Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Direct eval link doesn't work in Firefox when not logged in

Description

When a user is not logged in, and is using Firefox, the direct link to an evaluation doesn't work. The user instead ends up at /portal, most likely seeing their home workspace. This does not occur when using Chrome, Safari, or cURL.

Scenario:

  • User is using Firefox

  • User is not logged in to Sakai

  • User receives an email notification of an evaluation

  • User clicks the evaluation link in their email

Expected results: User receives evaluation page
Actual results: User sees /portal

Cause: Firefox attempts to reload the evaluation page for unknown reasons. For this reload attempt, it requests /sakai-login-tool/container. ContainerLogin tries to redirect to the originally-requested page, but since that has been removed from the session, it can only send the user to the default page, which is /portal.

In more detail:

1) User requests an evaluation, e.g. https://sakai.school.edu/direct/eval-assigngroup/1234567. This link was emailed to the user in an invitation to take the evaluation.
2) Since the user is not logged in, they are redirected to https://sakai.school.edu/sakai-login-tool/container.
3) They are then redirected to CAS.
4) After entering credentials into CAS, the user is sent to https://sakai.school.org/sakai-login-tool/container?ticket=XXXXXX-cas-ticket
5) Sakai validates the ticket and the user is deemed to be logged in. ContainerLogin gets the original URL that the user wanted, removes it from the session, and directs the user to it.
6) Firefox begins to load up the original URL (https://sakai.school.edu/direct/eval-assigngroup/1234567). Partway through, Firefox decides that it must start over with this page. So it starts reloading https://sakai.school.org/sakai-login-tool/container.
7) Sakai determines that the user is properly logged in and tries to redirect them to the original URL. However, it was removed from the session in step 5. The user is redirected to the default location, /portal.
8) User ends up at /portal.

The two central issues are that 1) Firefox decides to reload the evaluation page, and 2) the originally-requested URL is removed from the session and is no longer available when Firefox loads the page for the second time. I have investigated https://bugzilla.mozilla.org/show_bug.cgi?id=61363 and tried to determine whether it's a character encoding issue, but even with no meta tags and a bare-bones page, Firefox still reloads it.

Workaround: Prevent ContainerLogin from removing the original URL from the session. This works. It makes the session less tidy. I'm not aware of any problems with this workaround at this time.

Environment

Firefox

Activity

Show:

Stephen Marquard July 8, 2014 at 6:12 AM

I couldn't reproduce this with Firefox 30 on Windows 7, running evaluations 10.x branch on Sakai 10.x with both CAS (container) and direct login (with the "login auth choice" page).

Joshua Swink July 7, 2014 at 12:39 PM

The workaround of preventing ContainerLogin from removing the original URL from the session does not work. A user visiting in a fresh browser (no cookies) will, after returning from CAS, end up at /portal/relogin, which shows the Sakai internal-user login form (where they would expect end up at /portal viewing their home workspace).

Details

Assignee

Reporter

Components

Affects versions

Priority

Created July 2, 2014 at 12:22 PM
Updated July 8, 2014 at 6:12 AM