Bug #9353: PHPSession errors from limited access to dashboard and widgets - pfSense - pfSense bugtracker

Actions

Copy link

Bug #9353

open

PHPSession errors from limited access to dashboard and widgets

Added by Steve Wheeler about 5 years ago. Updated about 1 year ago.

Status:

New

Priority:

Low

Assignee:

Category:

Dashboard

Target version:

Future

Start date:

02/25/2019

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.4.x

Affected Architecture:

All

Description

If you login with a user who has privilege 'WebCfg - System: Login / Logout / Dashboard' and you have widgets on the dashboard that require additional access, such as the default system information widget, you get errors logged:

Feb 25 22:08:53     php-fpm     340     /index.php: Successful login for user 'test' from: 172.21.16.5 (Local Database)
Feb 25 22:08:54     php-fpm     8992     /getstats.php: test@172.21.16.5 (Local Database) attempted to access /getstats.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:54     php-fpm     8992     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth_check.inc:30 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/getstats.php:35 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth_check.inc:33 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/getstats.php:35 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /etc/inc/auth_check.inc:43 require_once(..) - /usr/local/www/getstats.php:35 [3] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth.inc:2072 session_auth(
Feb 25 22:08:55     php-fpm     8992     /ifstats.php: test@172.21.16.5 (Local Database) attempted to access /ifstats.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:55     php-fpm     8992     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth_check.inc:30 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/ifstats.php:31 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth_check.inc:33 session_read_single_var(..) - /etc/inc/auth_check.inc:37 require_once(..) - /usr/local/www/ifstats.php:31 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /etc/inc/auth_check.inc:43 require_once(..) - /usr/local/www/ifstats.php:31 [3] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /etc/inc/auth.inc:2072 session_auth(..)
Feb 25 22:08:55     php-fpm     341     /widgets/widgets/system_information.widget.php: test@172.21.16.5 (Local Database) attempted to access /widgets/widgets/system_information.widget.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:55     php-fpm     341     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /usr/local/www/csrf/csrf-magic.php:356 csrf_start(..) - /usr/local/www/csrf/csrf-magic.php:188 csrf_check(..) - /usr/local/www/csrf/csrf-magic.php:408 require_once(..) - /usr/local/www/guiconfig.inc:37 require_once(..) - /usr/local/www/widgets/widgets/system_information.widget.php:28 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /usr/local/www/guiconfig.inc:39 require_once(..) - /usr/local/www/widgets/widgets/system_information.widget.php:28 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /usr/local/www/guiconfig.inc:51 require_once(..) - /usr/local/www/widgets/widgets/system_informa
Feb 25 22:08:56     php-fpm     341     /widgets/widgets/interfaces.widget.php: test@172.21.16.5 (Local Database) attempted to access /widgets/widgets/interfaces.widget.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:56     php-fpm     341     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /usr/local/www/csrf/csrf-magic.php:356 csrf_start(..) - /usr/local/www/csrf/csrf-magic.php:188 csrf_check(..) - /usr/local/www/csrf/csrf-magic.php:408 require_once(..) - /usr/local/www/guiconfig.inc:37 require_once(..) - /usr/local/www/widgets/widgets/interfaces.widget.php:23 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /usr/local/www/guiconfig.inc:39 require_once(..) - /usr/local/www/widgets/widgets/interfaces.widget.php:23 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /usr/local/www/guiconfig.inc:51 require_once(..) - /usr/local/www/widgets/widgets/interfaces.widget.php:23 [
Feb 25 22:08:57     php-fpm     341     /widgets/widgets/gateways.widget.php: test@172.21.16.5 (Local Database) attempted to access /widgets/widgets/gateways.widget.php but does not have access to that page. Redirecting to index.php.
Feb 25 22:08:57     php-fpm     341     PHPSESSION 1 open sessions left at shutdown script!Array ( [0] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /usr/local/www/csrf/csrf-magic.php:356 csrf_start(..) - /usr/local/www/csrf/csrf-magic.php:188 csrf_check(..) - /usr/local/www/csrf/csrf-magic.php:408 require_once(..) - /usr/local/www/guiconfig.inc:37 require_once(..) - /usr/local/www/widgets/widgets/gateways.widget.php:27 [1] => #### phpsession_end #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:54 phpsession_end(..) - /usr/local/www/guiconfig.inc:39 require_once(..) - /usr/local/www/widgets/widgets/gateways.widget.php:27 [2] => #### phpsession_begin #### simplestacktrace(..) - /etc/inc/phpsessionmanager.inc:38 phpsession_begin(..) - /etc/inc/auth.inc:1936 session_auth(..) - /etc/inc/authgui.inc:33 require_once(..) - /usr/local/www/guiconfig.inc:51 require_once(..) - /usr/local/www/widgets/widgets/gateways.widget.php:27 [3] =>

These add up quick spamming the logs whenever those users login.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #9353

PHPSession errors from limited access to dashboard and widgets

Updated by Anonymous over 3 years ago

Updated by Marcos M about 1 year ago