Upgrade issue with sessions

AllskyTeam / allsky

A Raspberry Pi operated Wireless Allsky Camera

MIT License

1.17k stars 181 forks source link

Upgrade issue with sessions #3710

Closed Alex-developer closed 1 month ago

Alex-developer commented 3 months ago

When upgrading to the 2024 branch you are unable to save the settings

Clearing the sites cookies, containing the php session id allows the settings to be saved

Need to find out whats going on

EricClaeys commented 3 months ago

@Alex-developer, how long was the WebUI page up before you saved the settings.

Do you have Use Login enabled or not? I assume "yes" since that's when it creates a session.

Alex-developer commented 2 months ago

In version v2023.05.01_04 lighttpd is running as root so the php sessions are created with as a root user

root@pi5:/home/pi/allsky/html# ll /var/lib/php/sessions total 4 -rw------- 1 root root 83 Aug 2 22:01 sess_h5nejbkmlecu7dqbatvvua36ea

In v2024.xx.xx lighttpd is running as www-data so lightpd cannot access the previous sessions

EricClaeys commented 2 months ago

Are you sure v2023.05.01_04 lighttpd ran as root? I'm pretty sure it's always run as www-data for as long as I've been involved in Allsky. Either way, my /var/lib/php/sessions directory is owned by root and has nothing in it. I have "Require WebUI Login" disabled so have no sessions.

Alex-developer commented 2 months ago

Are you sure v2023.05.01_04 lighttpd ran as root? I'm pretty sure it's always run as www-data for as long as I've been involved in Allsky. Either way, my /var/lib/php/sessions directory is owned by root and has nothing in it. I have "Require WebUI Login" disabled so have no sessions.

Yes, the v2023.05.01_04 doesnt specify a user, they are commented out in the config so the server will start as root.

#server.username             = "www-data"
#server.groupname            = "www-data"

Just to confirm this. After a clean install lighttpd is running as root and php sessions written as root

pi@pi5:~ $ ps -ef | grep lightt
root         979       1  0 17:31 ?        00:00:00 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf

pi@pi5:~ $ sudo ls -sl /var/lib/php/sessions/
total 4
4 -rw------- 1 www-data www-data 83 Aug  3 17:32 sess_ieap0b8kdpaarlv290up76la2o

EricClaeys commented 2 months ago

Good detective work @Alex-developer.

EricClaeys commented 2 months ago

@Alex-developer, do we also need to make sure /var/lib/php/sessions/ is writable by the web server? Mine isn't.

Alex-developer commented 2 months ago

@Alex-developer, do we also need to make sure /var/lib/php/sessions/ is writable by the web server?

Mine isn't.

Probably, I am testing a fix at the moment but need to do a final one to check the permissions on the session directory