allsky icon indicating copy to clipboard operation
allsky copied to clipboard
verified publisher icon AllskyTeam

Upgrade issue with sessions

Open Alex-developer opened this issue 1 year ago • 1 comments

When upgrading to the 2024 branch you are unable to save the settings

image

Clearing the sites cookies, containing the php session id allows the settings to be saved

Need to find out whats going on

Alex-developer avatar Jun 28 '24 22:06 Alex-developer

@Alex-developer, how long was the WebUI page up before you saved the settings.

Do you have Use Login enabled or not? I assume "yes" since that's when it creates a session.

EricClaeys avatar Jun 29 '24 01:06 EricClaeys

In version v2023.05.01_04 lighttpd is running as root so the php sessions are created with as a root user

root@pi5:/home/pi/allsky/html# ll /var/lib/php/sessions total 4 -rw------- 1 root root 83 Aug 2 22:01 sess_h5nejbkmlecu7dqbatvvua36ea

In v2024.xx.xx lighttpd is running as www-data so lightpd cannot access the previous sessions

Alex-developer avatar Aug 02 '24 21:08 Alex-developer

Are you sure v2023.05.01_04 lighttpd ran as root? I'm pretty sure it's always run as www-data for as long as I've been involved in Allsky. Either way, my /var/lib/php/sessions directory is owned by root and has nothing in it. I have "Require WebUI Login" disabled so have no sessions.

EricClaeys avatar Aug 03 '24 03:08 EricClaeys

Are you sure v2023.05.01_04 lighttpd ran as root? I'm pretty sure it's always run as www-data for as long as I've been involved in Allsky. Either way, my /var/lib/php/sessions directory is owned by root and has nothing in it. I have "Require WebUI Login" disabled so have no sessions.

Yes, the v2023.05.01_04 doesnt specify a user, they are commented out in the config so the server will start as root.

#server.username             = "www-data"
#server.groupname            = "www-data"

Just to confirm this. After a clean install lighttpd is running as root and php sessions written as root

pi@pi5:~ $ ps -ef | grep lightt
root         979       1  0 17:31 ?        00:00:00 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf

pi@pi5:~ $ sudo ls -sl /var/lib/php/sessions/
total 4
4 -rw------- 1 www-data www-data 83 Aug  3 17:32 sess_ieap0b8kdpaarlv290up76la2o

Alex-developer avatar Aug 03 '24 16:08 Alex-developer

Good detective work @Alex-developer.

EricClaeys avatar Aug 03 '24 19:08 EricClaeys

@Alex-developer, do we also need to make sure /var/lib/php/sessions/ is writable by the web server? Mine isn't.

EricClaeys avatar Aug 03 '24 19:08 EricClaeys

@Alex-developer, do we also need to make sure /var/lib/php/sessions/ is writable by the web server?

Mine isn't.

Probably, I am testing a fix at the moment but need to do a final one to check the permissions on the session directory

Alex-developer avatar Aug 03 '24 19:08 Alex-developer