[thelist] Drupal/Firefox Access issue
Simon MacDonald
simonmacdonald at uk2.net
Thu Aug 21 03:05:17 CDT 2008
JJ,
It's an http:// request - the access denied is coming from Drupal. Drupal is
creating a session for the login. I found a 'fix' on the drupal forum which
involved clearing all private data, (cookies, cache, etc). When I did this
Drupal allowed the login and presented the correct page. This problem seems
to be mainly FF related though other users report it on IE and it goes back
through various versions of Drupal and browsers. There doesn't seem to be
any explanation of the cause of the issue, or a satisfactory resolution.
So I'm a little confused if this is a Drupal or browser problem - I tend to
opt for a Drupal issue as I haven't seen this kind of problem anywhere else.
Which makes me not want to use Drupal, if users are going to hit this
problem.
However, thanks for the explanation of the FF https issue - I wasn't aware
of this.
Regards
Simon
Simon MacDonald
www.lemonslicedesign.com
-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Jeffrey Joslin
Sent: 20 August 2008 21:23
To: thelist at lists.evolt.org
Subject: Re: [thelist] Drupal/Firefox Access issue
Simon MacDonald wrote:
...
> I've just put up a test install of Drupal v6.3 (installed using Fantastico
> on my ISP web space). Access is fine using IE and Safari, but with Firefox
> 3, I login as admin and get access denied.
It just occurred to me that this sounds an awful lot like it may be
related to the controversial issue of how Firefox 3.0 now handles
self-signed certificates.
So, are you attempting to log in via a secure (https:// ) link, via your
own self-signed certificate (instead of a paid, cert-authority chained
certificate)?
If you have been attempting to connect via a secure (https:// )
connection, have you tried connecting directly to the site in the usual
http://site.com format?
Background: The new Firefox 3 immediately and automatically rejects
attempts to connect to servers with self-signed certificates and
immediately dumps the user to a scary looking "access denied" security
warning screen similar to what you mention. The other major browsers
(such as IE and Safari), on the other hand, simply ask the user if
they'd like to accept the self-signed certificate being offered to
complete the connection, easy as clicking an "ok" button when prompted.
This has caused a major controversy out there with many calling this
default rejection by Firefox 3 a browser-based violation of net
neutrality concepts, forcing hosts to pay for expensive chained
certificates just to avoid outright rejection and scary security
messages displayed to users.
It is possible for the user to go back and manually add a security
exception for each self-signed certificate one encounters in Firefox 3
once reaching the site has failed and one had arrived at the security
warning / access failure screen.
But first of all the user has to understand that is an option (and that
it's their browser that is failing, not the server/host in question...).
From there it is a user-initiated series of two or three steps to
manually load the certificate in question and add it in as an exception,
each step of which provides potential points of intimidation and/or user
drop-off.
So back to the question above...is this happening to you via https://
connections, or via *all* connections attempted, even as just plain
http://... ?
Curious.
jj
--
* * Please support the community that supports you. * *
http://evolt.org/help_support_evolt/
For unsubscribe and other options, including the Tip Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !
More information about the thelist
mailing list