#1488409 closed Bugs (worksforme)
Session is invalid or expired
| Reported by: | francois | Owned by: | |
|---|---|---|---|
| Priority: | 5 | Milestone: | 0.8-rc |
| Component: | Core functionality | Version: | 0.7.2 |
| Severity: | critical | Keywords: | |
| Cc: |
Description (last modified by alec)
We have a freshly installed Roundcube 0.7.2 on Debian 6 up to date.
SQL, IMAP and SMTP services are on separate servers.
Every tests during installation worked fine, but we're unable to login. We always have the message "session is invalid or expired".
Here are the logs produced by roundcube :
Mar 29 17:21:24 webmail roundcube: query(1): SELECT vars, ip, changed FROM session WHERE sess_id = 'p8sn3p9eeevpc68jgfeqhrioe5le1t34';
Mar 29 17:21:24 webmail roundcube: query(2): INSERT INTO session (sess_id, vars, ip, created, changed) VALUES ('p8sn3p9eeevpc68jgfeqhrioe5le1t34', 'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJmcl9GUiI7dGFza3xzOjU6ImxvZ2luIjs=', '92.103.125.115', '2012-03-29 17:21:24', '2012-03-29 17:21:24');
Mar 29 17:21:38 webmail roundcube: query(1): SELECT vars, ip, changed FROM session WHERE sess_id = 'p8sn3p9eeevpc68jgfeqhrioe5le1t34';
Mar 29 17:21:38 webmail roundcube: query(2): DELETE FROM session WHERE sess_id = 'p8sn3p9eeevpc68jgfeqhrioe5le1t34';
Mar 29 17:21:38 webmail roundcube: query(2): SELECT * FROM users WHERE mail_host = 'imap.domain.fr' AND username = 'francois@domain.fr';
Mar 29 17:21:38 webmail roundcube: [50A5] S: * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information.
Mar 29 17:21:38 webmail roundcube: [50A5] C: A0001 LOGIN francois@domain.fr XXXXXXXXXXXXX
Mar 29 17:21:38 webmail roundcube: [50A5] S: A0001 OK LOGIN Ok.
Mar 29 17:21:38 webmail roundcube: [50A5] C: A0002 NAMESPACE
Mar 29 17:21:38 webmail roundcube: [50A5] S: * NAMESPACE (("INBOX." ".")) NIL (("#shared." ".")("shared." "."))
Mar 29 17:21:38 webmail roundcube: [50A5] S: A0002 OK NAMESPACE completed.
Mar 29 17:21:38 webmail roundcube: query(2): UPDATE users SET last_login = now() WHERE user_id = '1';
Mar 29 17:21:38 webmail roundcube: Successful login for francois@domain.fr (ID: 1) from 92.103.125.115 in session ocn0u8jlqvj3qi6h5ub3cbueci7jle70
Mar 29 17:21:38 webmail roundcube: [50A5] C: A0003 LOGOUT
Mar 29 17:21:38 webmail roundcube: [50A5] S: * BYE Courier-IMAP server shutting down
Mar 29 17:21:38 webmail roundcube: [50A5] S: A0003 OK LOGOUT completed
Mar 29 17:21:38 webmail roundcube: query(2): INSERT INTO session (sess_id, vars, ip, created, changed) VALUES ('ocn0u8jlqvj3qi6h5ub3cbueci7jle70', 'bGFuZ3VhZ2V8czo1OiJmcl9GUiI7aW1hcF9uYW1lc3BhY2V8YTo0OntzOjg6InBlcnNvbmFsIjthOjE6e2k6MDthOjI6e2k6MDtzOjY6IklOQk9YLiI7aToxO3M6MToiLiI7fX1zOjU6Im90aGVyIjtOO3M6Njoic2hhcmVkIjthOjI6e2k6MDthOjI6e2k6MDtzOjg6IiNzaGFyZWQuIjtpOjE7czoxOiIuIjt9aToxO2E6Mjp7aTowO3M6Nzoic2hhcmVkLiI7aToxO3M6MToiLiI7fX1zOjY6InByZWZpeCI7czo2OiJJTkJPWC4iO31pbWFwX2RlbGltaXRlcnxzOjE6Ii4iO3VzZXJfaWR8czoxOiIxIjt1c2VybmFtZXxzOjI3OiJmcmFuY29pcy5waWNvdEBlbmlnbWF0aWMuZnIiO2ltYXBfaG9zdHxzOjE3OiJpbWFwLmVuaWdtYXRpYy5mciI7aW1hcF9wb3J0fGk6MTQzO2ltYXBfc3NsfE47cGFzc3dvcmR8czozMjoiRGJWeWFrdDlKOGdOUW95dnFCdnhKeUhJS3FvOXZ6b20iO2xvZ2luX3RpbWV8aToxMzMzMDM0NDk4O3RpbWV6b25lfGQ6MTtkc3RfYWN0aXZlfGk6MTs=', '92.103.125.115', '2012-03-29 17:21:38', '2012-03-29 17:21:38');
