-
-
Notifications
You must be signed in to change notification settings - Fork 403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to automatically login using Remember Me option #4705
Comments
This is duplicate. Try updating to the latest 1.2.x branch and see if the problem goes away. |
Another note is that we did a change to the Remember Me support. After you grab the latest goto your User Profile and press the logout everywhere button. If you want to do that for everyone, you simply have to |
I have just tried updating to the latest 1.2.x branch and using the "Log out everywhere" button. Still having the same issue. |
What auth method are you using? |
LDAP. But i get the same issue using a local account. |
Then, you must not be on the latest or there is some other reason. Did you truncate the table? That might fix it. |
I see the issue, yea, just truncate the table. |
Definitely on the latest. I checked the table before truncating and it was empty. After that I tried logging in using both a local and AD account and ticking remember but nothing is written to the table. |
Well that's odd. I can not reproduce. Can you check your browsers debug panel to see if the cookie is being rejected? Are you using https? |
Cookie is there - Using http only |
Okay, that might be it. Let me see if I can reproduce that way. |
I just tried https, same problem. Nothing in the table yet either. Deleted cookie and it gets recreated ok. |
It's http that's breaking it. On https it's working fine. Let me look into that. I've been using https for so long as it's where just about everyone is these days. |
Okay, pull a fresh copy and then remove your cookies before you try again (just in case). |
Odd. Still having the same issue with both http and https after the changes. |
What PHP version? |
If they are not as specified, and you are at PHP7.3+, then delete them one at a time and start over. |
Running PHP7.4. I am running FPM with apache. Will try without FPM also |
Hello, I can confirm this is happening for me too - Firefox and Edge. I don't see 'cacti_rememebers' cookie being created. |
Ahh ... "logout everywhere" worked for me. Sorry I missed that higher in the thread. |
@batman978, did you update to the 1.2.x branch? Are you using http or https? |
@bcoory, what you need to do it goto the login page, bring up the debug panel, and then the network tab, and watch the request and response headers. See below. |
There seems to be no response cookie. Cacti.mov |
That really helped. Login, goto |
I guess we should be blocking the |
Logged this bug as a result of the finding. Thanks! |
Starts at line 201. |
Results below. Tried both local and LDAP. 2022/04/21 08:39:42 - AUTH Username error, not setting token |
Are you running any plugins? I'm betting we have a name space collision. |
Or it could be you simply need to go to the |
It's not a namespace issue though after looking at the error. |
I created a guest account and assigned it on Console > Configuration > Settings > Authentication. Now it is working. I have never had a guest account in the past. |
It's kind of crazy. Likely what happened before, is that it was set that way, and you never realized it. It's good you have it set now as your Cacti basically had some areas that if a user went to it were basically unsecured. This is why we prevented the 'guest' account, moving forward from being the primary admin account. I guess what we missed in the upgrade was 'fixing' it if we found it. Glad it's working for you now. |
Many thanks! It looks like I can disable the guest account and remember me is still working. |
I'm running into a similar issue. I've followed through some of the troubleshooting on this page. |
Describe the bug
After upgrading to 1.2.20 from 1.2.19 I cannot get the remember me function to work after closing the browser. Tried on multiple browsers same issue.
Confirmed Support Authentication Cookies is enabled.
Cleared all cookies and cache from browser.
Cookie info in broswer says it Expires When the browsing session ends.
Rolled back to 1.2.19 to test and works as expected.
Issue occurs with both local and LDAP login.
Single Cacti instance - Tried modifying cacti_session_name with no luck.
cacti_cookie_domain is commented out. I also tried enabling this with our Cacti FQDN with no luck.
To Reproduce
Upgrade and login ticking "Keep me signed in". Save password when prompted by browser. Then close browser and go to cacti site.
Expected behavior
Bypass login page once "Keep me signed in" is ticked.
Desktop (please complete the following information)
OS: Windows 10 Pro 21H2
Browser: Latest Chrome, Edge and Firefox
Version [e.g. 22] Chrome- 100.0.4896.75 Edge- 00.0.1185.39 Firefox- 99.01
The text was updated successfully, but these errors were encountered: