New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Logged out at random #12251
Comments
How are you handling PHP sessions; are you using sticky sessions? |
There is only one single container hosting phpMyAdmin so I'm doubting sticky sessions has any bearing on the matter? I'm presuming you are expecting us to be running more than one instance but we are not. To detail: haproxy is terminating our SSL connections and there is one back-end connected via HTTP. |
Indeed, when you mentioned haproxy I did assume you were using it for load balancing. |
Do you get the message about session expiry on the login page? |
No. Two other members of our staff agree, no session expiry message seen. |
Okay, then probably the session cookie is lost or set wrongly. Maybe this is same issue as #12249 where we set wrong cookie path under some circumstances. Can you please check the cookies set by phpMyAdmin? |
Similar. We too have dedicated (sub) domains for PMA access. Checking the cookies within Chrome, they all have a path of |
So the cookies seem to be just fine. How do you store your PHP sessions and how is configured session cleanup? |
We don't. Here's the Dockerfile we build:
This is run within a
At this point we have an haproxy configuration:
So in short we're running pretty much what is shipped to us. |
Okay, I will look how the PHP builtin server handles sessions, but I assume this will be the problem as they will be stored in memory only and don't survive process restart (I'm just guessing). |
I think PHP stores sessions in files by default? I think in Ubuntu they are in something along the lines of I doubt the Docker container does the clean-up at all? |
Given that we do not set any session.save_path, it's stored in /tmp. As it's not persistent storage, the sessions will disappear at least on container restart. |
Did the previous comment help you? Can your log outs be caused by container restart? |
No, sadly not. I've not personally had need to use the container much since reporting the issue. I will try and find out today whether anyone else has. |
Did not have to wait long - have a member of staff complaining that it's really bad this morning. He says he is simply returned to the login screen (there is definitely no mention of having been logged out). None of our phpmyadmin containers have restarted in several hours so it's clearly not that. The logs show some HTTP 302s but otherwise 200 OKs. |
What might be also related is session startup errors (see #12229), but you would see the error before login screen... |
Can you try updating to latest image? I've made changes in way how sessions are stored and they are now stored in separate volume, what should limit such problems... Also as this issue got reported in the Docker image issue tracker, let's followup only there and I'll close this: phpmyadmin/docker#32 |
Based on discussion in phpmyadmin/docker#32, this really turns down to be bug in the code rather than Docker container. The problem is that some javascript files can send different cookie path than main scripts leading to two session cookies which can interfere. |
..when available rather than in cookie as we do not want to send huge cookies with SQL query there and back. Issue #12251 Issue phpmyadmin/docker#32 Signed-off-by: Michal Čihař <michal@cihar.com>
Steps to reproduce
Expected behaviour
Should not randomly log me out - only on session cookie timeout
Actual behaviour
The logout can happen within seconds of the page loading. We've even seen it on logging in - immediately get logged back out again.
Server configuration
Docker container of 4.6.1 on a Linux host sat behind an haproxy-1.6 instance
Client configuration
Browser:
Chrome 50.0.2661.94
Operating system:
Windows 10
The docker container logs show 200 OK responses so there appears to be no error. Several members of staff are reporting phpMyAdmin as repeatedly logging them out as they are working. Occasionally we manage a few minutes of use before being logged out but not often.
We may for instance have just received the results of a query then click on the "Export" link and find ourselves at the log in prompt. Something's quite wrong.
The text was updated successfully, but these errors were encountered: