You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In Ubuntu 22.04.4, if Apache is configured with MPM Event, GLPI does not recognize the following parameters, resulting in this alert:
PHP directive "session.cookie_secure" should be set to "on" when GLPI can be accessed on the HTTPS protocol.
PHP directive "session.cookie_httponly" should be set to "on" to prevent client-side scripts from accessing cookie values.
The file currently in use according to Apache itself "info.php" is located at "Loaded Configuration File /etc/php/8.1/fpm/php.ini".
And the parameters are correct:
root@glpi:/etc/php/8.1/fpm/conf.d# find /etc/php/8.1/fpm/ -type f -exec grep -H "session.cookie_httponly" {} +
/etc/php/8.1/fpm/php.ini:session.cookie_httponly = on
I'm not sure if it's being applied correctly, or if GLPI is not compatible with MPM event.
Thank you
Relevant log output
PHP directive "session.cookie_secure" should be set to "on" when GLPI can be accessed on HTTPS protocol.
PHP directive "session.cookie_httponly" should be set to "on" to prevent client-side script to access cookie values
Operating system: Linux glpi 6.5.0-28-generic #29~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Apr 4 14:39:20 UTC 2 x86_64
PHP 8.1.2-1ubuntu2.15 fpm-fcgi (Core, FFI, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apcu, bz2, calendar, cgi-fcgi,
ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, intl, json, ldap, libxml, mbstring, mysqli,
mysqlnd, openssl, pcre, pdo_mysql, posix, readline, session, shmop, sockets, sodium, standard, sysvmsg, sysvsem, sysvshm,
tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib)
Setup: max_execution_time="30" memory_limit="128M" post_max_size="8M" safe_mode="" session.save_handler="files"
upload_max_filesize="2M" disable_functions=""
Software: Apache (Apache Server at 192.168.0.15 Port 443
)
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Server Software: Ubuntu 22.04
Server Version: 10.6.16-MariaDB-0ubuntu0.22.04.1
Server SQL Mode: STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
Parameters: glpi@localhost/glpi
Host info: Localhost via UNIX socket
PHP version (8.1.2-1ubuntu2.15) is supported.PHP version (8.1.2-1ubuntu2.15) is supported.
Sessions configuration is OK.Sessions configuration is OK.
Allocated memory is sufficient.Allocated memory is sufficient.
mysqli extension is installed.mysqli extension is installed.
Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter.Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter.
curl extension is installed.curl extension is installed.
gd extension is installed.gd extension is installed.
intl extension is installed.intl extension is installed.
zlib extension is installed.zlib extension is installed.
The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.
Database engine version (10.6.16) is supported.Database engine version (10.6.16) is supported.
No files from previous GLPI version detected.No files from previous GLPI version detected.
The log file has been created successfully.The log file has been created successfully.
Write access to /var/www/glpi/files/_cache has been validated. Write access to /var/www/glpi/files/_cron has been validated. Write access to /var/www/glpi/files has been validated. Write access to /var/www/glpi/files/_dumps has been validated. Write access to /var/www/glpi/files/_graphs has been validated. Write access to /var/www/glpi/files/_lock has been validated. Write access to /var/www/glpi/files/_pictures has been validated. Write access to /var/www/glpi/files/_plugins has been validated. Write access to /var/www/glpi/files/_rss has been validated. Write access to /var/www/glpi/files/_sessions has been validated. Write access to /var/www/glpi/files/_tmp has been validated. Write access to /var/www/glpi/files/_uploads has been validated.Write access to /var/www/glpi/files/_cache has been validated.
Write access to /var/www/glpi/files/_cron has been validated.
Write access to /var/www/glpi/files has been validated.
Write access to /var/www/glpi/files/_dumps has been validated.
Write access to /var/www/glpi/files/_graphs has been validated.
Write access to /var/www/glpi/files/_lock has been validated.
Write access to /var/www/glpi/files/_pictures has been validated.
Write access to /var/www/glpi/files/_plugins has been validated.
Write access to /var/www/glpi/files/_rss has been validated.
Write access to /var/www/glpi/files/_sessions has been validated.
Write access to /var/www/glpi/files/_tmp has been validated.
Write access to /var/www/glpi/files/_uploads has been validated.
Web server root directory configuration seems safe.Web server root directory configuration seems safe.
PHP directive "session.cookie_secure" should be set to "on" when GLPI can be accessed on HTTPS protocol. PHP directive "session.cookie_httponly" should be set to "on" to prevent client-side script to access cookie values.PHP directive "session.cookie_secure" should be set to "on" when GLPI can be accessed on HTTPS protocol.
PHP directive "session.cookie_httponly" should be set to "on" to prevent client-side script to access cookie values.
OS and PHP are relying on 64 bits integers.OS and PHP are relying on 64 bits integers.
exif extension is installed.exif extension is installed.
ldap extension is installed.ldap extension is installed.
openssl extension is installed.openssl extension is installed.
Following extensions are installed: bz2, Phar, zip.Following extensions are installed: bz2, Phar, zip.
Zend OPcache extension is installed.Zend OPcache extension is installed.
Following extensions are installed: ctype, iconv, mbstring, sodium.Following extensions are installed: ctype, iconv, mbstring, sodium.
Write access to /var/www/glpi/marketplace has been validated.Write access to /var/www/glpi/marketplace has been validated.
Timezones seems loaded in database.Timezones seems loaded in database.
Anything else?
No response
The text was updated successfully, but these errors were encountered:
Code of Conduct
Is there an existing issue for this?
