Closed stek6 closed 1 month ago
Hi @stek6 you have an invalid system config. The system is not able to set a secure cookie and you are in (deprecated) fallback mode using the url session. This is no bug, this is more a config issue.
Please check the FQDN and the HTTPType . Those need to match the apache config / the url you are using. Also check the ScriptAlias
All those settings need to match the reality otherwise it is not possible to set a secure cookie and you get the described behaviour.
Regards Johannes
Hi Johannes, httptype and fqdn match apache configuration, otherwise the problem would occur constantly and periodically throughout the application. Furthermore, in fallback mode the token should be visible directly in the URL? This is not my case. Simply and only in the sections indicated, only in version 6.5.8, when the settings are saved, the system logs the user out The anomaly occurs only with version 6.5.8 but not with 6.5.7 using the same configuration on the Apache side and the same configurations on otrs (httptype and fqdn). How is it possible?
Thanks in advance Stek
Hi @stek6 no offense, but I doubt that.
This behaviour matches exactly the known problem when the config does not match the realtiy. The session is added to the URL and not stored in the cookie. This is the very very old behaviour and just a (deprecated) fallback.
http vs https (HttpType)and FQDN and ScriptAlias are the most common errors.
Sometime users drop the "/znuny" or on older installations the "/otrs" in the url and the problem is the same. Sometimes people terminate SSL on the wrong host and so on...
Please check and if possible provide the urls / values when the problem occurs.
Regards
Ok, I need to apologize. This seems to be an already fixed (internal) issue, which I did not know about.
There is a fix for the upcoming 6.5.9
Thanks to @rkaldung for pointing this out
Hi Johannes, however, I am attaching a small video to confirm the reported bug and the evidence of the URLs. Thank you and @rkaldung for confirming the resolution planned for the next release (6.5.9) and the work you do to keep the project alive and updated.
Good work, Stek
https://github.com/znuny/Znuny/assets/36170678/c4e7f106-3c0a-48ce-9056-5986d63a38a8
Duplicate of https://github.com/znuny/Znuny/issues/559
Environment
Expected behavior
When the user (agent or Admin) uses the Settings menu (e.g. in Queue View or Status View) he can select, for example, the number of visible rows and/or add/remove visible columns. The Save button makes the changes effective and the form updates by modifying visible columns and/or number of rows shown
Actual behavior
When the user (agent or Admin) uses the Settings menu (e.g. in Queue View or Status View) he can select, for example, the number of visible rows and/or add/remove visible columns. When confirmation is given via the Save button, the user is logged out of OTRS and returns to login. In the Dashboard, however, the Settings button present for the various widgets is blocked and does not open any settings window
How to reproduce
Steps to reproduce the behavior:
Additional information
For the moment we have detected the anomaly in:
The same button is also present in the Dashboard but blocked: no menu for editing widgets is opened
We also made a backend change for sessions from DB to FS but it didn't solve the problem.
Errors detected in OTRS logs (debug mode); no errors in the apache logs
[Wed May 29 08:55:57 2024][Notice][Kernel::System::AuthSession::DB::RemoveSessionID] Removed SessionID n4v6aDlnAGsfUzwm6dsuBpreKTVFbM1a. [Wed May 29 08:55:57 2024][Notice][Kernel::System::AuthSession::DB::CheckSessionID] SessionID: 'n4v6aDlnAGsfUzwm6dsuBpreKTVFbM1a' is invalid!!!
[Wed May 29 13:01:19 2024][Notice][Kernel::System::AuthSession::FS::RemoveSessionID] Removed SessionID 80DgoVc7GiSuu4kcfw8FBZuanuZCQTSVtW. [Wed May 29 13:01:20 2024][Notice][Kernel::System::AuthSession::FS::CheckSessionID] SessionID: '80DgoVc7GiSuu4kcfw8FBZuanuZCQTSVtW' is invalid!!!
Screenshots