Session Invalid or Expired post-rev337

[ghuntress@…]

Ever since revison 338, I am unable to login to roundcube. Rev 338 (and all subsequent revs up to the current 366) simply states "Session Invalid or Expired" at any login attempt.

Reverting to rev 337 works normally with the exact same configuration file.

Roundcube is running on dual Opterons, FC5 (2.6.17-1.2187_FC5), Apache 2.2.2, PHP 5.1.6

I can post httpd.conf and/or main.inc.php contents if needed to help debug this.

[ghuntress@…]

I did some debugging today, and found that the problem related to the following line in index.php:

if (!rcmail_authenticate_session()

(!empty($CONFIGsession_lifetime?) && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIGsession_lifetime?*60 < mktime()))

If I either remove the second half of that if statement, or comment out session_lifetime in main.inc.php, the problem goes away.

-Garret

[seansan]

ghuntress@…: Does this bug still exist? (otherwise please close)
​http://trac.roundcube.net/trac.cgi/ticket/1484101

[ghuntress@…]

Yes, this problem still exists. I believe it is either daylight savings related somehow (East Coast USA here), or something to do with the fact that we synchronize our clock with an ntp server (we use kerberos for logins, which is time sensitive). However, these are mostly shot-in-the-dark guesses. I can do some debugging a little later.

[ghuntress@…]

Yes, this problem still exists. I believe it is either daylight savings related somehow (East Coast USA here), or something to do with the fact that we synchronize our clock with an ntp server (we use kerberos for logins, which is time sensitive). However, these are mostly shot-in-the-dark guesses. I can do some debugging a little later.

[crichardson]

i do not get this problem and i am in east coast also with ntp please post more detail if you can get it maybe parts of the log when the error occurs. have you tryed to use the newest svn in a clean dir?

[ghuntress@…]

Yes, did a fresh install, and it's still there in rev-469. I added some debugging code to index.php for added testing:

check session and auth cookie
else if ($_action!='login' && $_SESSIONuser_id?)

{
Do some debugging given the current config
$GarretDebugFile? = "logs/GarretDebugLog.log";
$GarretDebugSessionChanged? = "Session Changed Time is: " . $SESS_CHANGED . "\n";
$GarretDebugSessionLifetime? = "Session Lifetime (Seconds) is: " . $CONFIGsession_lifetime?*60 . "\n";
$GarretDebugMktime? = mktime();
$GarretDebugMktimeDisplay? = "Current MKTime is: " . $GarretDebugMktime? . "\n";
$GarretDebugSystemTime? = exec('date +%s');
$GarretDebugDisplayTime? = "Current Time is: " . exec('date') . " (" . exec('date +%s') . ")\n";
$GarretDebugCalcSessSkew? = $SESS_CHANGED - $GarretDebugSystemTime?;
$GarretDebugCalcMktimeSkew? = $GarretDebugMktime? - $GarretDebugSystemTime?;
$GarretDebugGetSessSkew? = "Session Changed is skewed by " . $GarretDebugCalcSessSkew? . " Seconds\n";
$GarretDebugGetMktimeSkew? = "mktime() is skewed by " . $GarretDebugCalcMktimeSkew? . " Seconds\n\n";
$GarretDebugFileHandle? = fopen($GarretDebugFile?, "a+");
fwrite($GarretDebugFileHandle?, $GarretDebugSessionChanged? . $GarretDebugSessionLifetime? . $GarretDebugMktimeDisplay? . $GarretDebugDisplayTime? . $GarretDebugGetSessSkew? . $GarretDebugGetMktimeSkew?);
fclose($GarretDebugFileHandle?);

if (!rcmail_authenticate_session()

(!empty($CONFIGsession_lifetime?) && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIGsession_lifetime?*60 < mktime()))

And here's the output after a few login attempts:

[root@mail1 logs]# cat GarretDebugLog?.log
Session Changed Time is: 1170878134
Session Lifetime (Seconds) is: 600
Current MKTime is: 1170902771
Current Time is: Wed Feb 7 21:46:11 EST 2007 (1170902771)
Session Changed is skewed by -24637 Seconds
mktime() is skewed by 0 Seconds

Session Changed Time is: 1170878138
Session Lifetime (Seconds) is: 600
Current MKTime is: 1170902775
Current Time is: Wed Feb 7 21:46:15 EST 2007 (1170902775)
Session Changed is skewed by -24637 Seconds
mktime() is skewed by 0 Seconds

-Garret

[ghuntress@…]

Ok, never mind. Mysql server clock was off by 24637 seconds (mysql server is hosted on a different box than the mail server). Bogus bug, althought it's interesting to note that the mysql server and web server need to have their clocks in sync othwise roundcube fails.