persistent_login icon indicating copy to clipboard operation
persistent_login copied to clipboard

Published 20 hours ago verified publisher icon mfreiholz

Session Error every new browser session

Open derOtto opened this issue 6 years ago • 16 comments

Hallo, when a new browser session is started, i can see the login screen (without the checkbox for persisten login) and the error message sessionerror. After refreshing the page i'm loged in but not without.

derOtto avatar Sep 23 '18 06:09 derOtto

Same problem.

waclaw66 avatar Oct 27 '18 08:10 waclaw66

Same problem for me.

EmmanuelLazard avatar Feb 24 '19 21:02 EmmanuelLazard

~~Opening the base url results in the error on the login page, opening a url with an action (for example ?_task=mail&_mbox=INBOX) results in being logged in. Maybe this helps anyone else.~~

Nevermind, I +1 this issue.

tjubutsi avatar Apr 05 '19 09:04 tjubutsi

To me it looks like https://github.com/roundcube/roundcubemail/blob/master/index.php#L99 doesn't always actually trigger the startup in this plugin.

tjubutsi avatar Apr 05 '19 15:04 tjubutsi

Does it still happen in the current version?

mfreiholz avatar Dec 16 '19 16:12 mfreiholz

Just did a fresh roundcube install, same config and it still happens.

tjubutsi avatar Dec 16 '19 18:12 tjubutsi

Could you describe it a little bit more detailed, please? I can't intentionally reproduce it, but would like to.

Skyweb [email protected] schrieb am Mo., 16. Dez. 2019, 19:33:

Just did a fresh roundcube install, same config and it still happens.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/mfreiholz/persistent_login/issues/46?email_source=notifications&email_token=AAGFTKJGTFIFGRRUDNJ42KDQY7CYTA5CNFSM4FWWKNLKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEG7U4AI#issuecomment-566185473, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGFTKMAGIQ3WUKT3LZ32JLQY7CYTANCNFSM4FWWKNLA .

mfreiholz avatar Dec 16 '19 22:12 mfreiholz

It is tough to reproduce since I'm not sure what exactly is triggering it. I don't do something special either. I log in with "Keep me logged in" ticked. I then close the tab for an hour or so and then after opening again I'd get the log in page with the error "Your session is invalid or expired." Just opening the page again after that, no matter if it's a refresh, new tab or having restarted the browser, gets me logged in again.

tjubutsi avatar Dec 17 '19 07:12 tjubutsi

Okay understood. I just got it myself. It looks like the PHP-Session of Roundcube expires and Roundcube doesn't load the plugin at this point.

I think it has to do with the "Open tabs from last time" setting in browser. It does save cookies even though it shouldn't, because they expired already.

mfreiholz avatar Dec 17 '19 08:12 mfreiholz

Could be a factor but I also definitely get it just when closing the tab, waiting, and then opening it in a new one.

tjubutsi avatar Dec 17 '19 08:12 tjubutsi

I have (I think) a similar issue. I tick the persistent login box, but after a while I'm forced to log in again (often when restarting the PC/re opening the browser) - Also it looks like nothing is being added to the database?

MariaDB [roundcubemail]> show table status FROM roundcubemail WHERE NAME = 'auth_tokens'; +-------------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+-------------+------------+-----------------+----------+----------------+---------+ | Name | Engine | Version | Row_format | Rows | Avg_row_length | Data_length | Max_data_length | Index_length | Data_free | Auto_increment | Create_time | Update_time | Check_time | Collation | Checksum | Create_options | Comment | +-------------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+-------------+------------+-----------------+----------+----------------+---------+ | auth_tokens | InnoDB | 10 | Compact | 0 | 0 | 16384 | 0 | 16384 | 6291456 | NULL | 2020-01-01 14:35:11 | NULL | NULL | utf8_general_ci | NULL | | | +-------------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+-------------+------------+-----------------+----------+----------------+---------+ 1 row in set (0.00 sec) EDIT: Sorry the above formatting is barfed...just note the "0" rows...

MariaDB [roundcubemail]> describe auth_tokens; +-----------+------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-----------+------------------+------+-----+---------+-------+ | token | varchar(128) | NO | PRI | NULL | | | expires | datetime | NO | | NULL | | | user_id | int(10) unsigned | NO | MUL | NULL | | | user_name | varchar(128) | NO | | NULL | | | user_pass | varchar(128) | NO | | NULL | | | host | varchar(255) | NO | | NULL | | +-----------+------------------+------+-----+---------+-------+ 6 rows in set (0.00 sec)

`<?php // ---------------------------------- // PERSISTENT LOGIN / REMEMBER ME // ----------------------------------

// Time until the peristent login cookie invalidates (in seconds; 6060243 = 3 days) $rcmail_config['ifpl_login_expire'] = 6060243;

// The name of the persistent login cookie. $rcmail_config['ifpl_cookie_name'] = '_pt';

// ---------------------------------- // TOKEN BASED (MORE SECURE!) - OPTIONAL // Installation of database scripts required. (see "./sql/" folder) // ----------------------------------

// Turn on feature to use tokens. $rcmail_config['ifpl_use_auth_tokens'] = true;

// The name of the database table for the AuthTokens. $rcmail_config['db_table_auth_tokens'] = 'auth_tokens';

// ---------------------------------- // IP BASED RESTRICTION // Since 5.0 // ----------------------------------

// List of allowed IP masks // e.g.: '127.0.0.1/32', '10.10.0.0/24', '1.1.1.0/24' $rcmail_config['ifpl_netmask_whitelist'] = array('192.168.1.0/24','192.168.2.0/24'); ?>`

MikeCockrem avatar Jan 03 '20 14:01 MikeCockrem

@MikeCockrem Do you have the exact same behavior with tokens feature disabled?

Can you check the auth_tokens table immediately after login, please?

mfreiholz avatar Jan 04 '20 05:01 mfreiholz

After login:

MariaDB [roundcubemail]> select * from auth_tokens; Empty set (0.00 sec)

I make a presumption I should see something here..

I had the same behavior with auth_tokens off. It's probably something I've done wrong, but I followed the instructions to the letter so I'm at a loss as to why...

EDIT: 24~hrs later: "Your session is invalid or expired."

MikeCockrem avatar Jan 06 '20 11:01 MikeCockrem

I'm still having this issue. Is there any workaround/fix?

tborychowski avatar May 22 '20 13:05 tborychowski

I'm still having the issue as well, little annoying but you get used too it.

Roundcube Webmail 1.4.9 Installed plugins Plugin Version archive 3.4 contextmenu 3.1 filesystem_attachments 1.0 html5_notifier identicon 0.1 jqueryui 1.12.0 managesieve 9.3 password 5.1 persistent_login 5.2.0

FingerlessGlov3s avatar Dec 10 '20 09:12 FingerlessGlov3s

FYI, I don't use this plugin anymore, but change a few lines in RC php to get the same functionality (but better), here's how: https://github.com/tborychowski/self-hosted-cookbook/blob/master/apps/email/roundcube.md#remember-me-session

tborychowski avatar Dec 13 '20 23:12 tborychowski