Non-hosts get signed out

Coordinator
Apr 14, 2009 at 1:02 PM
Hi Dave,

I've got the cart running on three test portals all on the same DNN 4.9.2 instance. All three are set up roughly the same. I'm mainly just messing with templates to try out different situations.

One of the portals behaves differently from the others and I can't figure out what the problem is... (although something comes to mind as I write this). In the portal that is misbehaving, the Manager and also the Admin users get signed out when visiting the cart page. When I'm in as host there is no problem. The other two test portals work fine. What could possibly cause a non-host user to be signed out simply upon visiting the cart page?

I'm now wondering if it could be due to the fact that the faulty portal doesn't have a domain pointed to it. It was set up as a child portal. Could that be causing this?

Thanks for any advice on this,
Rob
Coordinator
Apr 14, 2009 at 1:08 PM
Yep, that's exactly what the problem is. When I add a full domain alias to the portal, the problem no longer occurs.

So, something is going funny when the site is running as a child portal - meaning when the alias reads www.domain.com/child
Coordinator
Apr 14, 2009 at 1:26 PM
Hi Rob,

I can't think of any reason of the top of my head why this should cause a problem?  I'll create a local child to test it and see if I can find an answer and get back to you.

Thanks,
Dave.
Coordinator
Apr 14, 2009 at 1:55 PM
I've just created a child portal on my localhost and I can't re-create the problem.  It sounds like it could be a problem with security settings, but I can't think of any reason why admin should be signed off?

Could you give me any more information on your setup so I can try and recreate it?

Thanks,
Dave
Coordinator
Apr 16, 2009 at 9:45 AM
Edited Apr 16, 2009 at 9:58 AM
Hi Dave,

Thanks for checking. I've spent the day troubleshoooting this by trial and error (because that's all I'm capable of) and have boiled it down to something related to makethumbnail.ashx

The signout happens when:
  • The user is not a Host/Superuser
  • The portal is a child portal
  • There are thumbnailed images on the page (i.e. products)
     
  • If I use Internet Explorer and sign in as a non-host, and access the products page, then the thumbnails will display as red X's. If I then right click a thumb and select "Show image" the thumbnail loads up. When I move away from the page I will find that I am in fact already signed out.
  • If I use Firefox and do the same thing, the thumbnails display correctly straight off, but I am also signed out as soon as I move away from the page.
  • If I delete the images from the products, then I am still signed out, presumably because the makethumbnail is still present.
  • If I archive all products so that none are displayed, then I am not signed out.

The point of detailing those two situations is that I think IE is giving a clue as to where the problem lies.

Now here's the funny thing. This exact same issue also happens with another module - Wild Portfolio. It also has a thumbnail generator and it also exhibits the exact same issue. I had the developer looking at it back in mid-2008, but after a couple of emails I never heard back again. The workaround for me in that case has also been to use a full domain instead of a chilld portal.

It's as if something in the thumbnail generator has a problem with the paths, or something else that is different between host, non-host users and anonymous users.

When the problem was confined to the Portfolio module, I wondered if it was a server configuration issue, but I have since migrated from IIS6/Server2003 to IIS7/Server2008 and it behaves the same. Now the NB Store also does it as well.

Does any of this ring any bells with you?
Rob

(I've updated some bullet points in this post)

Coordinator
Apr 16, 2009 at 9:57 AM
Hi Rob,

The first thing that jumps to mind is that the permissions on the productimage folder or actuall image are incorrect.  Can you check the folder and image permissions from the DNN file manager? Firstly do a syncrization of the folders, then make sure the permissions on the productimages folder and images are set to view for everybody.

Let me know if this works, if not I'll try and think of something else.

Regards,
Dave.
Coordinator
Apr 16, 2009 at 10:12 AM
Hi Dave,

Yep, the permissions are view and write for all. This is a different portal from the one I was working on when I wrote up my last feedback and commented on permissions. The DNN folder permissions seems to have no bearing on the ablity of modules to write to them and the public to view their contents. They seem to only affect whether an authenticated user can view and/or write to them. However in this case, it is all at defaults.

I've created a duplicate of the portal and am messing with that right now to see what else I can find out about it.
Coordinator
Apr 16, 2009 at 11:18 AM
Could you export the product's and images in you test portal and send it to me at dcl@nevoweb.com, so I can try and re-create it with your data?
Coordinator
Apr 16, 2009 at 11:19 AM

I've been getting this error as well.. it's happening when I click to add more images. I've set up a fresh child portal and a fresh cart and it does this still. This is the error:

Server Error in '/' Application.
--------------------------------------------------------------------------------
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.

Requested URL: /store/Home/tabid/1383/ctl/AdminProduct/mid/3928/ProdId/18/SkinSrc/ /vtyp/2/DSEditLocale/en-US/RtnTab/1383/PageIndex/1/CatID/-1/Default.aspx


The path looks wrong to me, and it has language bits in it that the portal does not have, unless it always puts en-US in there - the portal has all languages except en-US disabled.

I'm unsure if this is even related to the above, but it seems to be getting in the way now. I've also reinstalled the module just in case, but the same thing happens.

Here's the full error from the event viewer:
PortalID: -1
PortalName:
UserID: -1
UserName:
ActiveTabID: -1
ActiveTabName:
RawURL: /Home/tabid/1383/ctl/AdminProduct/mid/3928/ProdId/18/SkinSrc/ /vtyp/2/DSEditLocale/en-US/RtnTab/1383/PageIndex/1/CatID/-1/Default.aspx
AbsoluteURL: /Home/tabid/1383/ctl/AdminProduct/mid/3928/ProdId/18/SkinSrc/%20/vtyp/2/DSEditLocale/en-US/RtnTab/1383/PageIndex/1/CatID/-1/Default.aspx
AbsoluteURLReferrer:
UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; FDM; .NET CLR 3.5.21022; OfficeLiveConnector.1.3; OfficeLivePatch.1.3; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
DefaultDataProvider: DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider
ExceptionGUID: 0e1ee735-2d71-414f-b80c-790425f1d490
InnerException: Unhandled Error:
FileName:
FileLineNumber: 0
FileColumnNumber: 0
Method: System.Web.CachedPathData.GetConfigPathData
StackTrace:
Message: System.Exception: Unhandled Error: ---> System.Web.HttpException at System.Web.CachedPathData.GetConfigPathData(String configPath) at System.Web.CachedPathData.GetConfigPathData(String configPath) at System.Web.CachedPathData.GetConfigPathData(String configPath) at System.Web.CachedPathData.GetConfigPathData(String configPath) at System.Web.CachedPathData.GetConfigPathData(String configPath) at System.Web.CachedPathData.GetConfigPathData(String configPath) at System.Web.CachedPathData.GetConfigPathData(String configPath) at System.Web.CachedPathData.GetConfigPathData(String configPath) at System.Web.CachedPathData.GetConfigPathData(String configPath) at System.Web.CachedPathData.GetConfigPathData(String configPath) at System.Web.CachedPathData.GetConfigPathData(String configPath) at System.Web.CachedPathData.GetVirtualPathData(VirtualPath virtualPath, Boolean permitPathsOutsideApp) at System.Web.HttpContext.GetFilePathData() at System.Web.HttpContext.GetConfigurationPathData() at System.Web.Configuration.RuntimeConfig.GetConfig(HttpContext context) at System.Web.HttpContext.get_ImpersonationToken() at System.Web.ClientImpersonationContext.Start(HttpContext context, Boolean throwOnError) at System.Web.HttpApplication.ThreadContext.SetImpersonationContext() at System.Web.HttpApplication.ThreadContext.Enter(Boolean setImpersonationContext) at System.Web.HttpApplication.OnThreadEnterPrivate(Boolean setImpersonationContext) at System.Web.HttpApplication.ApplicationStepManager.ResumeSteps(Exception error) --- End of inner exception stack trace ---
Source:

Coordinator
Apr 16, 2009 at 11:44 AM
Hi Rob,

What versiojn of NB_Store are you using I'm guessing 01.01.05 Beta1b, I think I've fix this error in Beta1c version, try downloading that.  (I don't think this error is linked to your other problem with the image not appearing and users being logged off.

