Login works unreliable

[dahawk]

Describe the bug After entering my credentials on /login I get the message

The page has expired due to inactivity.

Please refresh and try again.

displayed on my screen (see secreenshots). Refreshing the page will prompt the "Do you want to resend your form data" as the previous request was the POST to send my login credentials. When I press resend, I either get redirected to the same page expired message or I get redirected to the index page.

Note the ratio of successful login varies quite a bit between it takes 3-4 attempts to login and it takes 3-4 attempts to reproduce the error

Side Note While testing, I used a password manager and the auto type feature which once resulted in entering the password as username and no password.

The Result was first the page expired error and following the form resend a correct login!!

Steps To Reproduce Steps to reproduce the behavior:

1. Go to the URL of the bookstack install (in this case https://archimedes-wiki.nimbusec.com)
2. After the redirect to login enter your credentials and click Log In
3. See error (if it appears)

Expected behavior Provided I enter valid credentials, I expect to be logged in.

Screenshots If applicable, add screenshots to help explain your problem.

Your Configuration (please complete the following information):

• Exact BookStack Version: BookStack v0.19.0
• PHP Version: PHP 7.1.10 (cli) (built: Oct 10 2017 01:25:12) ( NTS )
• Hosting Method (Nginx/Apache/Docker) Docker (currently 18.06-1)

Additional context The corresponding request logs for Firefox (although in this case, the login post redirected me back to the login page and after entering my credentials again, the error appeared)

bookstack_bookstack.1.zg42bik2l1bd@dorothea.cumulo.local    | bookstack.dev:80 10.255.0.12 - - [17/Nov/2018:12:58:48 +0000] "GET / HTTP/1.1" 302 1414 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
bookstack_bookstack.2.xcmyxfzosv1l@doris.cumulo.local    | bookstack.dev:80 10.255.0.2 - - [17/Nov/2018:12:58:48 +0000] "GET /login HTTP/1.1" 200 2703 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
bookstack_bookstack.2.xcmyxfzosv1l@doris.cumulo.local    | bookstack.dev:80 10.255.0.12 - - [17/Nov/2018:12:59:00 +0000] "POST /login HTTP/1.1" 302 1384 "https://archimedes-wiki.nimbusec.com/login" "Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
bookstack_bookstack.1.zg42bik2l1bd@dorothea.cumulo.local    | bookstack.dev:80 10.255.0.2 - - [17/Nov/2018:12:59:01 +0000] "GET / HTTP/1.1" 302 1416 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
bookstack_bookstack.1.zg42bik2l1bd@dorothea.cumulo.local    | bookstack.dev:80 10.255.0.12 - - [17/Nov/2018:12:59:01 +0000] "GET /login HTTP/1.1" 200 2702 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
bookstack_bookstack.2.xcmyxfzosv1l@doris.cumulo.local    | bookstack.dev:80 10.255.0.2 - - [17/Nov/2018:12:59:06 +0000] "POST /login HTTP/1.1" 419 2119 "https://archimedes-wiki.nimbusec.com/login" "Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"

and Chromium`

bookstack_bookstack.2.xcmyxfzosv1l@doris.cumulo.local    | bookstack.dev:80 10.255.0.12 - - [17/Nov/2018:13:00:30 +0000] "GET /login HTTP/1.1" 200 2698 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"
bookstack_bookstack.1.zg42bik2l1bd@dorothea.cumulo.local    | bookstack.dev:80 10.255.0.2 - - [17/Nov/2018:13:00:42 +0000] "POST /login HTTP/1.1" 419 2123 "https://archimedes-wiki.nimbusec.com/login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"

[dahawk]

For me the issue was fixed by switching to the latest version. As changing to the latest Docker image worked fine without additional work, I decided to switch to the current image.

Looking at the log in hindsight, bookstack was unintentionally running with two replicas on the same db and storage and both instances took turns answering the requests.