Persona is no longer an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 298227 - lack of cache control headers in Bugzilla - attachments cant be created and login requested multiple times for users behind a caching proxy
: lack of cache control headers in Bugzilla - attachments cant be created and l...
Status: RESOLVED DUPLICATE of bug 167808
Product: Bugzilla
Classification: Server Software
Component: Attachments & Requests (show other bugs)
: unspecified
: x86 Linux
: -- major (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
: default-qa
Depends on:
  Show dependency treegraph
Reported: 2005-06-20 04:10 PDT by Aleksander Adamowski
Modified: 2007-10-02 13:06 PDT (History)
0 users
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Description Aleksander Adamowski 2005-06-20 04:10:46 PDT
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.7.8-1.3.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.7.8-1.3.1

This problem is tested in all known to me installations of Bugzilla; Mozilla's
own, 2.18 (I cannot test with
bugzilla-tip as it has more severe problems), KDE's, Mandriva Linux, Gnome
Bugzilla and many others:

I'm connecting to Bugzilla through a caching Squid proxy, which is configured to
also cache pages whose URL contains a question mark (relying on proper cache
control headers from the HTTP server).

Bugzilla doesn't generate any cache control headers (see for an excellent tutorial on web caching for web
application authors), so many .cgi pages get cached by the proxy and cause
various problems:
1) the login page is presented to the user multiple times during his session
with Bugzilla

2) there's a problem with Bugzilla attachments handling CGI script - when I
click "Create an attachment" and supply the file, content type and all required
info, then click "Submit", I have to login again (that's acceptable), and after
providing my username and password, I get an error "You didn't specify a file to
attach" (if I recall correctly). Tested with many bugzillas, even with  2.18 branch.

When I switch Mozilla proxy settings to direct Internet connection, ewerything
works fine.

For more discussion on those bugs, see the Mandrake/Mandriva bugzilla where the
problem has been originally discovered:

Reproducible: Always

Steps to Reproduce:
1. Install a Squid proxy and configure it to also cache URLs that contain a
question mark, e.g.: 
acl QUERY urlpath_regex cgi-bin
no_cache deny QUERY

instead of:

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

2. Configure your browser to use that proxy
3. Try working with Bugzilla, creating new bugs, attaching files etc.

Actual Results:  
When working with bugzilla, login is requested multiple times from the user, and
files cannot be attached.

After supplying a file, a login page is the next one presented, and the next is
a "You didn't specify a file to
attach" error. Because of the 2nd request - the login page - the attachment gets
"lost" between 1st (file attachment form) and 3rd request (error page).

Expected Results:  
User should be asked for login once, and it should be possible to attach files
to bugs.
Comment 1 Aleksander Adamowski 2005-06-20 04:12:11 PDT
BTW, I've just checked - the problem also exists with standard Squid
configuration (with forbidden caching of URLs containing '?'). So skip the
remark about configuring Squid to cache those.
Comment 2 Marc Schumann [:Wurblzap] 2005-06-20 04:21:27 PDT
Is this a duplicate of bug 167808?
Comment 3 Aleksander Adamowski 2005-06-20 04:37:54 PDT
Maybe. I'm not entirely sure that enabling cache control headers would solve the
problem - I only suspect that link between those problems. I'll mark this bug as
dependent on bug 167808.
Comment 4 Dave Miller [:justdave] ( 2007-10-02 13:06:29 PDT
I'm fairly positive that adding cache-control headers would fix this.

*** This bug has been marked as a duplicate of bug 167808 ***

Note You need to log in before you can comment on or make changes to this bug.