Regards,
Dave.
Coordinator
Apr 16, 2009 at 11:47 AM
I've discovered that the above problem is due to the dreaded languages again.

When I first installed the module I added two languages (en-NZ and en-AU) to my system thinking that I had to do so in order for Paypal to operate correctly in NZD. I'm still unsure if I need to have them or not, but I've had sufficient trouble with the additonal languages that I've been trying to remove them ever since and return to just en-US.

The error above doesn't happen if I set up a new portal and leave the multiple languages in place. However, if I disable the two extra languages, it appears to  mess up the module.

I'll do some more testing tomorrow to see if I can also pin the logout issue on this.

I've also posted in the DNN forums looking for advice on how to get rid of the extra languages. It seems inpossible to do so in the host, languages dialogue.

Rob
Coordinator
Apr 16, 2009 at 11:50 AM
Yes I'm using NB_Store_01.01.05_Install_Beta1

I'll get the new one and try it in the morning and report back.. getting late here now :)

thanks heaps
Rob
Coordinator
Apr 16, 2009 at 11:58 AM
Just a quick follow-up... I quickly installed NB_Store_01.01.05_Install_Beta1c and checked the portal that was throwing the error above and now it works.. so that's one problem solved :))

I'll check the sign-out issue in the morning
'night!
Coordinator
Apr 20, 2009 at 7:41 AM
Hi Rob,

I've just tried again to recreate your problem with non-host logging off.  I've tried different combinations of caching, langauges and users on a child portal and still can't re-create it?  Would it be possible to zip up you DNN directory, backup you database and send it to me?  I can then re-create you installation on my test machine and hopfully find out what's causing the problem.

Thanks,
Dave.
Coordinator
Apr 20, 2009 at 7:49 AM
Hi Dave,

Sorry for the delay and thianks for looking into this... I got sidetracked with work and other bits.

I made a duplicate portal system and tried to find the problem withuout any result. I've pulled that to pieces now but I'll make another one and get that sorted for testing.
Give me a short while.
Rob
Coordinator
Apr 20, 2009 at 2:16 PM
boy what a looong evening that was!

Because I don't' want you to waste time on red herrings, I needed to remove anything from the system that wasn't relevant to the problem, or that might have contributed to it.

I duplicated my 500Mb portal system, deleted around 220 modules, cleared everything they left behind from the bin, the file system and the database... there were hundreds of rows and procedures left behind by quite a few modules. I also removed some 40-odd portals. Then I removed the very large number of modifications that I have made to the system over 3.5 years. I basically reverted the system back to a close as possible to a basic DNN 4.9.3 system with two portals and only the NB_Store module plus a few core modules. I also removed all http modules and handlers and restored the FCK editor back to scratch because mine is again heavily modified and it needed to be removed from the equation.

All the way through doing this I tested to see if the issue was resolved by removing anything, but there has been no change in the behavior. I was half expecting that some rogue dll or a modification I had made was causing the issue, but it doesn't appear to be the case.

I've sent you a note through the site here to get an email address and then I'll send you the site and db zipped up. I'll also give you sign-ins for the system as it is running live right now. 

It's running on my own dedicated 64bit IIS7 Server2008/SQL2008 server with the app pool in classic mode. The portal system has been upgraded nearly every release since 4.3.5 and just to show how fussy I am, I've got 3 years of written docs recording every change, fix, patch and update ever carried out on it.

And as mentioned, one other module was showing similar behavior, and it too seemed to be related to the on-the-fly thumbnailer.

And I don't know if this relates, but I saw someone else mention a problem with an imagehandler.ashx in this thread:
http://www.ventrian.com/Support/ProductForums/tabid/118/forumid/16/tpage/1/view/topic/postid/42572/Default.aspx#42742
So I followed it up and he found it was caused by a bug in the urlrewrite module.. he links to the gemini report in the thread.
Just putting that in here in case it matters.

Regards,
Rob
Coordinator
Apr 22, 2009 at 10:24 AM
I've just realised you gave me an email address in a post further up. I'll send you an email now.
Rob
Coordinator
Apr 22, 2009 at 11:52 AM
Ok, that email bounced back because of the 11Mb attachment. I'll email a link instead.
Coordinator
Apr 22, 2009 at 12:11 PM
Hi Rob,

I've also sent you a link to www.nevowebmail.com, (just sent it again!) You'll get an email with a link on it, if you click the link you'll be able to upload unto 2GB to my account.

