local login issue: cycles back to homepage

Hi,

I’m the administrator for a local Galaxy instance for a few users on a dedicated server in my lab [v19.05, Apache proxy, Linux Debian 10]

For some time now, we’ve run into an annoying and mystifying issue :
when anyone (myself included) tries to login, the site cycles back to the welcome page, without taking authentication into account

However, it remains possible to:

  • have a wrong user/password combination rejected
  • reset a user’s password
  • register a new user

Besides, AFAIK, nothing has changed on the server ! (Issue started before recent Debian upgrade from 10.2 to 10.4)

And I cannot find any relevant error in the logs (Galaxy, Apache or PostgreSQL) :exploding_head:

Any suggestion/possible test would be appreciated…

Thanks in advance

PS : Of course, no amount of service restart(s), or even server reboot, helped

Think this is a known thing of version 19.05 after logging try to refresh the page (think this was the solution, can’t remember it so well).

Hi,

Thanks for your suggestion (and sorry about the delay).

Unfortunately, URLs look OK and refreshing does not change anything.

In the meantime, I upgraded our Galaxy instance to release_20.01. Still impossible to login (!)

That’s getting… frustrating

OK, some follow-up…

After somme digging using Firefox developer tools, I noticed that, when redirected to the home page from the login form, there was an additional warning at the head of the web console, about the « galaxysession » cookie… (pointing to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite)

From there, view-source:https://(…)/galaxy/user/login yields
{"err_msg": "No session token set, denying request."}

Since the issue was present on all the recent browser I tried (Firefox, Safari and Edge), on a hunch, I tried with an older one, namely Firefox ESR

And this time I was able to log to Galaxy at last! :partying_face:

So there might be something wrong with session cookie handling in Galaxy…

Should I file a bug report?

OK, final update :

The issue was eventually resolved when I was able to use “proper” SSL certificates for Apache (i.e. instead of self-signed ones), that were supplied by my University’s IT department.

No more login issues, including with the latest browser versions :sunglasses:

Hope this might help someone else…

1 Like