Product: Confluence
Environment
| Operating System | |
|---|---|
| Affect Version/s | |
| JVM | |
| Database | |
| Application Server | Tomcat 5.5.26, Tomcat 6.x |
Error Message
2008-04-26 11:32:58,212 WARN [TP-Processor15] [atlassian.seraph.auth.DefaultAuthenticator] login User: tried to lo
gin but they do not have USE permission or weren't found. Deleting cookie.
Symptom
After clicking on 'Remember my login', if you close and reopen the browser and navigate to your confluence, you need to log in again (i.e. the 'Remember my login' functionality is not working).
The cookie is set correctly in the browser, so it is not a browser issue.
Diagnostics/Test
Enable seraph logging by uncommenting these lines from confluence/WEB-INF/classes/log4j.properties and restart:
#log4j.logger.com.atlassian.seraph=DEBUG, confluencelog
#log4j.additivity.com.atlassian.seraph=false
Then recreate the problem and search your logs (your standard out log or your atlassian-confluene.log) for something like the following:
2008-05-02 18:09:21,886 DEBUG [TP-Processor1] [atlassian.seraph.util.CookieUtils] setCookie CookieUtils.setCookie seraph.confluence:Yi]i[i[hXh\iTgVfOgUgUmRfPfTfVg[gYf[gSf\gXg
Alternatively if you are seeing the below in your logs
2008-05-19 22:20:53,578 DEBUG [TP-Processor2] [atlassian.seraph.cookie.EncryptedCookieEncoder] decodePasswordCookie Invalid password cookie submitted, trying insecure java.lang.RuntimeException: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher at com.atlassian.seraph.util.EncryptionUtils.decrypt(EncryptionUtils.java:77) at com.atlassian.seraph.cookie.EncryptedCookieEncoder.decodePasswordCookie(EncryptedCookieEncoder.java:43) at com.atlassian.seraph.auth.DefaultAuthenticator.decodeCookie(DefaultAuthenticator.java:393) at com.atlassian.seraph.auth.DefaultAuthenticator.getUserFromCookie(DefaultAuthenticator.java:245)
Then you also have this issue.
Root Cause
If the cookie being set has a ']' character as does "Yi]i[i[hXh\iTgVfOgUgUmRfPfTfVg[gYf[gSf\gXg" in the above example then you could be suffering from an issue that affects tomcat v.5.5.26 .
Tomcat v.5.5.26 chops off the characters after the ']', thus the above cookie would be read as "Yi" and when this is decoded it of course does not decode to the right user values, hence producing the error:
2008-04-26 11:32:58,212 WARN [TP-Processor15] [atlassian.seraph.auth.DefaultAuthenticator] login User: tried to lo gin but they do not have USE permission or weren't found. Deleting cookie.
which doesn't allow the user to login again.
Please see SER-117 for more details or please read Beware of Hash Cookies written by one of developers.
Solution
As stated in SER-117 it is advisable to downgrade to v.5.5.20 instead as this version doesn't have the occurrence of such problem.