Red Hat Bugzilla – Bug 226866
Forced to log in twice when there is no prior session for the client
Last modified: 2007-04-18 13:59:09 EDT
Description of problem:
"The first time I try to login to RHN using the corporate account it always
fails without comment quickly returning me to the login screen. This happens
from multiple networks and with both seamonkey and firefox. The second time I
login always works fine and subsequent relogins during the day also work fine."
"This behavior also began with the last RHN update [mo note: this text is from
20-Nov] but I didn't report it right away thinking I may have mistyped my
credentials. I've done it often enough with enough care now that I'm sure
something other than me is causing the problem."
Version-Release number of selected component (if applicable):
4.15 was released 7 Nov 2006
4.16 was released 28 Nov 2006
It seems this issue started with the 4.15 release, but is still present in 4.16.
Immediately after login when a user is sent to YourRhn.do, there are a number of
queries that run. Some of these queries may not scale well for customers such as
Iowa State due to the volume of systems that they have. With all of the queries
that I have seen, we do not not limit or page the result set before it is sent
back from the database. I suspect this to be the case as well for the queries on
YourRhn.do. There needs to be some further analysis to determine which if any of
these queries is in fact creating a bottleneck.
I'm not sure if this work will make it into the 5.0 release. I will find out and
update the bug report.
After some discussion and clarification, I found that the issue he is not
performance related as described in comment #1. I was informed from the customer
that the problems only seems to manifest itself during the first login attempt
of the day. Customer agreed not to log in this morning so that I could make the
first login attempt to try and reproduce the bug. I logged in at 7:15 am without
any problems. Need to further investigate potential client-side issues.
Testing again this morning after your login worked, mine failed again. Here is
more bad news about this. The URL I try to login at is
After the failed attempt I see the following URL in my browser
where the XXXXXXXXXX is my password and the YYYYYYYYYY is my account name. I can
confirm from this that I am indeed correctly typing my password but I would
prefer it not be exposed in plaintext in the URL in my browser.
I have been able to consistently reproduce the reported behavior with the
1) Go to https://rhn.redhat.com
2) Clear your browser cookies
3) Enter your username/password and submit the login form
This bring me immediately back to the login page and URL in the address looks like,
where <username> and <password> are the username and password I entered into the
login form. I have reproduced this in webdev as well as in prod with multiple
Note that the steps described deviate slightly from those taken by the customer
to produce the bug. The customer's browser preferences are set to only retain
cookies for the duration of the current browser session. And the behavior
encountered by the customer occurs during first login of the day, after closing
out his browser the night before.
Created attachment 148548 [details]
Failed login headers beginning with POST
I don't know if this one is helpful but I'm hoping. It did not occur in the
normal way this happens to me exactly, but does begin with the POST (which I
think was desired?).
this is related to sso bug 229385.
as a quick update, a fix for this bug is currently aligned to the rhn 5.01
release; the fix for related bug 229385 is currently aligned to the wsd 231
release (~time of rhel 5's release).