With enabled session refresh support installed (plone.session) I got this, can anyone confirm that it throws these errors?
2022-11-01 21:23:31,894 ERROR [Zope.SiteErrorLog:17][waitress-2] 1667334211.89413760.2980599866023238 http://localhost:8080/Plone/++webresource++6e394ff2-5e80-5880-9df7-ed8e59129465/acl_users/session/refresh
Traceback (innermost last):
Module ZPublisher.WSGIPublisher, line 167, in transaction_pubevents
Module ZPublisher.WSGIPublisher, line 376, in publish_module
Module ZPublisher.WSGIPublisher, line 271, in publish
Module ZPublisher.mapply, line 85, in mapply
Module Products.PDBDebugMode.wsgi_runcall, line 60, in pdb_runcall
Module plone.session.plugins.session, line 432, in refresh
Module plone.session.plugins.session, line 403, in _refreshSession
Module plone.session.plugins.session, line 231, in _validateTicket
Module plone.session.tktauth, line 246, in splitTicket
ValueError
I get the same error when installing the add-on plone.session 4.0.0b2 in a fresh installed Plone 6.0.0b3 (Classic UI):
2022-11-16 01:37:41,892 ERROR [Zope.SiteErrorLog:35][waitress-2] ValueError: http://localhost:8081/Plone/++webresource++6e394ff2-5e80-5880-9df7-ed8e59129465/acl_users/session/refresh
Traceback (innermost last):
Module ZPublisher.WSGIPublisher, line 167, in transaction_pubevents
Module ZPublisher.WSGIPublisher, line 376, in publish_module
Module ZPublisher.WSGIPublisher, line 271, in publish
Module ZPublisher.mapply, line 85, in mapply
Module ZPublisher.WSGIPublisher, line 68, in call_object
Module plone.session.plugins.session, line 432, in refresh
Module plone.session.plugins.session, line 403, in _refreshSession
Module plone.session.plugins.session, line 231, in _validateTicket
Module plone.session.tktauth, line 246, in splitTicket
ValueError
The ticket passed to _validateTicket is b'61646d696e:61646d696e' (length 21). Expected is at least length 40 (see plone.session.tktauth, line 249, in splitTicket):
digest = ticket[:32]
val = ticket[32:40]
remainder = ticket[40:]
After changing the admin password these errors seem not to appear.
I tested the following scenarios:
Scenario 1
Install Plone (not only a site!)
create a Site,
change admin password. Enter a different password!
No ValueError
Scenario 2
Install Plone (not only a site!)
create a Site,
change admin password. Enter the same password, so that the cookie doesn't change
ValueError is still there
Scenario 3
Install Plone (not only a site!)
create a Site,
change admin password. Enter a different password!
No ValueError
keep your browser open (i.e. with the cookies)
Install Plone (not only a site!) again
visit with the ticket from the cookie.
No ValueError
remove the cookies and exit the browser (or visit Plone with another browser)
visit Plone again without cookies
ValueError is there again!!
Possible hint. The password is generated by cookiecutter-zope-instance (see post_gen_project.py#L58). I don't know how this password is handled by Zope.
Seems like a problem when creating the initial password. Zope maybe does not have all the pas plugin enabled and maybe something is missing. When you update from the web interface, all is ok.