-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Session invalid or expired #6617
Comments
Looks like your http setup removes/changes remote IP address somehow. You may consider disabling |
на выходных поизучаю
Четверг, 7 февраля 2019, 22:48 +03:00 от tlacaelelrl ***@***.***>:
I started receiving this error
"Session invalid or expired"
My setup is
Ubuntu 18.03
Roundcube Webmail 1.3.8
I have a server that hosts two domains
mail.domain.com has no issues
mail.domain2.it has the issue
That means I can login to any email account whether form domain.com or domain2.it if I use mail.domain.com to login, when I do it from mail.domain2.it I am logged in, and a second later the error displays and get logged out and sent back to the login form.
I tried:
username_domain, session_domain, session_name, session_auth_name
Each to have a different value depending on the domain that was used to open the webmail.
That did not help, I thought it was the session or the cookies, so I also emptied the sessions table.
I tried using the default template.
Disabled all plugins
The only thing that made it work was this
file: rcube_utils.php
line: 624
method: remote_addr
public static function remote_addr()
{
// Check if any of the headers are set first to improve performance
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) || !empty($_SERVER['HTTP_X_REAL_IP'])) {
$proxy_whitelist = rcube::get_instance()->config->get('proxy_whitelist', array());
if (in_array($_SERVER['REMOTE_ADDR'], $proxy_whitelist)) {
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
foreach (array_reverse(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])) as $forwarded_ip) {
if (!in_array($forwarded_ip, $proxy_whitelist)) {
return $forwarded_ip;
}
}
}
if (!empty($_SERVER['HTTP_X_REAL_IP'])) {
return $_SERVER['HTTP_X_REAL_IP'];
}
}
}
if (!empty($_SERVER['REMOTE_ADDR'])) {
return $_SERVER['REMOTE_ADDR'];
}
return '';
}
When I comment out
/*if (!empty($_SERVER['REMOTE_ADDR'])) {
return $_SERVER['REMOTE_ADDR'];
}*/
All starts working.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub , or mute the thread .
Sincerely yours,
Mat.
|
I just figured out the issue. All domains are hosted at cloudflare. So all domains are using cloudflare's IP except for the main domain, that is why it was working on the main domain but not the other one. Thank you for your help. A way to fix it with nginx (appies to cloudflare only) https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx- If not, for roundcube only, setting the proxy_whitelist variable, using the list of IP segments from this url https://www.cloudflare.com/ips/ |
I have a rough patch in, that I think fixes this issue. public static function remote_addr()
{
// Check if any of the headers are set first to improve performance
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) || !empty($_SERVER['HTTP_X_REAL_IP'])) {
$proxy_whitelist = rcube::get_instance()->config->get('proxy_whitelist', array());
if (in_array($_SERVER['REMOTE_ADDR'], $proxy_whitelist)) {
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
foreach (array_reverse(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])) as $forwarded_ip) {
$forwarded_ip = trim($forwarded_ip);
if (!in_array($forwarded_ip, $proxy_whitelist)) {
return $forwarded_ip;
}
}
}
if (!empty($_SERVER['HTTP_X_REAL_IP'])) {
return $_SERVER['HTTP_X_REAL_IP'];
}
}
}
// add this part for cloudflare
if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
return $_SERVER['HTTP_CF_CONNECTING_IP'];
}
if (!empty($_SERVER['REMOTE_ADDR'])) {
return $_SERVER['REMOTE_ADDR'];
}
return '';
} |
I started receiving this error
"Session invalid or expired"
My setup is
Ubuntu 18.03
Roundcube Webmail 1.3.8
PHP: 7.2.10-0
I have a server that hosts two domains
mail.domain.com has no issues
mail.domain2.it has the issue
That means I can login to any email account whether form domain.com or domain2.it if I use mail.domain.com to login, when I do it from mail.domain2.it I am logged in, and a second later the error displays and get logged out and sent back to the login form.
I tried:
username_domain, session_domain, session_name, session_auth_name
Each to have a different value depending on the domain that was used to open the webmail.
That did not help, I thought it was the session or the cookies, so I also emptied the sessions table.
I tried using the default template.
Disabled all plugins
The only thing that made it work was this
file: rcube_utils.php
line: 624
method: remote_addr
When I comment out
All starts working.
The text was updated successfully, but these errors were encountered: