## Installation

### Upgrading to 2.17 => constant re-authentication

by Andrew Leahy -
Number of replies: 2

I've been upgrading my WebWork installation from a 6 year-old system currently running 2.12 to 2.17 running on the Ubuntu 22.04 virtual image.  (See my previous post.)  I'm just about done (I hope) but I've encountered a strange authentication error on the new system:  Every time I move to a new page that requires authentication, I'm asked to re-authenticate.  I'm not seeing anything in the web server logs, or in webwork2/log, so I don't know where else to look.

The only thing I can think to mention (since it's been problematic with authentication using other software) is that I'm running the webwork server via an apache reverse proxy.

Any ideas?

Thanks.

### Re: Upgrading to 2.17 => constant re-authentication

by Andrew Leahy -
Another data point that seems to suggest a proxy issue: When I access the webwork server using the internal 192.168.X.X address from a browser running on the virtual machine host, I don't have the problem of constantly needing to reauthenticate. However, when I access the webwork server from the same host system using the (proxied) external address, the problem occurs.

I tried Googling 'webwork proxy' and I didn't find anything interesting. Is there a good overview of the WebWork authentication mechanism? I'm seeing little bits on the Wiki, but nothing substantial. The next round of questions will probably see about SAML . . .

I'll shut up now since I'm all out of posts :-) Thanks again for your help!
In /opt/webwork/webwork2/conf/localOverrides.conf around line 503, do you have $session_management_via = "key" commented out? If so then you are using the default of session management via cookies. You could try uncommenting that line and see if that fixes the problem. Alternately check the variable$server_root_url in /opt/webwork/webwork2/conf/localOverrides.conf.  If you are serving via a proxy, then you will need that to be set to the url of the proxy.