Hi James,
One thing that it might be worth checking is whether there are any unexpected http -> https redirections happening.
The best way to observe these is in the browser developer console – as they are often too quick to see. Look in the ‘Network’ tab when navigating between logged-in and need-to-login pages.

 

I have also observed the issue that David describes. The cases I’ve seen have been often the result of a user being on a mobile broadband connection, and being between radio masts of equal quality. If their connection switches between masts, it normally results in a new IP address – and they then have to log in again.

 

Cheers,

John

 

From: eprints-tech-request@ecs.soton.ac.uk <eprints-tech-request@ecs.soton.ac.uk> On Behalf Of David R Newman
Sent: Wednesday, July 3, 2024 5:30 PM
To: eprints-tech@ecs.soton.ac.uk; James Kerwin <jkerwin2101@gmail.com>
Subject: Re: [EP-tech] Login when opening a new tab

 

CAUTION: External Message. Use caution opening links and attachments.

Hi James,

That is odd.  I think LDAP may be a red herring.  I suspect that there IP may be changing and this will require them to login again.  It is worth checking the loginticket table for the userid of a user with this issue.  If you see lots of loginticket records for them, especially if ordering by time the IP keeps flipping between two or more IP addresses, then that will be your issue.  If that is the case you will need to set the following configuration option:

$c->{ignore_login_ip} = 1;

Where I have used this recently I have put this under the archive's cfg/cfg.d/ directory and called the file zz_ignore_login_ip.pl to ensure it is not overridden.

The reason for caring about the IP address saying the same is historical back in the day when some repositories did not use HTTPS and therefore the best way to make sure someone had not stolen a user session was to ensure the IP address had not changed.  In the next release (3.4.6) or EPrints things have been changed to not enforce the IP address saying the same to maintain a session, as long as HTTPS is enabled:

https://github.com/eprints/eprints3.4/issues/339

Regards

David Newman

 

On 03/07/2024 15:05, James Kerwin wrote:

CAUTION: This e-mail originated outside the University of Southampton.

CAUTION: This e-mail originated outside the University of Southampton.

Hi everyone,

 

Another question. We're on EPrints 3.4.4 and use LDAP login. Team members pointed out today that whenever they follow a link to a login-only page they need to log in to the repository again in order to view it even if they have only just logged in. If they paste the link in their address bar it typically works.

 

My testing so far suggests any login-only link from the browser requires another login. If I follow it from an Excel/notepad file it lets me view the page.

 

Can anybody nudge me in the right direction for how to start to solve this?

 

Example of a login-only page that I attempt to view:

 

https://livrepository.liverpool.ac.uk/cgi/users/home?screen=EPrint%3A%3AView&eprintid=3180090

 

The page it takes me to:

 

https://livrepository.liverpool.ac.uk/cgi/users/login?target=https%3A%2F%2Flivrepository.liverpool.ac.uk%2Fcgi%2Fusers%2Fhome%3Fscreen%3DEPrint%253A%253AView%26eprintid%3D3180090

 

I have investigated the user-login.pl script that comes with this version of EPrints, but it's very different to the LDAP scrip that I have in a file of the same name.

 

Thanks,

James

*** Options: https://wiki.eprints.org/w/Eprints-tech_Mailing_List

*** Archive: https://www.eprints.org/tech.php/

*** EPrints community wiki: https://wiki.eprints.org/