search

glpi-project / glpi

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
https://glpi-project.org
GNU General Public License v3.0
3.97k stars 1.25k forks source link

Unable to login when GLPI was open #17373

Open LuminousWing opened 4 days ago

LuminousWing commented 4 days ago

Code of Conduct

Is there an existing issue for this?

Version

10.0.9

Bug description

My users have the issue that when they want to get into GLPI and they were logged in before, they got logged out now and when trying to login they get the message that their login is wrong, and after re-trying for 2-3 times it suddenly works, if you refresh before attempting to login, it seems to work okay but not always. Does anyone else have this issue? It's quite annoying they sometimes have to try 3x to login...

Relevant log output

No response

Page URL

No response

Steps To reproduce

Have GLPI open but have the system log you out after some inactivity.+

Your GLPI setup information

Informatie installatie en configuratie van het systeem
GLPI 10.0.9 (/glpi => C:\inetpub\wwwroot\glpi)

Installation mode: TARBALL

Current language:nl_NL
Server
 

Operating system: Windows NT W2016GLPI 10.0 build 14393 (Windows Server 2016) AMD64

PHP 8.1.5 cgi-fcgi (Core, PDO, Phar, Reflection, SPL, SimpleXML, bcmath, calendar, cgi-fcgi, ctype, curl, date, dom, exif,

                fileinfo, filter, gd, hash, iconv, imap, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd, openssl, pcre, readline, session,

                standard, tokenizer, xml, xmlreader, xmlwriter, zip, zlib)

Setup: max_execution_time="30" memory_limit="256M" post_max_size="8M" safe_mode="" session.save_handler="files"

                upload_max_filesize="2M"

Software: Microsoft-IIS/10.0

                Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Server Software: mariadb.org binary distribution

                Server Version: 10.6.7-MariaDB

                Server SQL Mode: STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

                Parameters: root@localhost/sfzglpi

                Host info: localhost via TCP/IP

PHP version (8.1.5) is supported.

Sessions configuration is OK.

Allocated memory is sufficient.

mysqli extension is installed.

Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter.

curl extension is installed.

gd extension is installed.

intl extension is installed.

zlib extension is installed.

The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.

Database engine version (10.6.7) is supported.

No files from previous GLPI version detected.

The log file has been created successfully.

Write access to C:\inetpub\wwwroot\glpi/files/_cache has been validated.

Write access to C:\inetpub\wwwroot\glpi/config has been validated.

Write access to C:\inetpub\wwwroot\glpi/files/_cron has been validated.

Write access to C:\inetpub\wwwroot\glpi/files has been validated.

Write access to C:\inetpub\wwwroot\glpi/files/_dumps has been validated.

Write access to C:\inetpub\wwwroot\glpi/files/_graphs has been validated.

Write access to C:\inetpub\wwwroot\glpi/files/_lock has been validated.

Write access to C:\inetpub\wwwroot\glpi/files/_pictures has been validated.

Write access to C:\inetpub\wwwroot\glpi/files/_plugins has been validated.

Write access to C:\inetpub\wwwroot\glpi/files/_rss has been validated.

Write access to C:\inetpub\wwwroot\glpi/files/_sessions has been validated.

Write access to C:\inetpub\wwwroot\glpi/files/_tmp has been validated.

Write access to C:\inetpub\wwwroot\glpi/files/_uploads has been validated.

Web server root directory configuration is not safe as it permits access to non-public files. See installation documentation for more details.

The following directories should be placed outside "C:\inetpub\wwwroot\glpi":

‣ "C:\inetpub\wwwroot\glpi/files" ("GLPI_VAR_DIR")

‣ "C:\inetpub\wwwroot\glpi\config" ("GLPI_CONFIG_DIR")

You can ignore this suggestion if your web server root directory is "C:\inetpub\wwwroot\glpi\public".

PHP directive "session.cookie_secure" should be set to "on" when GLPI can be accessed on HTTPS protocol.

PHP directive "session.cookie_httponly" should be set to "on" to prevent client-side script to access cookie values.