Version
10.0.15
Bug description
In Ubuntu 22.04.4, if Apache is configured with MPM Event, GLPI does not recognize the following parameters, resulting in this alert:
PHP directive "session.cookie_secure" should be set to "on" when GLPI can be accessed on the HTTPS protocol.
PHP directive "session.cookie_httponly" should be set to "on" to prevent client-side scripts from accessing cookie values.
The file currently in use according to Apache itself "info.php" is located at "Loaded Configuration File /etc/php/8.1/fpm/php.ini".
And the parameters are correct:
root@glpi:/etc/php/8.1/fpm/conf.d# find /etc/php/8.1/fpm/ -type f -exec grep -H "session.cookie_httponly" {} +
/etc/php/8.1/fpm/php.ini:session.cookie_httponly = on
I'm not sure if it's being applied correctly, or if GLPI is not compatible with MPM event.
Thank you
Relevant log output
Page URL
https://192.168.0.15/glpi/front/central.php
Steps To reproduce
Install glpi on apache with MPM event
https://blog.jirivanek.eu/en/2023/07/04/how-to-configure-apache-with-mpm-event-and-php-fpm/
Your GLPI setup information
Operating system: Linux glpi 6.5.0-28-generic #29~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Apr 4 14:39:20 UTC 2 x86_64
PHP 8.1.2-1ubuntu2.15 fpm-fcgi (Core, FFI, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apcu, bz2, calendar, cgi-fcgi,
ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, intl, json, ldap, libxml, mbstring, mysqli,
mysqlnd, openssl, pcre, pdo_mysql, posix, readline, session, shmop, sockets, sodium, standard, sysvmsg, sysvsem, sysvshm,
tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib)
Setup: max_execution_time="30" memory_limit="128M" post_max_size="8M" safe_mode="" session.save_handler="files"
upload_max_filesize="2M" disable_functions=""
Software: Apache (Apache Server at 192.168.0.15 Port 443
)
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Server Software: Ubuntu 22.04
Server Version: 10.6.16-MariaDB-0ubuntu0.22.04.1
Server SQL Mode: STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
Parameters: glpi@localhost/glpi
Host info: Localhost via UNIX socket
PHP version (8.1.2-1ubuntu2.15) is supported.PHP version (8.1.2-1ubuntu2.15) is supported.
Sessions configuration is OK.Sessions configuration is OK.
Allocated memory is sufficient.Allocated memory is sufficient.
mysqli extension is installed.mysqli extension is installed.
Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter.Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter.
curl extension is installed.curl extension is installed.
gd extension is installed.gd extension is installed.
intl extension is installed.intl extension is installed.
zlib extension is installed.zlib extension is installed.
The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.
Database engine version (10.6.16) is supported.Database engine version (10.6.16) is supported.
No files from previous GLPI version detected.No files from previous GLPI version detected.
The log file has been created successfully.The log file has been created successfully.
Write access to /var/www/glpi/files/_cache has been validated. Write access to /var/www/glpi/files/_cron has been validated. Write access to /var/www/glpi/files has been validated. Write access to /var/www/glpi/files/_dumps has been validated. Write access to /var/www/glpi/files/_graphs has been validated. Write access to /var/www/glpi/files/_lock has been validated. Write access to /var/www/glpi/files/_pictures has been validated. Write access to /var/www/glpi/files/_plugins has been validated. Write access to /var/www/glpi/files/_rss has been validated. Write access to /var/www/glpi/files/_sessions has been validated. Write access to /var/www/glpi/files/_tmp has been validated. Write access to /var/www/glpi/files/_uploads has been validated.Write access to /var/www/glpi/files/_cache has been validated.
Write access to /var/www/glpi/files/_cron has been validated.
Write access to /var/www/glpi/files has been validated.
Write access to /var/www/glpi/files/_dumps has been validated.
Write access to /var/www/glpi/files/_graphs has been validated.
Write access to /var/www/glpi/files/_lock has been validated.
Write access to /var/www/glpi/files/_pictures has been validated.
Write access to /var/www/glpi/files/_plugins has been validated.
Write access to /var/www/glpi/files/_rss has been validated.
Write access to /var/www/glpi/files/_sessions has been validated.
Write access to /var/www/glpi/files/_tmp has been validated.
Write access to /var/www/glpi/files/_uploads has been validated.
Web server root directory configuration seems safe.Web server root directory configuration seems safe.
PHP directive "session.cookie_secure" should be set to "on" when GLPI can be accessed on HTTPS protocol. PHP directive "session.cookie_httponly" should be set to "on" to prevent client-side script to access cookie values.PHP directive "session.cookie_secure" should be set to "on" when GLPI can be accessed on HTTPS protocol.
PHP directive "session.cookie_httponly" should be set to "on" to prevent client-side script to access cookie values.
OS and PHP are relying on 64 bits integers.OS and PHP are relying on 64 bits integers.
exif extension is installed.exif extension is installed.
ldap extension is installed.ldap extension is installed.
openssl extension is installed.openssl extension is installed.
Following extensions are installed: bz2, Phar, zip.Following extensions are installed: bz2, Phar, zip.
Zend OPcache extension is installed.Zend OPcache extension is installed.
Following extensions are installed: ctype, iconv, mbstring, sodium.Following extensions are installed: ctype, iconv, mbstring, sodium.
Write access to /var/www/glpi/marketplace has been validated.Write access to /var/www/glpi/marketplace has been validated.
Timezones seems loaded in database.Timezones seems loaded in database.
Anything else?
No response
The text was updated successfully, but these errors were encountered: