Focal Point
Problems caused by DS and WF sharing authentication cookie

This topic can be found at:
https://forums.informationbuilders.com/eve/forums/a/tpc/f/7971057331/m/5831053482

May 16, 2008, 06:28 AM
hammo1j
Problems caused by DS and WF sharing authentication cookie
Hi

wf has an in memory authentication cookie that I assume is machine specific (not browser window specific). To kill the cookie you have to exit all copies of IE including windows explorer.

The problem occurs when:

1. You wish to log in with a URL that includes a userid and password. It thinks you are already logged in through ds and ignores the userid info.

2. You log in as someone else in say the BID and then return to DS and you will have lost permissions and get the 32033.

Can we have a separate COOKIE for DS please?

John


Server: WF 7.6.2 ( BID/Rcaster) Platform: W2003Server/IIS6/Tomcat/SQL Server repository Adapters: SQL Server 2000/Oracle 9.2
Desktop: Dev Studio 765/XP/Office 2003 Applications: IFS/Jobscope/Maximo
May 16, 2008, 06:49 AM
Tony A
John,

I also get this using 7.1.6 of DS albeit not too often, however, I would guess that the type of question you pose should really be raised as an Info Response case or an NFR.

I would be more inclined to ask, if any of the PM team are watching, could they confirm how authentication on DS and BID is held and where? Also how this particular problem is occuring? Although the latter question should really also be an Info Response call Wink

But, as it doesn't really bother me that much, I live with it and just right click on the server in DS explorer and then choose logoff from the context menu. When I reopen the folder lists it re-authenticates as I have my userid and PW stored in the configuration. The only thing that does annoy me, whilst utilising logoff, is the apparent ignoring of the settings in options, such as "Use new browser to execute". I know that I could just close DS and reopen without the loss of option settings but it's down to personal choice that I do what I do.

T


In FOCUS
since 1986		WebFOCUS Server 8.2.01M, thru 8.2.07 on Windows Svr 2008 R2  
WebFOCUS App Studio 8.2.06 standalone on Windows 10 
May 16, 2008, 09:34 AM
GinnyJakes
I agree that it would be great to have this fixed. In a post earlier this week, I describe at length a security scheme we use here and I won't repeat it. When we implemented this scheme two years ago, I noticed that if I was in Dev Studio logged onto the secure node, then went to a browser and logged into a secure app where the IBIC variables were swapped with an application id, when I got back to DS, I was the app id and not me. I would find out when I tried to save something. The logoff scenario that Tony describes doesn't always work.

Any I did open a case on this and basically was told that there wasn't anything that could be done about it. Maybe it is time to revisit that with an NFR.

Go for it, John.


Ginny
---------------------------------
Prod: WF 7.7.01 Dev: WF 7.6.9-11
Admin, MRE,self-service; adapters: Teradata, DB2, Oracle, SQL Server, Essbase, ESRI, FlexEnable, Google