I'm being thrown back to login screen

Talk about anything that doesn't fit in the other catagories :) (and of course is about Group-Office)

Moderator: Developers

DanielMalmgren
Posts: 167
Joined: Fri Oct 28, 2011 6:24 pm
Location: Kisa, Sweden

I'm being thrown back to login screen

Postby DanielMalmgren » Mon Apr 23, 2012 1:02 pm

Hi.
Last week I upgraded our GO test environment from 3.7.29 to 3.7.48 and also upgraded z-push to 1.5.8. Everything is working fine except one thing. Users are being thrown back to the login screen suddenly and without any warning. This happens quite often and it can happen while working actively in GO. It seems that it's related to our phone sync, when I turn the sync off in my phone it doesn't seem to happen. Otherwise the phone sync works as it should. I've searched through apache logs and GO debug log without finding anything relevant. The only thing that might be interesting is this (from z-push debug.txt):

Code: Select all

04/23/12 14:16:18 [9505] [damal08] ------------------------- ERROR BACKTRACE -------------------------
04/23/12 14:16:18 [9505] [damal08] trace error: /san/www/modules/ldapauth/classes/ldapauth.class.inc.php:18 Declaration of ldapauth::before_login() should be compatible with that of imapauth::before_login() (2048) - backtrace: 4 steps
04/23/12 14:16:18 [9505] [damal08] trace: 1:/san/www/classes/base/events.class.inc.php:105 - require_once()
04/23/12 14:16:18 [9505] [damal08] trace: 2:/san/www/classes/base/auth.class.inc.php:185 - GO_EVENTS->fire_event()
04/23/12 14:16:18 [9505] [damal08] trace: 3:/san/www/modules/z-push/backend/GObackend.php:61 - GO_AUTH->login()
04/23/12 14:16:18 [9505] [damal08] trace: 4:/san/www/modules/z-push/index.php:148 - BackendGODir->Logon()
04/23/12 14:16:19 [9505] [damal08] GODir::Logon logged in
04/23/12 14:16:19 [9505] [damal08] Options request
04/23/12 14:16:19 [9505] [damal08] Logoff()
04/23/12 14:16:19 [9505] [damal08] end
04/23/12 14:16:19 [9505] [damal08] --------
04/23/12 14:16:20 [8605] [damal08] Start
04/23/12 14:16:20 [8605] [damal08] Z-Push version: 1.5.8-1187
04/23/12 14:16:20 [8605] [damal08] Client IP: 88.206.128.211
04/23/12 14:16:20 [8605] [damal08] Client supports version 2.5
04/23/12 14:16:20 [8605] [damal08] Group-Office version: 3.7.48
04/23/12 14:16:20 [8605] [damal08] BackendGODir version: 36
04/23/12 14:16:20 [8605] [damal08] BackendGODir::Logon(damal08,..,..)
I checked, and before_login in imapauth takes three arguments ($username, $password, $count_login), but before_login in ldapauth only takes the first two. Is this correct? And does it seem possible that this is in any way relevant to the problem?

/Daniel
mschering
Site Admin
Site Admin
Posts: 8333
Joined: Tue Apr 20, 2004 1:06 pm
Location: The Netherlands - Den Bosch
Contact:

Re: I'm being thrown back to login screen

Postby mschering » Wed Apr 25, 2012 7:12 am

Do you see errors in your apache log? Perhaps security token mismatch?

I don't think it's related to the sync because it's a completely different session.
Best regards,

Merijn Schering
Intermesh
DanielMalmgren
Posts: 167
Joined: Fri Oct 28, 2011 6:24 pm
Location: Kisa, Sweden

Re: I'm being thrown back to login screen

Postby DanielMalmgren » Wed Apr 25, 2012 8:12 am

Intermesh wrote:Do you see errors in your apache log? Perhaps security token mismatch?

I don't think it's related to the sync because it's a completely different session.
Yes, I get the "Security token mismatch. Possible cross site request forgery attack!" from time to time. Anything I can do about that? I don't think I get those errors in the log by near as often as people are being thrown out, but I guess it's a start if I could fix them.

/Daniel

edit: Sorry for writing before searching. I've now changed the disable_security_token_check config variable to true. I guess I'll have to wait and see if this fixes my problem?

edit 2: Another thought. Can this be something that happens because the load balancer in our web cluster directs my web logon and my phone sync to different backend web servers?
mschering
Site Admin
Site Admin
Posts: 8333
Joined: Tue Apr 20, 2004 1:06 pm
Location: The Netherlands - Den Bosch
Contact:

Re: I'm being thrown back to login screen

Postby mschering » Wed Apr 25, 2012 9:56 am

The browser sends a token on each request. That token is compared with the session on the server.

Does your user stay on the same server during it's session? I would recommend that.
Best regards,

Merijn Schering
Intermesh
DanielMalmgren
Posts: 167
Joined: Fri Oct 28, 2011 6:24 pm
Location: Kisa, Sweden

Re: I'm being thrown back to login screen

Postby DanielMalmgren » Wed Apr 25, 2012 10:11 am

Intermesh wrote:The browser sends a token on each request. That token is compared with the session on the server.

