Project

General

Profile

Actions

Bug #9353

open

PHPSession errors from limited access to dashboard and widgets

Added by Steve Wheeler almost 6 years ago. Updated over 1 year ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
Dashboard
Target version:
Start date:
02/25/2019
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.x
Affected Architecture:
All

Description

If you login with a user who has privilege 'WebCfg - System: Login / Logout / Dashboard' and you have widgets on the dashboard that require additional access, such as the default system information widget, you get errors logged:

Feb 25 22:08:53     php-fpm     340     /index.php: Successful login for user 'test' from: 172.21.16.5 (Local Database)
Feb 25 22:08:54     php-fpm     8992     /getstats.php: test@172.21.16.5 (Local Database) attempted to access /getstats.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:54     php-fpm     8992     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth_check.inc:30 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/getstats.php:35 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth_check.inc:33 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/getstats.php:35 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /etc/inc/auth_check.inc:43 require_once(..) - /usr/local/www/getstats.php:35 [3] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth.inc:2072 session_auth(
Feb 25 22:08:55     php-fpm     8992     /ifstats.php: test@172.21.16.5 (Local Database) attempted to access /ifstats.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:55     php-fpm     8992     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth_check.inc:30 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/ifstats.php:31 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth_check.inc:33 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/ifstats.php:31 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /etc/inc/auth_check.inc:43 require_once(..) - /usr/local/www/ifstats.php:31 [3] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth.inc:2072 session_auth(..)
Feb 25 22:08:55     php-fpm     341     /widgets/widgets/system_information.widget.php: test@172.21.16.5 (Local Database) attempted to access /widgets/widgets/system_information.widget.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:55     php-fpm     341     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /usr/local/www/csrf/csrf-magic.php:356 csrf_start(..) - /usr/local/www/csrf/csrf-magic.php:188 csrf_check(..) - /usr/local/www/csrf/csrf-magic.php:408 require_once(..) - /usr/local/www/guiconfig.inc:37 require_once(..) - /usr/local/www/widgets/widgets/system_information.widget.php:28 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /usr/local/www/guiconfig.inc:39 require_once(..) - /usr/local/www/widgets/widgets/system_information.widget.php:28 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /usr/local/www/guiconfig.inc:51 require_once(..) - /usr/local/www/widgets/widgets/system_informa
Feb 25 22:08:56     php-fpm     341     /widgets/widgets/interfaces.widget.php: test@172.21.16.5 (Local Database) attempted to access /widgets/widgets/interfaces.widget.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:56     php-fpm     341     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /usr/local/www/csrf/csrf-magic.php:356 csrf_start(..) - /usr/local/www/csrf/csrf-magic.php:188 csrf_check(..) - /usr/local/www/csrf/csrf-magic.php:408 require_once(..) - /usr/local/www/guiconfig.inc:37 require_once(..) - /usr/local/www/widgets/widgets/interfaces.widget.php:23 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /usr/local/www/guiconfig.inc:39 require_once(..) - /usr/local/www/widgets/widgets/interfaces.widget.php:23 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /usr/local/www/guiconfig.inc:51 require_once(..) - /usr/local/www/widgets/widgets/interfaces.widget.php:23 [
Feb 25 22:08:57     php-fpm     341     /widgets/widgets/gateways.widget.php: test@172.21.16.5 (Local Database) attempted to access /widgets/widgets/gateways.widget.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:57     php-fpm     341     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /usr/local/www/csrf/csrf-magic.php:356 csrf_start(..) - /usr/local/www/csrf/csrf-magic.php:188 csrf_check(..) - /usr/local/www/csrf/csrf-magic.php:408 require_once(..) - /usr/local/www/guiconfig.inc:37 require_once(..) - /usr/local/www/widgets/widgets/gateways.widget.php:27 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /usr/local/www/guiconfig.inc:39 require_once(..) - /usr/local/www/widgets/widgets/gateways.widget.php:27 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /usr/local/www/guiconfig.inc:51 require_once(..) - /usr/local/www/widgets/widgets/gateways.widget.php:27 [3] => 

These add up quick spamming the logs whenever those users login.

Actions #1

Updated by Anonymous about 4 years ago

  • Assignee set to Anonymous
  • Priority changed from Normal to Low
  • Target version changed from 2.5.0 to Future
Actions #2

Updated by Marcos M over 1 year ago

This also happens when a session times out and the user tried to access a page which triggers the general "no permissions" error. Example (logs reversed):

Apr 17 14:51:00     php-fpm     2049     /status_logs.php: Successful login for user 'admin' from: 10.0.5.50 (Local Database)
Apr 17 14:50:55     php-fpm     2049     )
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/status_logs.php:35
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/status_logs_common.inc:28
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/guiconfig.inc:62
Apr 17 14:50:55     php-fpm     2049     getAllowedPages(..) - /etc/inc/authgui.inc:49
Apr 17 14:50:55     php-fpm     2049     phpsession_end(..) - /etc/inc/priv.inc:303
Apr 17 14:50:55     php-fpm     2049     simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:55
Apr 17 14:50:55     php-fpm     2049     [4] => #### phpsession_end ####
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/status_logs.php:35
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/status_logs_common.inc:28
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/guiconfig.inc:62
Apr 17 14:50:55     php-fpm     2049     getAllowedPages(..) - /etc/inc/authgui.inc:49
Apr 17 14:50:55     php-fpm     2049     phpsession_begin(..) - /etc/inc/priv.inc:240
Apr 17 14:50:55     php-fpm     2049     simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:39
Apr 17 14:50:55     php-fpm     2049     [3] => #### phpsession_begin ####
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/status_logs.php:35
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/status_logs_common.inc:28
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/guiconfig.inc:62
Apr 17 14:50:55     php-fpm     2049     phpsession_begin(..) - /etc/inc/authgui.inc:42
Apr 17 14:50:55     php-fpm     2049     simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:39
Apr 17 14:50:55     php-fpm     2049     [2] => #### phpsession_begin ####
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/status_logs.php:35
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/status_logs_common.inc:28
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/guiconfig.inc:62
Apr 17 14:50:55     php-fpm     2049     session_auth(..) - /etc/inc/authgui.inc:37
Apr 17 14:50:55     php-fpm     2049     phpsession_end(..) - /etc/inc/auth.inc:2264
Apr 17 14:50:55     php-fpm     2049     simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:55
Apr 17 14:50:55     php-fpm     2049     [1] => #### phpsession_end ####
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/status_logs.php:35
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/status_logs_common.inc:28
Apr 17 14:50:55     php-fpm     2049     require_once(..) - /usr/local/www/guiconfig.inc:62
Apr 17 14:50:55     php-fpm     2049     session_auth(..) - /etc/inc/authgui.inc:37
Apr 17 14:50:55     php-fpm     2049     phpsession_begin(..) - /etc/inc/auth.inc:2137
Apr 17 14:50:55     php-fpm     2049     simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:39
Apr 17 14:50:55     php-fpm     2049     [0] => #### phpsession_begin ####
Apr 17 14:50:55     php-fpm     2049     (
Apr 17 14:50:55     php-fpm     2049     PHPSESSION 1 open sessions left at shutdown script!Array 

Actions

Also available in: Atom PDF