Project

General

Profile

Bug #9353

PHPSession errors from limited access to dashboard and widgets

Added by Steve Wheeler 5 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Dashboard
Target version:
Start date:
02/25/2019
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.x
Affected Architecture:
All

Description

If you login with a user who has privilege 'WebCfg - System: Login / Logout / Dashboard' and you have widgets on the dashboard that require additional access, such as the default system information widget, you get errors logged:

Feb 25 22:08:53     php-fpm     340     /index.php: Successful login for user 'test' from: 172.21.16.5 (Local Database)
Feb 25 22:08:54     php-fpm     8992     /getstats.php: test@172.21.16.5 (Local Database) attempted to access /getstats.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:54     php-fpm     8992     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth_check.inc:30 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/getstats.php:35 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth_check.inc:33 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/getstats.php:35 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /etc/inc/auth_check.inc:43 require_once(..) - /usr/local/www/getstats.php:35 [3] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth.inc:2072 session_auth(
Feb 25 22:08:55     php-fpm     8992     /ifstats.php: test@172.21.16.5 (Local Database) attempted to access /ifstats.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:55     php-fpm     8992     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth_check.inc:30 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/ifstats.php:31 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth_check.inc:33 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/ifstats.php:31 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /etc/inc/auth_check.inc:43 require_once(..) - /usr/local/www/ifstats.php:31 [3] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth.inc:2072 session_auth(..)
Feb 25 22:08:55     php-fpm     341     /widgets/widgets/system_information.widget.php: test@172.21.16.5 (Local Database) attempted to access /widgets/widgets/system_information.widget.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:55     php-fpm     341     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /usr/local/www/csrf/csrf-magic.php:356 csrf_start(..) - /usr/local/www/csrf/csrf-magic.php:188 csrf_check(..) - /usr/local/www/csrf/csrf-magic.php:408 require_once(..) - /usr/local/www/guiconfig.inc:37 require_once(..) - /usr/local/www/widgets/widgets/system_information.widget.php:28 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /usr/local/www/guiconfig.inc:39 require_once(..) - /usr/local/www/widgets/widgets/system_information.widget.php:28 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /usr/local/www/guiconfig.inc:51 require_once(..) - /usr/local/www/widgets/widgets/system_informa
Feb 25 22:08:56     php-fpm     341     /widgets/widgets/interfaces.widget.php: test@172.21.16.5 (Local Database) attempted to access /widgets/widgets/interfaces.widget.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:56     php-fpm     341     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /usr/local/www/csrf/csrf-magic.php:356 csrf_start(..) - /usr/local/www/csrf/csrf-magic.php:188 csrf_check(..) - /usr/local/www/csrf/csrf-magic.php:408 require_once(..) - /usr/local/www/guiconfig.inc:37 require_once(..) - /usr/local/www/widgets/widgets/interfaces.widget.php:23 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /usr/local/www/guiconfig.inc:39 require_once(..) - /usr/local/www/widgets/widgets/interfaces.widget.php:23 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /usr/local/www/guiconfig.inc:51 require_once(..) - /usr/local/www/widgets/widgets/interfaces.widget.php:23 [
Feb 25 22:08:57     php-fpm     341     /widgets/widgets/gateways.widget.php: test@172.21.16.5 (Local Database) attempted to access /widgets/widgets/gateways.widget.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:57     php-fpm     341     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /usr/local/www/csrf/csrf-magic.php:356 csrf_start(..) - /usr/local/www/csrf/csrf-magic.php:188 csrf_check(..) - /usr/local/www/csrf/csrf-magic.php:408 require_once(..) - /usr/local/www/guiconfig.inc:37 require_once(..) - /usr/local/www/widgets/widgets/gateways.widget.php:27 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /usr/local/www/guiconfig.inc:39 require_once(..) - /usr/local/www/widgets/widgets/gateways.widget.php:27 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /usr/local/www/guiconfig.inc:51 require_once(..) - /usr/local/www/widgets/widgets/gateways.widget.php:27 [3] => 

These add up quick spamming the logs whenever those users login.

Also available in: Atom PDF