[Koha-devel] Sessions terminated at random under Plack
Tomas Cohen Arazi
tomascohen at gmail.com
Tue Aug 30 20:48:00 CEST 2016
Chris, of course! We are talking about debugging. The patches that solve
the issue are already pushed!
El mar., 30 ago. 2016 a las 15:44, Chris Cormack (<chrisc at catalyst.net.nz>)
escribió:
> You will need to be aware though that reduces your users protection from
> session hijacking tremendously. We really need to make fixing it a
> priority, without reducing security.
>
> Chris
>
>
> On 31 August 2016 6:40:39 AM NZST, Tomas Cohen Arazi <tomascohen at gmail.com>
> wrote:
>>
>> Magnus, there's been a lot of movement on the caching layer, and some of
>> that work has been backported to the stable releases. Also, the
>> RestrictSessionByIP setting was getting in the middle (
>> https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17050).
>>
>> There's also a problem with memcached initialization in C4::Context that
>> makes sessionStorage=memcache fail to persist sessions.
>>
>> My suggestion would be to set sessionStorage to 'mysql' and disable the
>> RestricSessionByIP syspref.
>>
>> Regards
>>
>>
>>
>> El mar., 30 ago. 2016 a las 8:24, Magnus Enger (<magnus at enger.priv.no>)
>> escribió:
>>
>>> Dear Community,
>>>
>>> I am seeing a strange problem, and I'm not sure where to start digging.
>>>
>>> I have a (big) server with 30 odd Koha instances. One of these
>>> instances has been running under Plack for quite some time now,
>>> without any problems.
>>>
>>> Two new instances have a problem where librarians get kicked out of
>>> the intranet more or less frequently, with a message like "Your
>>> session has expired, please log in again".
>>>
>>> We had this problem on 3.22.x.
>>> After upgrading to 16.05.02 it went away.
>>> After upgrading to 16.05.03 last night it came back again.
>>>
>>> It is not consistent. Earlier today it looked like you could log in,
>>> click on a link, get thrown out, login again and then things would
>>> work. Later users got kicked out every single time they clicked on a
>>> link in the intranet.
>>>
>>> All sites are running off the official Debian packages, on the same
>>> server.
>>> Memcached is installed, enabled and used for storing sessions.
>>> Switching SessionStorage to the DB does not stop the problem.
>>> Stopping and disabling Plack for these two instances makes the problem
>>> go away.
>>>
>>> I have not found anything interesting in Plack or Apache logs.
>>>
>>> Anyone got a hunch what might be causing this? Or where to start digging?
>>>
>>> Best regards,
>>> Magnus
>>> _______________________________________________
>>> Koha-devel mailing list
>>> Koha-devel at lists.koha-community.org
>>> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
>>> website : http://www.koha-community.org/
>>> git : http://git.koha-community.org/
>>> bugs : http://bugs.koha-community.org/
>>>
>> --
>> Tomás Cohen Arazi
>> Theke Solutions (https://theke.io <http://theke.io/>)
>> ✆ +54 9351 3513384
>> GPG: B2F3C15F
>>
>> ------------------------------
>>
>> Koha-devel mailing list
>> Koha-devel at lists.koha-community.org
>> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
>> website : http://www.koha-community.org/
>> git : http://git.koha-community.org/
>> bugs : http://bugs.koha-community.org/
>>
>>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
--
Tomás Cohen Arazi
Theke Solutions (https://theke.io <http://theke.io/>)
✆ +54 9351 3513384
GPG: B2F3C15F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20160830/da2abb57/attachment.html>
More information about the Koha-devel
mailing list