Could not login into Tyk dasboard from Internet Explorer 11 behind nginx

pikamar · November 7, 2016, 2:18pm

I am able to login in Tyk dashboard from Firefox and Chrome, but when I do the same from IE11, the I am redirected back to login page. On wrong credentials it gives an error, that means login is working.

My nginx config:

server {
    listen 80;
    server_name ~^cmt-experiencelayer-tyk_dashboard\.*;
    access_log  /var/log/nginx/access.log logstash;
    proxy_set_header host $host;

    location /{
        proxy_pass http://tyk_dashboard:3333;
        proxy_http_version 1.1;
        add_header Access-Control-Allow-Origin *;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }
}

Output from tyk dashboard logfile:

---------------------LOGIN FROM CHROME---------------------

cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io 90.133.183.162 [07/Nov/2016:10:30:00 +0000] “GET / HTTP/1.1” 200 665 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36” 0.001 0.001
cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io 90.133.183.162 [07/Nov/2016:10:30:07 +0000] “POST /login HTTP/1.1” 302 0 “http://cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io/” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36” 0.100 0.100
cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io 90.133.183.162 [07/Nov/2016:10:30:07 +0000] “GET / HTTP/1.1” 200 2496 “http://cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io/” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36” 0.002 0.002
cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io 90.133.183.162 [07/Nov/2016:10:30:08 +0000] “GET /api/language?lang=en HTTP/1.1” 200 18924 “http://cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io/” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36” 0.001 0.001
cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io 90.133.183.162 [07/Nov/2016:10:30:09 +0000] “GET /api/versions HTTP/1.1” 200 252 “http://cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io/” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36” 0.002 0.002
cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io 90.133.183.162 [07/Nov/2016:10:30:09 +0000] “GET /api/usage/31/10/2016/7/11/2016?p=-1&res=day HTTP/1.1” 200 221 “http://cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io/” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36” 0.001 0.001
cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io 90.133.183.162 [07/Nov/2016:10:30:09 +0000] “GET /api/errors/category/31/10/2016/7/11/2016 HTTP/1.1” 200 54 “http://cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io/” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36” 0.002 0.002
cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io 90.133.183.162 [07/Nov/2016:10:30:09 +0000] “GET /api/activity/endpoints/31/10/2016/7/11/2016?p=0 HTTP/1.1” 200 54 “http://cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io/” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36” 0.002 0.002

---------------------LOGIN FROM IE---------------------

cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io 90.133.183.162 [07/Nov/2016:10:30:53 +0000] “GET / HTTP/1.1” 200 665 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586” 0.001 0.001
cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io 90.133.183.162 [07/Nov/2016:10:31:08 +0000] “POST /login HTTP/1.1” 302 0 “http://cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586” 0.100 0.100
cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io 90.133.183.162 [07/Nov/2016:10:31:09 +0000] “GET / HTTP/1.1” 200 665 “http://cmt-experiencelayer-tyk_dashboard.54.152.158.243.nip.io/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586” 0.001 0.001

When I access dashboard via local url: http://tyk_dashboard:3333 then login from IE works fine.
Any idea why dashboard is not redirected after successful login?

pikamar · November 7, 2016, 4:21pm

Our problem was due to an invalid host name according to RFC952, we had underscores in our test server URL. It seems that Internet Explorer silently drops the session cookie on redirect over https if the URL does not conform to RFC952. When using dashes instead of underscores, everything worked as expected.