Versions Compared

Old Version 11

changes.mady.by.user Vinayak Pawar

Saved on

compared with

New Version 12

changes.mady.by.user Krishna Waidande

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In v4.2.x, as part of security tightening, some fixes were done in the area of cookie handling. Unfortunately, these security fixes have the potential to break existing proxy rules/settings. If this is the case, then users will notice there will be no app cookies stored in the browser.

To resolve this issue please follow below steps

Way 1: When Apache is used as a proxy server.

Step 1: Update the front end server (Apache) proxy setting as below. The example given below is for Apache web server. 

...

Ex: https://test.openspecimen.org/ => httpshttps://test.openspecimen.org/openspecimen-test

Way 2: When Tomcat is used as a front end server and Tomcat settings don't allow sending cookies to the server.

OpenSpecimen UI uses browser's file download functionality to download the files. The browser has no idea of our auth tokens. Therefore we need to make some way for the browser to send the auth tokens to the server. This is done by using cookies. If Tomcat settings don't allow sending cookies then file download won't work out of the box. It will popup authentication modal every time you download the file.

Step 1: Secure="True" does not allow the browser to store cookies. Change the Secure attribute value from "True" to "False".

Code Block
languagexml
<Connector port="8081" 
  protocol="HTTP/1.1"               
  connectionTimeout="20000"                
  Secure="True"                
  redirectPort="8443" />

Step 2: Restart the Tomcat.

Note: Make sure Application URL = Access URL.