phpmyadmin
LoginCookieRecall = false is not working
Describe the bug
Hello, I have an anoing bug using multiple servers, each time I connect to a server and I try to connect to an other one, phpmyadmin is killing my connexion the the previous server, so I'm constantly trying to connect to servers because phpmyadmin doesn't hold the previous sessions. In theory with $cfg['LoginCookieRecall'] = false; it should hold connexions to servers that are already logged in no ?
Here my configuration:
$cfg['blowfish_secret'] = sodium_hex2bin('f16ce59f45714194371b48fe367822dc3b019da7861558cd4ad29e4d6fb13881');
$cfg['LoginCookieDeleteAll'] = true;
$cfg['LoginCookieRecall'] = false;
$servers = include '/home/web/application/servers.php';
foreach($servers as $server)
{
list($port,$ip) = $server;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['host'] = $ip;
$cfg['Servers'][$i]['verbose'] = $servername;
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['port'] = 3306;
$cfg['Servers'][$i]['pmadb'] = '';
$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
$cfg['Servers'][$i]['relation'] = 'pma__relation';
$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
$cfg['Servers'][$i]['recent'] = 'pma__recent';
$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
$cfg['Servers'][$i]['users'] = 'pma__users';
$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
$cfg['Servers'][$i]['hide_db'] = 'information_schema';
$i++;
}
//print_r($_COOKIE); exit;
I also try to see the Cookie after connecting to two servers that have the same login/pasword but the values are different, I'm not sure it's normal.
Array
(
[pma_lang_https] => fr
[pma_theme_https] => original
[pmaUser-2_https] => 7espRG4y6fp60puGdAmfZlyAiqC+oNN8lykYyTjng+yoBvomgruLPsRS7oJ2URY=
[pmaAuth-2_https] => wh48LaXh/9uE93RNO+vbvGVV0V6/JwESkIFOtli6ATgjZiWMRELdck8OvuCEET4207L4g+0dUyDixN4i6fQcvmmQxzT3IrE=
[phpMyAdmin_https] => el952jf3bp0siksb1rmsnvns4d
[pmaUser-1_https] => dvU6N+xY43AFtZeh4ESdMo4dYolNupLrMue3+fKxFa49r9pJKXgSGiH+l0a5bAc=
[pmaAuth-1_https] => gta2QmljiUUpo+i7b2ShRLi1qUZXZsA6NunxnQPPXDa/UYmt2dlaNVvEdEQAYSHTSOdAJsOaUSXXeR6cQZz5kPSmuSc4M+E=
)
I'm using version 5.2.1deb1
Bonjour @camille-chelpi Indeed this is a known bug, I hope we can find a fix for it in 5.2.3. Are you using Debian bookworm?
PS: please change the blowfish secret that you shared here Also, if you use the auth type config the issue will go away. But at the cost of an always logged in user, exposed to attackers
Yes using Debian 12
Okay, be sure to add bookworm-backports to your sources. A version should land soon