2.x Auth and/or SSL mystery. Any suggestions?

Need Help
1

Hi there:

You’ll likely need to request additional information from me, but here goes:

I’ve finished migrating an app from CakePHP 1.2.12 to 2.10.11.
Everything tests fine when accessing the app via the server’s IP address, but I’m encountering an issue when accessing the app via the server’s domain name.

I was using a remote server with IP whitelisting to test, and navigating there via the server’s IP address (over SSL and the browser, of course, warned me that the certificate wasn’t valid).
As soon as I associated the IP address with a domain name (SSL certificate now valid), a function that was working before, started behaving differently.

Here’s the app functionality that is causing issues:
Essentially, after logging in, a user has to choose an account they belong to.
When routing via domain name, however, instead of redirecting to / and giving them access to the account, it simply redirects them to the controller action where they are meant to choose an account.

Debugging is enabled regardless of whether I navigate via IP or via domain name.

Are there any obvious high-level issues with my overall approach that jump out at anyone?
Is there a good way to log a complete trace of what cake is doing in the background?

I admit, some of CakePHPs inner workings are black magic to me (I suppose that’s why we use frameworks right?)…

I’ve tried logging the request object, and all I can tell from that is that there must be something else going on in the inner workings of cake as the request object is in sync with where I end up. (I.e. it’s going where it says it’s going, but my redirect function isn’t telling it to go there).

Additional info that may or may not be useful:
I was using php7.2, but I’m encountering the same issues with php5.5.9
I’ve cleared the contents of app/tmp a few times (before I enabled debugging in both circumstances).
There were a few bits of code that handled things differently, depending on server url, (e.g. debugging) but I have made these identical for testing purposes.
My biggest clue so far has been that the Session object looks a bit different depending on route I take (IP vs domain).
I had two copies of the app running in the past, but I deleted the second in case there was cross-talk between them via caching.
Here is my logging showing the request action and controller at identical points in the process of logging in, and choosing an account:

1297×122 5.71 KB

Any help would be greatly appreciated. I’ve spent several days trying to track this down and it’s too subtle of an issue for me to be able to effectively troubleshoot
(I prefer the kind of errors that give me a line number ;).

Thank you in advance for your help!
Tobi

2

A quick summary of where my logging got me to.

The hangup is happening here when the chooseaccount conditions are met and a redirect is called:
return $this->redirect( array( "controller" => "main", "action" => "display" ) );

When it’s working via IP:
isAuthorized function has this from the request object:
$action = $this->request["action"];
$controller = $this->request["controller"];
which are main and display respectively.

When it’s not working via domain name:
isAuthorized function has this from the request object:
$action = $this->request["action"];
$controller = $this->request["controller"];
which are users and chooseaccount respectively.

Is there something happening between the redirect, and the isAuthorized function that I can log?

Thanks in advance!

3

It is strange.

Do you have the IP address hard coded into your app anywhere? Check all of your code.

Otherwise I would check if it is not a javascript related error, as I do not see any place where it can be problematic on CakePHP’s side.

You can try to check apache log alos, maybe you would find somehing.

4

I’m not sure how it could be JS-related since there’s no view involved, just a controller redirecting to another controller.

It has had this behaviour on two different IPs, one on the main domain, and then a different IP on the sub domain, so I don’t see it being IP address related.

I’ll have a look at my Apache logs and see if anything jumps out at me.

Thanks for the thoughts! If anyone else has any ideas I’m dying to hear them! I’m super stumped on this one.

Tobi