Mar 29 17:21:39 webmail roundcube: query(1): SELECT vars, ip, changed FROM session WHERE sess_id = 'ocn0u8jlqvj3qi6h5ub3cbueci7jle70';
Mar 29 17:21:39 webmail roundcube: Aborted session ocn0u8jlqvj3qi6h5ub3cbueci7jle70; no valid session data found
Mar 29 17:21:39 webmail roundcube: query(2): INSERT INTO session (sess_id, vars, ip, created, changed) VALUES ('ocn0u8jlqvj3qi6h5ub3cbueci7jle70', 'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJmcl9GUiI7dGFza3xzOjU6ImxvZ2luIjs=', '92.103.125.115', '2012-03-29 17:21:39', '2012-03-29 17:21:39');
Mar 29 17:21:39 webmail roundcube: MDB2 Error: constraint violation (-3): _doQuery: [Error message: Could not execute statement]
[Last executed query: INSERT INTO session (sess_id, vars, ip, created, changed) VALUES ('ocn0u8jlqvj3qi6h5ub3cbueci7jle70', 'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJmcl9GUiI7dGFza3xzOjU6ImxvZ2luIjs=', '92.103.125.115', '2012-03-29 17:21:39', '2012-03-29 17:21:39')]
[Native code: 1062]
[Native message: Duplicate entry 'ocn0u8jlqvj3qi6h5ub3cbueci7jle70' for key 'PRIMARY']
I looked around a bit, many bugs reports are similar, but solutions don't work :
- setting hash algo to SHA1 doesn't change anything. (#1488196)
- synchronizing clocks beetween roundcube and SQL backend doesn't change anything.
Attachments (1)
Change History (4)
comment:1 Changed 14 months ago by thomasb
comment:2 Changed 13 months ago by alec
- Description modified (diff)
- Resolution set to worksforme
- Status changed from new to closed
No feedback. Unable to reproduce.
comment:3 Changed 12 months ago by paolodoors
I had the same problem. My roundcube is behind two reverse proxies not under my control, and when the session bounce from a proxy to the other, the sessions gets invalid. That's because $_SERVERREMOTE_ADDR? has proxy's address and not client's address.
I've attached a patch (against 0.7.2) to correct this issue taking client's IP from $_SERVERHTTP_X_FORWARDED_FOR? header. I know that is not safe to trust in this header, but it's a workaround that works in my scenario.
Kind regards.
Paolo Stancato
Note: See
TracTickets for help on using
tickets.
There must be something wrong with your database setup:
INSERT INTO session (sess_id, ...) VALUES ('ocn0u8jlqvj3qi6h5ub3cbueci7jle70', ...); SELECT ... FROM session WHERE sess_id = 'ocn0u8jlqvj3qi6h5ub3cbueci7jle70';The SELECT right after INSERT doesn't seem to return a result but it should. Do you have database replication in place?