casino with a non root url: '/login' is hardcoded in session.js

[swobspace]

Just for info: there is a hardcoded '/login' in session.js. If I use casino with a suburi like /zas, the browser redirects to /login instead of /zas/login after successfull login. This only occures on the very first access if there is no usable cookie for casino.

If I overwrite '/login' with '/zas/login' in session.js, all works as expected.

[pencil]

I just pushed a new version to the GitHub repository. Could you please give it a try before I release a new version of the gem?

[swobspace]

Give me one or two hours, I will test it.

[swobspace]

I have tested it in my production environment with different browsers on different plattforms and cannot find any issue. Looks good. Since cookies are not easy to debug you may wait with releasing a new gem for one or two days? It is now running in production and I will get quick feedback from our users if there is any overseen issue with custom root urls.

Thank you for the really fast update.

[pencil]

Thank you! Let me know how it works out. 😄

[swobspace]

encodeURIComponent in session.js seems to encode to much. We use OTRS which makes heavy usage of ';' in urls like /otrs/index.pl?Action=AgentTicketZoom;TicketID=65813. OTRS cannot handle this with correct encoding like /otrs/index.pl?Action=AgentTicketZoom%3BTicketID%3D65813 (does not work).
Can we avoid escaping reserved characters like '& = ; ? ' ?

The other stuff works fine.

[swobspace]

I think the problem is not session.js but the (may be incorrect?) handling of semicolon by casino. A call like

GET "/zas/serviceValidate?service=https%3a%2f%2fmintra3.marienhaus.de%2fotrs%2findex.pl%3fAction%3dAgentTicketZoom%253BTicketID%253D65065&ticket=..." 

gives the following parameters (from production.log):

Parameters: {"service"=>"https://mintra3.marienhaus.de/otrs/index.pl?Action=AgentTicketZoom%3BTicketID%3D65065", ...}

The semicolon (%3B) is not decoded, and not the second '=' (%3D).

[swobspace]

Yeah, it is an old issue with addressable/uri which does not support semicolon as url query separator: sporkmonger/addressable#114

[luxflux]

We "fixed" this in the OTRS VirtualHost with the following RewriteRules:

RewriteCond %{QUERY_STRING} Action=AgentTicketZoom%3BTicketID%3D(\d+)
RewriteRule ^/otrs/index.pl /otrs/index.pl?Action=AgentTicketZoom&TicketID=%1 [R]

[swobspace]

@luxflux : works as a temporary solution, but not for all other URLs like

https://mintra3.marienhaus.de/otrs/index.pl?Action=AgentTicketPhone%3BSubaction%3DStoreNew%3BExpandCustomerName%3D2%3BCustomerUser%3username%40example.com

It is frustrating: addressable/uri ignores semicolon and @, OTRS cannot handle correct encoded urls...

[swobspace]

Since this is now an encoding/decoding issue, we should create a new ticket for this issue. The original patch (hardcoded /login) in session.js works fine.