xpages on browser repeat login

Question

There is an application that we are using it both on XPiNC and browsers.

Before you can access the application, you must log-in with your user.id from lotus notes. The problem is there are several login msgboxes ( where you must again log in with your username and passwords ) saying:

The server says /xsp/.ibmxspres/dojoroot-1.8.1/dojo.

or

The server says /xsp/.ibmxspres/.mini/dojo/.en-us.

or

The server says /xsp/.ibmxspres/.mini/css.

or

The server says /xsp/.ibmxspres/.extlib/icons.

and so on. Even when I just hit F5 when I'm logged on in application ( there is, also, a computed field which displays the username ) those type of messages are being displayed.

enter image description here

What should I do as a developer? Or there must be some settings at the server?

I have the following ACL rights:

ACL: User type: Person and Access: Manager. 

Effective access: all the checkboxes are checked except Full Access Administrator

Thanks for your time!

Do you only see these problems in XPiNC? Or only in the browser - or both? — John Dalsgaard
Which auth method do you use? Basic or Session based/SSO? If you use session based, please make sure your browser accepts cookies as the session id is stored as a session cookie. — Oliver Busse
@OliverBusse I edited my question with a screenshot. My browser accepts cookies - I verified and the SessionId is stored. — Florin M.
This is strange that you get a cookie when using Basic auth (as the screenshot says). I'd definiately suggest you to use session based auth. It would be helpful if you also post your ACL settings and the effective rights you would have when logged in — Oliver Busse
Thanks for your tips. I will talk with our admin and suggest the session based auth. I will update my question as soon as possible. — Florin M.

John Dalsgaard John Dalsgaard · Accepted Answer · 2014-04-24T07:27:00

Ok, this should be straight out of the box ;-)

What I find strange is that the ressources you seem to be asked for access to use are some of the "built in" ressources (Dojo, css, etc.) in XPages...???

So first thing is really to test that this has nothing to do with your application:

Create a new application
Set a proper ACL that will force you to log in (Default reader or higher, a person called "Anonymous" no access)
Create a simple XPage and open it from the browser

What happens?

If everything works, then you need to add some elements that use the ressources (css, Dojo, etc.). Then what happens?

I guess you will see the same problems... If so, you need to have a look at the way you have set up your server for web access. Are you using internet sites? Do you use basic or session based authentication?

What does the ACL of your application look like?

What you experience could be caused by "realms" i.e. the "path" to which you log in. A simple example:

If you are required to log in to access the ressource /path/db.nsf/view/doc1?openDocument then your realm will be "/path/db.nsf/view/" - if then you try to create a document using /path/db.nsf/newDoc.xsp then you could be asked for access to the realm "/path/db.nsf/".

I must admit that I haven't seen these issues for quite a while - but that may be due to the fact that I control access to the database as a whole - if users need access to something inside the database I implement it using "public access". But first, let us hear a little more about your findings before we chase it as a realm issue ;-)

EDIT:

Ok, so you are using basic authentication. There are lots of good reasons to use session based authentication instead. However, that does not explain your problem. What OS are you using? An OS with file access in the file structure? Could it be that the user running Domino does not have access to the ressources? Have any (file) restrictions to these directories been set up? You really should not be prompted to login for these ressources....

Did you try another "new" application?

/John

xpages on browser repeat login

2 Answers