openprovider
[BUG] Random logouts after upgrading to 5.9 beta
Describe the bug We've upgraded to v5.9 beta on two WHMCS installations. After upgrading, we're randomly being logged out of WHMCS. This usually happens when submitting data, i.e:
- replying to support tickets
- using the WHMCS search function
To Reproduce Steps to reproduce the behavior:
- Update to latest beta release of the module
- Navigate WHMCS and perform various tasks
It has been difficult to find a way to really replicate the issue - sometimes it does not happen for hours at a time, other times it happens immediately (fx. if we're logging in and access a ticket right away).
Expected behavior The WHMCS admin should not be logged out
Server info:
- Distro: CloudLinux 9
- PHP: 8.1
- Web server: LiteSpeed
- WHMCS Session handling: Database
Additional context I don't exactly know if this issue is caused by the module but it started happening the very same day we updated the module on one of our WHMCS installations. The day after, we upgraded the module on another WHMCS installation and started experiencing the same issue.
We have 2 other WHMCS installations without the module. We're not seeing the same issue on those.
Just wanted to bring this up before the update is released as stable in case anyone is able to replicate it.
I downgraded the module to v5.8 on both installations earlier today and have not had the issue since.
I'm almost certain we've had this bug years ago. It wouldn't be the first time bugs that have already been addressed have crept back in with newer releases. But I can't find an issue post regarding it.
Hi @DennisSkov,
Thank you for reporting the issue.
We did not encounter this problem during our initial testing or QA testing of the new module version. Since the issue is intermittent and difficult to reproduce, it may pose some challenges to investigate the problem. However, we will do our best to analyze this from our side. If you have any additional info about the problem, please share it with us.
Unfortunately, I don't have any other information. Some admins still face the issue occasionally after downgrading the module, although it's not as big of an issue as before. Some admins will from time to time get logged out. These are admins who only access WHMCS infrequently, so it might be related to some sort of caching.
The problem could be unrelated to our upgrade of the registrar module but it just seems weird that we started having issues the same day we upgraded and most of the issues were solved on the day we downgraded again.
A small addition: I started having the problem again. For a short period of time, I kept getting logged out of WHMCS, as soon as I logged in. The weird thing is, the same thing happened on cp.openprovider.eu, no matter what browser I was using. Suddenly it stopped happening (both on our WHMCS installation and cp.openprovider.eu).
I've been trying to troubleshoot this issue as it started happening again for me this morning.
Whenever I logged in and refreshed the page, I was logged out immediately. I was on clientsdomains.php for a domain that used the OpenProvider module.
I tried loading the dashboard instead but was logged out again. I have the OpenProvider widget enabled.
If I accessed a domain for another provider, I wasn't logged out. I could browse WHMCS just fine. After having accessed a domain from another provider in WHMCS, I could go to the dashboard and also access clientsdomains.php for that are set to the OpenProvider module.
I'm very certain that there's an issue with the module - it would be a weird coincidence that this just so happens whenever we access a page that runs code from the OpenProvider module.
Hi @DennisSkov,
Unfortunately, I am still unable to recreate the problem. I tried with session handling set to both database and file.
Are you still using 5.9 beta or are you also experiencing the same problem with module version 5.8 as well?
Can you please share following details?
- The values of PHP
session.gc_maxlifetimeandsession.cookie_lifetime? - Would you be able to enable module log and SQL Debug Mode temporarily and share us logs when you notice the problem next time? You can send logs to our support team
Hi!
We're rolled back to the stable release but still have the issue occasionally. I can't replicate the issue consistently - but when it happens, it always happens when we're on a page that runs OpenProvider functions. Example: I've been logged out while I was on clientsdomains.php for a domain the uses the OpenProvider module. I sign in, but I'm immediately logged out again when I refresh the page. This keeps happening (I've tried 20 times in a row). If I, instead of refreshing, access supporttickets.php, I'm still being logged out, but as soon as I login again (this time being redirected to supporttickets.php), the issue is fixed. I can even go back to clientsdomains.php without being logged out.
It has never happened before we started using OpenProvider, and when it happens, it's always when an OpenProvider function is running (fx. GetDomainInfo or showing the BalanceWidget).
Hi @DennisSkov,
Thank you for sharing additional information.
Are you using a customized version of the module (with any code modifications), or the original source code from here?
Can you please also share following details?
- The values of PHP
session.gc_maxlifetimeandsession.cookie_lifetime? - Would you be able to enable module log and SQL Debug Mode temporarily and share us logs when you notice the problem next time? You can send logs to our support team
Hey.
I just confirmed it - it is the OpenProvider module that is causing the issue. We were forced to update WHMCS to the latest version, which also required us to update the OpenProvider module. As soon as the module was uploaded, I was logged out. I can reproduce the issue by doing a simple task such as update the BalanceWidget. I've uploaded a video of it.
This is now happening every time i refresh the balance.
https://github.com/user-attachments/assets/1c1e3192-115c-4eb0-b5ef-42c3544ed57f
We're using the original module code, version 5.8.2.
session.gc_maxlifetime is 1440.
session.cookie_lifetime is set to 0.
I've sent the module and activity log. Ticket ID 1758155.
Just an update. We installed the module on our development installation of WHMCS and started having the issue again. I did a bunch of tests but couldn't figure out why it happened. Every time i would access a page (even domaindetails for a domain not associated with OpenProvider in any way), I would get logged out instantly.
I disabled various modules but we kept getting logged out. I then deleted all openprovider rows from tblregistrars, and the issue was fixed. I then enabled the module again and waited for the issue to happen again - and then deleted the rows again which fixed the issue.
Thank you @DennisSkov
We have started investigating this issue and this will be a great help for us to continue this investigation.
Dear @DennisSkov,
Thank you for waiting!
We were not able to reproduce the issue in our test WHMCS installations and this caused delay in identifying the cause of random logouts. We have now identified an issue with sessions and have created a fix. Could you please test this branch and let us know if you are encountering logout issues with this new version?
Thanks! I've applied the fix to three of our WHMCS installations. I'll let you know how things go.
Hi @DennisSkov
Trust you are doing well!
Just following up - have you noticed any logout issues since the fix was applied?
Hi.
Fortunately no - but I'm on paternity leave so I'm not accessing our WHMCS installations very much. I told my colleagues to inform me if they noticed anything and I haven't heard anything from them. Prior to installing the patch, my boss was constantly logged out on the WHMCS dashboard (most likely due to the balance widget). Immediately after installing it, it fixed his issue.
Sorry, I completely forgot this issue. We haven't had the issue a single time since applying this patch.