Let me know if you get it OK, it might be sitting in your spam folder?

Regards
Dave
Coordinator
Apr 22, 2009 at 12:14 PM
I've got the link you created on the 3rd email, I've used that.  I'll have a go at installing it later today.

Coordinator
Apr 22, 2009 at 12:58 PM
Hi Dave, thanks for all of that. You're correct! I've just checked my webmail and found two items including the alpha in the junk bin. I've put the domain on the bypass list now.
I'll check it all out and get back to you.
Rob
Jun 16, 2009 at 12:08 AM

I am having the same problem with non-hosts being logged out of a sub-portal.  Has anyone found the problem? (NB_Store_01.01.05)

Coordinator
Jun 16, 2009 at 12:29 AM

No, Dave spent a long time trying to figure this one out and I feel bad about that! But no, there hasn't been a solution.

However, I'm very interested to see someone else having the same problem. Click my username and drop me a note with your email so we can do some system comparisons on email.

Rob

Coordinator
Jun 16, 2009 at 8:01 AM

I traced this back to an issue where the  DNN security was trying to get the portalID from the TabID in the URL.  In the case of the tumbnail there is not tabID in the URL, therefore it defaulted to portal '0'.  The users in subportals then don't have rights to access this portal and therefore are logged off.  What I haven't had time to find out is why this happens on somepeoples DNN instances (You and Rob) but not mine.  However on version 1.1.7 alpha I've included the tabid in the tumbnail URL, I think this is going to solve the problem, but I have not tested it yet. 

Rob, You've got a version of 1.1.7 Alpha, could you confirm if this solve the problem or not?

Thanks,

Dave.

Coordinator
Jun 16, 2009 at 9:06 AM

Ah excellent.. I'll test it right this minute... Yes! great work :D

hmm I notice however that it still does that thing in IE where opening the lightbox from a thumbnail when the page is scrolled down causes the lightbox to display up in the scrolled-away area of the page. It's as if the overlay area is attached to the top left corner of the body rather than the window. I'll send you a link on msn.

Rob

Jun 16, 2009 at 3:19 PM

Thank you both for your quick responses.  Is there a change I can make to the source of NB_Store_01.01.05? Or should I wait for 1.1.7?

Coordinator
Jun 16, 2009 at 3:35 PM

In the "ProductTemplate.vb"  you need to change every time the thumbnail is called.  All you've got to do is add the tabid on the end

e.g.

before

            strData = Replace(strData, "[Product:ImageThumb]", _ModulePath & "makethumbnail.ashx?Image=" & ImageID.ToString & "&w=" & _ThumbSize)

after

            strData = Replace(strData, "[Product:ImageThumb]", _ModulePath & "makethumbnail.ashx?Image=" & ImageID.ToString & "&w=" & _ThumbSize & "&tabid=" & _TabID)

 

Remember search for all instances of makethumbnail.ashx and change all of them in this file.

 

Jun 16, 2009 at 7:38 PM

leedavi,

Thank you for the information.  I understand know how to make the changes to the ProductTemplate.vb, but I am having trouble setting up the source project.  Which version of DNN should I be using? Your assitance is greatly appreciated.

Coordinator
Jun 17, 2009 at 3:33 AM

Hi,

I usually setup a direct ref to the 4.9.0 dotnetnuke, in order to make sure that NB_Store is backward compatible to all my live sites.  But you should be able to set a link to any DNN4 version. (not sure about DNN5, but Oliver Hine is working with DNN5 OK)

The refs in the source are setup based on my config, so you may have to remove some of them and do a direct link yourself.  Also the SIPS providers needs a special api which I can't distribute, simply remove this from the solution, because you don't need it.

Regards,

Dave.

Jun 19, 2009 at 6:44 PM
Edited Jun 19, 2009 at 6:44 PM

Dave.

 Thank you for your help! I was able to make the changes you suggested and now it works just fine.

Wayne