OS and PHP are relying on 64 bits integers.

exif extension is installed.

ldap extension is installed.

openssl extension is installed.

Following extensions are installed: Phar, zip.

Following extensions are not present: bz2.

Zend OPcache extension is not present.

Following extensions are installed: ctype, iconv, mbstring.

Following extensions are not present: sodium.

Write access to C:\inetpub\wwwroot\glpi/marketplace has been validated.

Timezones seems not loaded, see https://glpi-install.readthedocs.io/en/latest/timezones.html.
GLPI constants
 

GLPI_ROOT: "C:\\inetpub\\wwwroot\\glpi"

GLPI_CONFIG_DIR: "C:\\inetpub\\wwwroot\\glpi/config"

GLPI_VAR_DIR: "C:\\inetpub\\wwwroot\\glpi/files"

GLPI_MARKETPLACE_DIR: "C:\\inetpub\\wwwroot\\glpi/marketplace"

GLPI_USE_CSRF_CHECK: "1"

GLPI_CSRF_EXPIRES: "7200"

GLPI_CSRF_MAX_TOKENS: "100"

GLPI_USE_IDOR_CHECK: "1"

GLPI_IDOR_EXPIRES: "7200"

GLPI_ALLOW_IFRAME_IN_RICH_TEXT: false

GLPI_SERVERSIDE_URL_ALLOWLIST: ["/^(https?|feed):\\/\\/[^@:]+(\\/.*)?$/"]

GLPI_TELEMETRY_URI: https://telemetry.glpi-project.org/

GLPI_INSTALL_MODE: "TARBALL"

GLPI_NETWORK_MAIL: [glpi@teclib.com](mailto:glpi@teclib.com)

GLPI_NETWORK_SERVICES: https://services.glpi-network.com/

GLPI_MARKETPLACE_ALLOW_OVERRIDE: true

GLPI_MARKETPLACE_MANUAL_DOWNLOADS: true

GLPI_USER_AGENT_EXTRA_COMMENTS: ""

GLPI_DISABLE_ONLY_FULL_GROUP_BY_SQL_MODE: "1"

GLPI_AJAX_DASHBOARD: "1"

GLPI_CALDAV_IMPORT_STATE: 0

GLPI_DEMO_MODE: "0"

GLPI_CENTRAL_WARNINGS: "1"

GLPI_DOC_DIR: "C:\\inetpub\\wwwroot\\glpi/files"

GLPI_CACHE_DIR: "C:\\inetpub\\wwwroot\\glpi/files/_cache"

GLPI_CRON_DIR: "C:\\inetpub\\wwwroot\\glpi/files/_cron"

GLPI_DUMP_DIR: "C:\\inetpub\\wwwroot\\glpi/files/_dumps"

GLPI_GRAPH_DIR: "C:\\inetpub\\wwwroot\\glpi/files/_graphs"

GLPI_LOCAL_I18N_DIR: "C:\\inetpub\\wwwroot\\glpi/files/_locales"

GLPI_LOCK_DIR: "C:\\inetpub\\wwwroot\\glpi/files/_lock"

GLPI_LOG_DIR: "C:\\inetpub\\wwwroot\\glpi/files/_log"

GLPI_PICTURE_DIR: "C:\\inetpub\\wwwroot\\glpi/files/_pictures"

GLPI_PLUGIN_DOC_DIR: "C:\\inetpub\\wwwroot\\glpi/files/_plugins"

GLPI_RSS_DIR: "C:\\inetpub\\wwwroot\\glpi/files/_rss"

GLPI_SESSION_DIR: "C:\\inetpub\\wwwroot\\glpi/files/_sessions"

GLPI_TMP_DIR: "C:\\inetpub\\wwwroot\\glpi/files/_tmp"

GLPI_UPLOAD_DIR: "C:\\inetpub\\wwwroot\\glpi/files/_uploads"

GLPI_INVENTORY_DIR: "C:\\inetpub\\wwwroot\\glpi/files/_inventories"

