[pubcookie-users] Couldn't decode pre-session cookie

elena ryazanova elena.ryazanova at tufts.edu
Wed Feb 16 12:44:42 PST 2005 

I have figured it out thanks to Nathan's advice to trace the cookies.  
The problem was in a way how metadata for Tufts identity provider (which 
I used for pubcookie application server), is defined in InQueue:

> >	<OriginSite Name="urn:mace:inqueue:tufts.edu">
> >       <Alias>Tufts University</Alias>
...
> >       <HandleService 
> >       Location="https://shib-identity.usg.tufts.edu/shibboleth/HS" 
> >       Name="olivine.usg.tufts.edu"/>
> >       <AttributeAuthority 
> >       Location="https://olivine.usg.tufts.edu/shibboleth/AA" 
> >       Name="olivine.usg.tufts.edu"/>
> >       <Domain regexp="false">tufts.edu</Domain>
> >   </OriginSite>

I requested to replace shib-identity.usg.tufts.edu with its hostname 
(olivine.usg.tufts.edu) in HandleService Location and this fixed the 
"Couldn't decode pre-session cookie" problem.
Thank you,
Elena



Nathan Dors wrote:

>
>> I have pubcookie-3.2.0 installed on both login and application server 
>> (Solaris 8, gcc-2.95.3 on both, no favicon.icons).
>
>
> We exempted the server favicon.ico file in mod_pubcookie 3.2.0, so 
> even if the whole server is protected it shouldn't affect logins. That 
> said, you might throw something like this in your httpd.conf, just to 
> rule out this item.
>
> <Location "/favicon.ico">
>      Satisfy any
>      order deny,allow
>      allow from all
> </Location>
>
>> I am getting an Error message: "Couldn't decode pre-session cookie" 
>> after weblogin  authentication (tried on IE6.0. Mozilla 1.7.3, 
>> Netscape/7.02).
>> Hitting refresh does transfer to the requested page all right.  Any 
>> ideas?
>
>
> OK, that's strange. I don't have any strong intuitions about what 
> might be wrong, so here are some probing questions:
>
> 1) Are you entering the fully qualified domin name when you open the 
> initial URL? e.g. https://test.tufts.edu/ rather than the shortened 
> https://test/
>
> 2) Can you determine (perhaps by turning on cookie acceptance warnings 
> in your browser) whether hitting refresh first sends the browser back 
> to the login server before responding with the requested page?
>
> 3) The error_log may contain additional messages, particularly if you 
> bump up Apache's logging to debug mode.
>
> 4) Is gcc 2.95.3 anything like 2.96, reputation wise? There's a whole 
> history of pre-session cookie problems relating to mod_pubcookie built 
> from gcc 2.96 (on linux, mostly, as I recall).
>
> -Nathan
>
>
> _______________________________________________
> pubcookie-users mailing list
> pubcookie-users at u.washington.edu
> http://mailman1.u.washington.edu/mailman/listinfo/pubcookie-users

More information about the pubcookie-users mailing list