User account disabled, solving resetting php

[markitosgv]

Hi everyone!

I don't find any information about this issue. I expose my case:

Symfony 2.8.7, FOSUserBundle "dev-master", Nginx, php7 with php-fpm and opcache actived.

Most of the times when I deploy my app (around 8/10 times), I get kicked out from the session and then when I try to login I receive a User account disabled message. Then I restart php-fpm in the server and I can login successfully.

It's strange cause when I deploy (ansible) I have a task that execute php-fpm restart. And as I said before sometimes everything goes well, and other times I need to restart php even 3 times.

Has someone the same issue?

PS. My session is stored in a external redis database.

[markitosgv]

I've got more info, this is error when User account is disabled appears:

Symfony\Component\Security\Core\Exception\DisabledException occurred in User/UserChecker.php:42

1 Symfony\Component\Security\Core\User\UserChecker->checkPreAuth(WobbleCode\UserBundle\Document\User) xxxx/app/Symfony/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/RememberMeAuthenticationProvider.php:53

Enabled seems to be false, but in database is true.

[markitosgv]

If I configure opcache with validation_timestamps to 1 (default config) works ok.

[OskarStark]

if this issue is fixed, can you please close this ticket @markitosgv ?

thank you 👍

[markitosgv]

But it's not fixed...

I put all info recopiled here:

Hi everyone!

I don't find any information about this issue. I expose my case:

Symfony 2.8.7, FOSUserBundle "dev-master", Nginx, php7 with php-fpm and opcache actived with no validation tiemstamps.

Most of the times when I deploy my app (around 8/10 times), I get kicked out from the session and then when I try to login I receive a User account disabled message. Then I restart php-fpm in the server and I can login successfully.

It's strange cause when I deploy (ansible) I have a task that execute php-fpm restart. And as I said before sometimes everything goes well, and other times I need to restart php even 3 times.

Error occurs in:

Symfony\Component\Security\Core\Exception\DisabledException occurred in User/UserChecker.php:42

If I dump $user, i see user is loaded but no enabled or locked data:

And i See in debug toolbar that's doing a redis query to find session:

0.18 ms session GET pb_sessiond1iatpii501suehogk8mr6ek85

And the info in my session is:

_sf2_attributes|a:3:{s:26:"_security.main.target_path";s:28:"https://app.xxxxx.com/";s:18:"_csrf/authenticate";s:43:"mw6yhqr8jsUIazza3qFRPk_bxCXtG-NKGrjNj26EdJ8";s:23:"_security.last_username";s:20:"marcos@xxxxx";}_sf2_flashes|a:0:{}_sf2_meta|a:3:{s:1:"u";i:1473326443;s:1:"c";i:1473326059;s:1:"l";s:1:"0";}

If I configure opcache with validation timestamps to 1 (default config) works ok, but not always.

Has someone the same issue?

PS. My session is stored in a external redis database.

[OskarStark]

did you tried to disable opcache completely?

yre you using relative paths in your nginx config?

[markitosgv]

I am deploying with ansible, and current symlinked directory to last /releases dir.

[OskarStark]

can you show me your nginx conf part where current dir is used?

[markitosgv]

Of course,

server { listen 80; server_name api.xxx.com; root /var/www/vhosts/project/xxx/current/app/Symfony/web;

[OskarStark]

and the vhost part please

[markitosgv]

location / {
    index api.php;
    try_files $uri @rewriteapp;
}

location @rewriteapp {
    rewrite ^(.*)$ /api.php/$1 last;
}

location ~ ^/(api|api_dev)\.php(/|$) {
    fastcgi_pass 127.0.0.1:9008;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;

    include fastcgi_params;

    fastcgi_param APP_ENV prod;
    fastcgi_param SYMFONY__APP__ENV prod;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param HTTPS off;
    fastcgi_buffers 8 16k;
    fastcgi_buffer_size 32k;
    fastcgi_read_timeout 300;
    fastcgi_ignore_client_abort on;
}

[markitosgv]

I'm trying some things and I belive problem is using metadata_cache_driver: apc. Im using doctrine mongodb.

[markitosgv]

@OskarStark do you see something? I try to clear both cache Apc and Opcache and sometimes I need to hit a couple times to avois "User account is disabled" message.

[geoffrey-brier]

@markitosgv Your nginx config is wrong (check this link for insights).

Basically, you should rely on $realpath_root everywhere instead of $document_root, you have to change your SCRIPT_FILENAME and add the DOCUMENT_ROOT this way :

fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;