GLPI_NETWORK_REGISTRATION_API_URL: https://services.glpi-network.com/api/registration/

GLPI_MARKETPLACE_PLUGINS_API_URI: https://services.glpi-network.com/api/marketplace/

GLPI_I18N_DIR: "C:\\inetpub\\wwwroot\\glpi/locales"

GLPI_VERSION: "10.0.9"

GLPI_SCHEMA_VERSION: [10.0.9@77fc44668eaae89b61d95fe606d20d93d66110cd](mailto:10.0.9@77fc44668eaae89b61d95fe606d20d93d66110cd)

GLPI_MARKETPLACE_PRERELEASES: false

GLPI_MIN_PHP: "7.4.0"

GLPI_MAX_PHP: "8.3.0"

GLPI_YEAR: "2023"
Libraries
 

htmlawed/htmlawed version 1.2.14 in (C:\inetpub\wwwroot\glpi\vendor\htmlawed\htmlawed)

phpmailer/phpmailer version 6.8.0 in (C:\inetpub\wwwroot\glpi\vendor\phpmailer\phpmailer\src)

simplepie/simplepie version 1.5.8 in (C:\inetpub\wwwroot\glpi\vendor\simplepie\simplepie\library)

tecnickcom/tcpdf version 6.6.2 in (C:\inetpub\wwwroot\glpi\vendor\tecnickcom\tcpdf)

michelf/php-markdown in (C:\inetpub\wwwroot\glpi\vendor\michelf\php-markdown\Michelf)

true/punycode in (C:\inetpub\wwwroot\glpi\vendor\true\punycode\src)

iamcal/lib_autolink in (C:\inetpub\wwwroot\glpi\vendor\iamcal\lib_autolink)

sabre/dav in (C:\inetpub\wwwroot\glpi\vendor\sabre\dav\lib\DAV)

sabre/http in (C:\inetpub\wwwroot\glpi\vendor\sabre\http\lib)

sabre/uri in (C:\inetpub\wwwroot\glpi\vendor\sabre\uri\lib)

sabre/vobject in (C:\inetpub\wwwroot\glpi\vendor\sabre\vobject\lib)

laminas/laminas-i18n in (C:\inetpub\wwwroot\glpi\vendor\laminas\laminas-i18n\src)

laminas/laminas-servicemanager in (C:\inetpub\wwwroot\glpi\vendor\laminas\laminas-servicemanager\src)

monolog/monolog in (C:\inetpub\wwwroot\glpi\vendor\monolog\monolog\src\Monolog)

sebastian/diff in (C:\inetpub\wwwroot\glpi\vendor\sebastian\diff\src)

donatj/phpuseragentparser in (C:\inetpub\wwwroot\glpi\vendor\donatj\phpuseragentparser\src\UserAgent)

elvanto/litemoji in (C:\inetpub\wwwroot\glpi\vendor\elvanto\litemoji\src)

symfony/console in (C:\inetpub\wwwroot\glpi\vendor\symfony\console)

scssphp/scssphp in (C:\inetpub\wwwroot\glpi\vendor\scssphp\scssphp\src)

laminas/laminas-mail in (C:\inetpub\wwwroot\glpi\vendor\laminas\laminas-mail\src\Protocol)

laminas/laminas-mime in (C:\inetpub\wwwroot\glpi\vendor\laminas\laminas-mime\src)

rlanvin/php-rrule in (C:\inetpub\wwwroot\glpi\vendor\rlanvin\php-rrule\src)

blueimp/jquery-file-upload in (C:\inetpub\wwwroot\glpi\vendor\blueimp\jquery-file-upload\server\php)

ramsey/uuid in (C:\inetpub\wwwroot\glpi\vendor\ramsey\uuid\src)

psr/log in (C:\inetpub\wwwroot\glpi\vendor\psr\log\Psr\Log)

psr/simple-cache in (C:\inetpub\wwwroot\glpi\vendor\psr\simple-cache\src)

psr/cache in (C:\inetpub\wwwroot\glpi\vendor\psr\cache\src)

