / scripts to look at, IE what is done to decide to redirect me to login.sh?

As you can see I'm going insane slowly, I've managed to create a forum thread and have a full blown conversation on it myself

[trinode]

ok I found this call:

Code: Select all

eval $( gargoyle_session_validator -c "$COOKIE_hash" -e "$COOKIE_exp" -a "$HTTP_USER_AGENT" -i "$REMOTE_ADDR" -r "login.sh" -t $(uci get gargoyle.global.session_timeout) -b "$COOKIE_browser_time"  )

Which looks like it could be involved so I made the script below:

Code: Select all

#!/usr/bin/haserl
<?
echo "Content-type: text/plain"
echo ""

echo "Cookie Hash:"
echo "$COOKIE_hash"
echo ""
echo "Cookie Exp:"
echo "$COOKIE_exp"
echo ""

echo "User Agent:"
echo "$HTTP_USER_AGENT"
echo ""
echo "Remote Address:"
echo "$REMOTE_ADDR"
echo ""
echo "Session Timeout:"
echo $(uci get gargoyle.global.session_timeout)
echo ""
echo "Cookie Browser Time"
echo "$COOKIE_browser_time"
echo ""
echo "END"

called it test.sh, made it executable and it serves up:

Code: Select all

Cookie Hash:
583C0C95936E3EBFDB753620306C8D2D1C1F9482C9A3B1C3BE3BCE0625A65ADC

Cookie Exp:
1296382585

User Agent:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)

Remote Address:
192.168.1.2

Session Timeout:
1440

Cookie Browser Time
1296299024

END

Where do I go from here?

[trinode]

More testing, looks like it can't validate it's own sessions if I am correct?

Lets make a session:

Code: Select all

gargoyle_session_validator -p "******REMOVED*******" -a "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.5
0727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E" -i "192.168.1.2"  -t 1440 -b "1296299024"

Which results in:

Code: Select all

echo "Set-Cookie:hash=E50921152CE6D567A8EE8525BE3A1C069FA2AD62E02D65C9CD621C138749621C; expires=Sun, 30 Jan 2011 11:03:44 UTC; path=/"; echo "Set-Cookie:exp=1296387144; expires=Sun, 30 Jan 2011 11:03:44 UTC; path=/";

So we know that works

Next to test was the checking stage where gargoyle_session_validator checks the cookies...

so I replaced gargoyle_session_validator with the following script:

Code: Select all

#!/bin/ash
echo "Positional Parameters" >> /tmp/input.txt
echo '$0 = ' $0 >> /tmp/input.txt
echo '$1 = ' $1 >> /tmp/input.txt
echo '$2 = ' $2 >> /tmp/input.txt
echo '$3 = ' $3 >> /tmp/input.txt
echo '$4 = ' $4 >> /tmp/input.txt
echo '$5 = ' $5 >> /tmp/input.txt
echo '$6 = ' $6 >> /tmp/input.txt
echo '$7 = ' $7 >> /tmp/input.txt
echo '$8 = ' $8 >> /tmp/input.txt
echo '$9 = ' $9 >> /tmp/input.txt
echo '$10 = ' $10 >> /tmp/input.txt
echo '$11 = ' $11 >> /tmp/input.txt
echo '$12 = ' $12 >> /tmp/input.txt
echo '$13 = ' $13 >> /tmp/input.txt
echo '$14 = ' $14 >> /tmp/input.txt

which outputs this when called by a page wanting to validate the session:

Code: Select all

Positional Parameters
$0 =  /usr/bin/gargoyle_session_validator
$1 =  -c
$2 =  583C0C95936E3EBFDB753620306C8D2D1C1F9482C9A3B1C3BE3BCE0625A65ADC
$3 =  -e
$4 =  1296382585
$5 =  -a
$6 =  Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)
$7 =  -i
$8 =  192.168.1.2
$9 =  -r
$10 =  login.sh
$11 =  -t
$12 =  1440
$13 =  -b
$14 =  1296301506

lets see what the validator thinks of this?

Code: Select all

gargoyle_session_validator -c "583C0C95936E3EBFDB753620306C8D2D1C1F9482C9A3B1C3BE3BCE0625A65ADC" -e "1296382585" -a "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" -i "192.168.1.2" -r "login.sh" -t 1440 -b "1296301506"

Hmm, it seems to be invalid?

Code: Select all

echo "HTTP/1.1 301 Moved Permanently" ;echo "Location: login.sh" ;exit

Now i'm really stuck...

[DoesItMatter]

Does it happen if you just goto your Router IP?

I.e. http://192.168.1.1/

or whatever your router ip is?

Might be having trouble resolving?

I've never had an issue using IE 8 with Gargoyle, but I've pretty much
switched to Chrome for all my browsing anyway, so haven't used
it much in the past couple of Gargoyle versions.

But IE8 has never had Gargoyle login issues from my usage/testing.

[trinode]

Yeah, by IP or hostname it's the same,

I'm now suspicious that it's something to do with time conversions and timezones would be worth seeing if embedding the expire time within the cookie value rather than using the cookie's actual expire time if you follow me.

Personally Id have a secret value on the interface (default to a random value on first setup.)

so the cookie would be like this:
<expire date><ip><anything else required><MD5 hash>

The MD5 Hash would be a hash of:
<expire date> + <ip> + <anything else required> + <secret>

Where secret is the value set in the interface, secret should not appear in the cookie.

That way, only the router can generate / validate the value.

This is still secure and will not require any date time conversions or relying on anything other than the cookie value itself, it won't matter if the browser does anything daft with expiring of cookies.

[Eric]

I've tried to reproduce the problem you're having and can't, so I'm not sure what I can do.

The reason you have to have the time from the router in the cookie and not the time from the browser is to make sure that someone who has access to an old cookie can't come back and use it later, after the login session has expired just by adjusting the time on their local system (which shows up in the browser). It makes the session timeout a lot harder to hack.