Actions
Bug #9353
open
PHPSession errors from limited access to dashboard and widgets
Start date:
02/25/2019
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.x
Affected Architecture:
All
Description
If you login with a user who has privilege 'WebCfg - System: Login / Logout / Dashboard' and you have widgets on the dashboard that require additional access, such as the default system information widget, you get errors logged:
Feb 25 22:08:53 php-fpm 340 /index.php: Successful login for user 'test' from: 172.21.16.5 (Local Database) Feb 25 22:08:54 php-fpm 8992 /getstats.php: test@172.21.16.5 (Local Database) attempted to access /getstats.php but does not have access to that page. Redirecting to index.php. Feb 25 22:08:54 php-fpm 8992 PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth_check.inc:30 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/getstats.php:35 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth_check.inc:33 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/getstats.php:35 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /etc/inc/auth_check.inc:43 require_once(..) - /usr/local/www/getstats.php:35 [3] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth.inc:2072 session_auth( Feb 25 22:08:55 php-fpm 8992 /ifstats.php: test@172.21.16.5 (Local Database) attempted to access /ifstats.php but does not have access to that page. Redirecting to index.php. Feb 25 22:08:55 php-fpm 8992 PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth_check.inc:30 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/ifstats.php:31 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth_check.inc:33 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/ifstats.php:31 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /etc/inc/auth_check.inc:43 require_once(..) - /usr/local/www/ifstats.php:31 [3] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth.inc:2072 session_auth(..) Feb 25 22:08:55 php-fpm 341 /widgets/widgets/system_information.widget.php: test@172.21.16.5 (Local Database) attempted to access /widgets/widgets/system_information.widget.php but does not have access to that page. Redirecting to index.php. Feb 25 22:08:55 php-fpm 341 PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /usr/local/www/csrf/csrf-magic.php:356 csrf_start(..) - /usr/local/www/csrf/csrf-magic.php:188 csrf_check(..) - /usr/local/www/csrf/csrf-magic.php:408 require_once(..) - /usr/local/www/guiconfig.inc:37 require_once(..) - /usr/local/www/widgets/widgets/system_information.widget.php:28 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /usr/local/www/guiconfig.inc:39 require_once(..) - /usr/local/www/widgets/widgets/system_information.widget.php:28 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /usr/local/www/guiconfig.inc:51 require_once(..) - /usr/local/www/widgets/widgets/system_informa Feb 25 22:08:56 php-fpm 341 /widgets/widgets/interfaces.widget.php: test@172.21.16.5 (Local Database) attempted to access /widgets/widgets/interfaces.widget.php but does not have access to that page. Redirecting to index.php. Feb 25 22:08:56 php-fpm 341 PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /usr/local/www/csrf/csrf-magic.php:356 csrf_start(..) - /usr/local/www/csrf/csrf-magic.php:188 csrf_check(..) - /usr/local/www/csrf/csrf-magic.php:408 require_once(..) - /usr/local/www/guiconfig.inc:37 require_once(..) - /usr/local/www/widgets/widgets/interfaces.widget.php:23 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /usr/local/www/guiconfig.inc:39 require_once(..) - /usr/local/www/widgets/widgets/interfaces.widget.php:23 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /usr/local/www/guiconfig.inc:51 require_once(..) - /usr/local/www/widgets/widgets/interfaces.widget.php:23 [ Feb 25 22:08:57 php-fpm 341 /widgets/widgets/gateways.widget.php: test@172.21.16.5 (Local Database) attempted to access /widgets/widgets/gateways.widget.php but does not have access to that page. Redirecting to index.php. Feb 25 22:08:57 php-fpm 341 PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /usr/local/www/csrf/csrf-magic.php:356 csrf_start(..) - /usr/local/www/csrf/csrf-magic.php:188 csrf_check(..) - /usr/local/www/csrf/csrf-magic.php:408 require_once(..) - /usr/local/www/guiconfig.inc:37 require_once(..) - /usr/local/www/widgets/widgets/gateways.widget.php:27 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /usr/local/www/guiconfig.inc:39 require_once(..) - /usr/local/www/widgets/widgets/gateways.widget.php:27 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /usr/local/www/guiconfig.inc:51 require_once(..) - /usr/local/www/widgets/widgets/gateways.widget.php:27 [3] =>
These add up quick spamming the logs whenever those users login.
Updated by Anonymous over 3 years ago
- Assignee set to Anonymous
- Priority changed from Normal to Low
- Target version changed from 2.5.0 to Future
Updated by Marcos M about 1 year ago
This also happens when a session times out and the user tried to access a page which triggers the general "no permissions" error. Example (logs reversed):
Apr 17 14:51:00 php-fpm 2049 /status_logs.php: Successful login for user 'admin' from: 10.0.5.50 (Local Database) Apr 17 14:50:55 php-fpm 2049 ) Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/status_logs.php:35 Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/status_logs_common.inc:28 Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/guiconfig.inc:62 Apr 17 14:50:55 php-fpm 2049 getAllowedPages(..) - /etc/inc/authgui.inc:49 Apr 17 14:50:55 php-fpm 2049 phpsession_end(..) - /etc/inc/priv.inc:303 Apr 17 14:50:55 php-fpm 2049 simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:55 Apr 17 14:50:55 php-fpm 2049 [4] => #### phpsession_end #### Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/status_logs.php:35 Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/status_logs_common.inc:28 Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/guiconfig.inc:62 Apr 17 14:50:55 php-fpm 2049 getAllowedPages(..) - /etc/inc/authgui.inc:49 Apr 17 14:50:55 php-fpm 2049 phpsession_begin(..) - /etc/inc/priv.inc:240 Apr 17 14:50:55 php-fpm 2049 simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:39 Apr 17 14:50:55 php-fpm 2049 [3] => #### phpsession_begin #### Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/status_logs.php:35 Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/status_logs_common.inc:28 Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/guiconfig.inc:62 Apr 17 14:50:55 php-fpm 2049 phpsession_begin(..) - /etc/inc/authgui.inc:42 Apr 17 14:50:55 php-fpm 2049 simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:39 Apr 17 14:50:55 php-fpm 2049 [2] => #### phpsession_begin #### Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/status_logs.php:35 Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/status_logs_common.inc:28 Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/guiconfig.inc:62 Apr 17 14:50:55 php-fpm 2049 session_auth(..) - /etc/inc/authgui.inc:37 Apr 17 14:50:55 php-fpm 2049 phpsession_end(..) - /etc/inc/auth.inc:2264 Apr 17 14:50:55 php-fpm 2049 simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:55 Apr 17 14:50:55 php-fpm 2049 [1] => #### phpsession_end #### Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/status_logs.php:35 Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/status_logs_common.inc:28 Apr 17 14:50:55 php-fpm 2049 require_once(..) - /usr/local/www/guiconfig.inc:62 Apr 17 14:50:55 php-fpm 2049 session_auth(..) - /etc/inc/authgui.inc:37 Apr 17 14:50:55 php-fpm 2049 phpsession_begin(..) - /etc/inc/auth.inc:2137 Apr 17 14:50:55 php-fpm 2049 simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:39 Apr 17 14:50:55 php-fpm 2049 [0] => #### phpsession_begin #### Apr 17 14:50:55 php-fpm 2049 ( Apr 17 14:50:55 php-fpm 2049 PHPSESSION 1 open sessions left at shutdown script!Array
Actions