Does your user stay on the same server during it's session? I would recommend that.
Yep. Server is chosen using ip hash, so as long as the computer has the same ip it stays at the same one.

/Daniel
DanielMalmgren
Posts: 167
Joined: Fri Oct 28, 2011 6:24 pm
Location: Kisa, Sweden

Re: I'm being thrown back to login screen

Postby DanielMalmgren » Thu Apr 26, 2012 9:18 am

Ok, I've tried some more, and my findings are kinda strange. I removed one web server from my cluster, ending up with a one-node-cluster, so everything ends up at the same webserver. Now everything works perfectly well. So it seems the problem ONLY occurs when I'm logged in through group office at one server and my phone starts syncing against another.

A theory right off the top of my head: Could it be that when the phone finishes a sync it logs off and if there are no other active sessions with the same user id on that particular web server, than the user is in some way marked as logged out in the database, making the other web server log the user out as well?

My web servers see the same root_path and file_storage_path, which reside on a nfs share from my san, however they use their own local tmpdir. Anything I should rethink here?

/Daniel

edit: Now also tried with a shared tmpdir, no change. I can't believe I'm the first one with this problem, there's gotta be more people out there who uses GO on web clusters an uses z-push. This was supposed to go into production this week, so I'm really desperate for a solution now :|
mschering
Site Admin
Site Admin
Posts: 8333
Joined: Tue Apr 20, 2004 1:06 pm
Location: The Netherlands - Den Bosch
Contact:

Re: I'm being thrown back to login screen

Postby mschering » Tue May 01, 2012 8:15 am

What happens if you disable the security token check?

$config['disable_security_token_check']=true;
Best regards,

Merijn Schering
Intermesh
DanielMalmgren
Posts: 167
Joined: Fri Oct 28, 2011 6:24 pm
Location: Kisa, Sweden

Re: I'm being thrown back to login screen

Postby DanielMalmgren » Tue May 01, 2012 8:29 am

Intermesh wrote:What happens if you disable the security token check?

$config['disable_security_token_check']=true;
Already tried that some posts up. After that I don't get any more forgery attack warnings, but the problem persists.

/Daniel
mschering
Site Admin
Site Admin
Posts: 8333
Joined: Tue Apr 20, 2004 1:06 pm
Location: The Netherlands - Den Bosch
Contact:

Re: I'm being thrown back to login screen

Postby mschering » Tue May 01, 2012 8:40 am

Ok, sorry I missed that. So we can rule out that check.

Where is your PHP session directory located? Is it on shared space?
Best regards,

Merijn Schering
Intermesh
DanielMalmgren
Posts: 167
Joined: Fri Oct 28, 2011 6:24 pm
Location: Kisa, Sweden

Re: I'm being thrown back to login screen

Postby DanielMalmgren » Tue May 01, 2012 4:50 pm

Intermesh wrote:Ok, sorry I missed that. So we can rule out that check.

Where is your PHP session directory located? Is it on shared space?
Is this session.save_path? I've never touched it, so it was on default. Thought I'd try to test it out, but when I set it to somewhere on nfs (in a dir with exact same permissions as /tmp) GroupOffice doesn't work at all. I don't even get to the login screen (I just get "Connection timed out"). Not a single line in neither debug.txt nor Apache's error_log. Ideas?

/Daniel

Edit: I never got it to work with save_path set to somewhere on nfs, but I found a better solution. Now my php sessions are on memcache (found this nice little guide: http://www.dotdeb.org/2008/08/25/storin ... memcached/). Everything seems to work much better now, I can even kill a web server with users logged in without them noticing. I'll keep an eye open for the next few days and report back on whether the problem in the op has vanished as well.
valeria
Posts: 14
Joined: Wed Jan 30, 2013 9:36 am
Contact:

Re: I'm being thrown back to login screen

Postby valeria » Wed Jan 30, 2013 9:48 am

What is the current status of your problem? Is it resolved?
DanielMalmgren
Posts: 167
Joined: Fri Oct 28, 2011 6:24 pm
Location: Kisa, Sweden

Re: I'm being thrown back to login screen

Postby DanielMalmgren » Wed Jan 30, 2013 11:09 am

valeria wrote:What is the current status of your problem? Is it resolved?
Yes, as I mentioned in my last post I'm currently using memcached. Works like a charm.

/Daniel
mschering
Site Admin
Site Admin
Posts: 8333
Joined: Tue Apr 20, 2004 1:06 pm
Location: The Netherlands - Den Bosch
Contact:

Re: I'm being thrown back to login screen

Postby mschering » Thu Jan 31, 2013 1:37 pm

We've experienced the same thing while using php-apc. We never found out why.
Best regards,

Merijn Schering
Intermesh

Who is online

Users browsing this forum: No registered users and 1 guest