[Owncloud] Authentication error in ajax requests
Christian Reiner
foss at christian-reiner.info
Sun Nov 25 14:18:00 UTC 2012
Hi all,
since about 2 weeks I encounter a funny issue in git master when firing an
ajax request under certain circumstances:
ownClouds WebUI loads fine, but ajax requests fail. Error message:
{"data":{"message":"Authentication error"},"status":"error"}
Aparently this only happens when a session existed before and has expired.
When I use a reload inside the browser then the above issue happens. No
problem after a fresh login, so it is not an implementation problem of that
ajax script.
Secons aspect: when I get this error I would like to re-login (though that is
pretty annoying). So I now click the 'logout' button the page reloads instead
of sending me to the login page. I have to logout _a_ _second_ _time_ to be
able to login again. After that procedure all works fine again, including the
ajax request. That problem started about 2 weeks ago, I cannot remember a
single incident like this before although I tested a lot with sessions and
expiration about 2 month ago when implementing the self-extending CSRF tokens
myself.
Since that CSRF-implementation has been altered (simplyfied) inbetween I dare
to say that most likely the issue has been introduced with those changes... I
suspect that unlike before the CSRF tokens are not refreshed any more in
background and expire. That is a big problem for apps that do not require a
full reload all the time but load only once.
@Lukas: I _think_ you implemented the last changes... Could you give this
issue a short look? Thanks!
--
Christian Reiner (arkascha)
[ foss at christian-reiner.info ]
More information about the Owncloud
mailing list