league/csv in (C:\inetpub\wwwroot\glpi\vendor\league\csv\src)

mexitek/phpcolors in (C:\inetpub\wwwroot\glpi\vendor\mexitek\phpcolors\src\Mexitek\PHPColors)

guzzlehttp/guzzle in (C:\inetpub\wwwroot\glpi\vendor\guzzlehttp\guzzle\src)

guzzlehttp/psr7 in (C:\inetpub\wwwroot\glpi\vendor\guzzlehttp\psr7\src)

glpi-project/inventory_format in (C:\inetpub\wwwroot\glpi\vendor\glpi-project\inventory_format\lib\php)

wapmorgan/unified-archive in (C:\inetpub\wwwroot\glpi\vendor\wapmorgan\unified-archive\src)

paragonie/sodium_compat in (C:\inetpub\wwwroot\glpi\vendor\paragonie\sodium_compat\src)

symfony/cache in (C:\inetpub\wwwroot\glpi\vendor\symfony\cache)

html2text/html2text in (C:\inetpub\wwwroot\glpi\vendor\html2text\html2text\src)

symfony/css-selector in (C:\inetpub\wwwroot\glpi\vendor\symfony\css-selector)

symfony/dom-crawler in (C:\inetpub\wwwroot\glpi\vendor\symfony\dom-crawler)

twig/twig in (C:\inetpub\wwwroot\glpi\vendor\twig\twig\src)

twig/string-extra in (C:\inetpub\wwwroot\glpi\vendor\twig\string-extra)

symfony/polyfill-ctype not found

symfony/polyfill-iconv not found

symfony/polyfill-mbstring not found

symfony/polyfill-php80 not found

symfony/polyfill-php81 not found

symfony/polyfill-php82 in (C:\inetpub\wwwroot\glpi\vendor\symfony\polyfill-php82)

league/oauth2-client in (C:\inetpub\wwwroot\glpi\plugins\oauthimap\vendor\league\oauth2-client\src\Provider)

league/oauth2-google in (C:\inetpub\wwwroot\glpi\plugins\oauthimap\vendor\league\oauth2-google\src\Provider)

thenetworg/oauth2-azure in (C:\inetpub\wwwroot\glpi\plugins\oauthimap\vendor\thenetworg\oauth2-azure\src\Provider)
LDAP directories
 

Server: '10.22.14.1', Port: '389', BaseDN: 'DC=sfz,DC=local', Connection filter:

                               '(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))', RootDN:

                               'adminbholemans@sfz.local', Use TLS: none
SQL replicas
 

Not active
Notifications
 

Way of sending emails: SMTP ([anonymous@smtp.sfz.local](mailto:anonymous@smtp.sfz.local))
Plugins list
 

                fields               Name: Additional fields              Version: 1.20.5     State: Enabled                                

                               Install Method: Manual

                mreporting           Name: More Reporting                 Version: 1.8.2      State: Enabled                                

                               Install Method: Manual

                oauthimap            Name: Oauth IMAP                     Version: 1.4.2      State: Enabled                                

                               Install Method: Manual

Anything else?

No response

cedric-anne commented 4 days ago

Hi,

If it works from time to time, then it is probably a connectivity issue with your LDAP. Try to upgrade to GLPI 10.0.15 to see if the problem persist. Some changes have been made on the LDAP connection feature to make it more resilient to errors. Even if your issue is not fixed, it may help you by providing more precise logs.

cconard96 commented 4 days ago

It is also possible to be a CSRF issue. If you leave the GLPI login page open for more than 2 hours without refreshing it, the token for the login page expires and you will fail to login that first time. This should be less of an issue when GLPI 11 is released (see #16289).

Checking your GLPI logs (files/_log folder) for entries around the time of the issue should say exactly why it failed. Specifically, check access-errors.log and php-errors.log.

LuminousWing commented 4 days ago

That is usually how it happens, GLPI stays open and logged in but when clicking anywhere it takes you back to the login page which triggers the unable to login issue unless you try 3 times or refresh before attempting.