[OBS-748] Session lost after viewing device overview - Observium

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Web Interface
Labels:
None
Environment:
CentOS 6.5 / PHP 5.3.3 / Observium 0.14.3.5109

Description

When viewing a particular host (but this issue is not exclusive to this host), in most of the cases, the various graphs on the device overview page show "No Auth" in a pink image. When this happens, the session is destroyed and i need to log in again. This doesn't happen all the time, but it does most of the time. See attached image.
There's no indicator that it has to do with the limits specified in php.ini. There's no log entry in the error_log. The session just gets destroyed for no particular reason.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

is_graph-r5326.patch
1.0 kB
2014/04/17 01:31 AM
obs-noauth.png
230 kB
2014/03/17 09:10 PM
slm4996-php-i.txt
21 kB
2014/03/25 11:36 PM

Activity

[OBS-748] Session lost after viewing device overview

Remco Bressers added a comment - 2014/04/18 01:46 AM

Looks fine by me after some extensive testing. Thanks!

Remco Bressers added a comment - 2014/04/18 01:46 AM Looks fine by me after some extensive testing. Thanks!

Maarten Moerman added a comment - 2014/04/18 01:40 AM

I have not seen it anymore

Maarten Moerman added a comment - 2014/04/18 01:40 AM I have not seen it anymore

Mike Stupalov added a comment - 2014/04/18 01:33 AM

But this issue now fixed?

Mike Stupalov added a comment - 2014/04/18 01:33 AM But this issue now fixed?

Solomon Seal added a comment - 2014/04/18 12:03 AM

oh dear, yes i believe I did. Sorry about that.

Solomon Seal added a comment - 2014/04/18 12:03 AM oh dear, yes i believe I did. Sorry about that.

Cameron Moore added a comment - 2014/04/18 12:00 AM

Solomon,
I think you put that on the wrong JIRA Issue.

Cameron Moore added a comment - 2014/04/18 12:00 AM Solomon, I think you put that on the wrong JIRA Issue.

Cameron Moore added a comment - 2014/04/17 01:31 AM

Mike,
I'm attaching a patch to simplify is_graph(). Your original patch probably works for everyone, but I had to rewrite is_graph() because I run Observium in a subdirectory (yes, I know...unsupported config).

Anyway, I'm able to set $lifetime_id = 10 with your changes, and I never see any No Auth images. Looks like the changes resolved the problem.

Cameron Moore added a comment - 2014/04/17 01:31 AM Mike, I'm attaching a patch to simplify is_graph(). Your original patch probably works for everyone, but I had to rewrite is_graph() because I run Observium in a subdirectory (yes, I know...unsupported config). Anyway, I'm able to set $lifetime_id = 10 with your changes, and I never see any No Auth images. Looks like the changes resolved the problem.

Solomon Seal added a comment - 2014/04/17 12:38 AM

Mike, looks good (r5326).

I haven't seen a "No auth" graph in the past 30 minutes of continuous paging around, and pages with lots of graphs like the processor health page no longer fail to load some of the graphs.

Solomon Seal added a comment - 2014/04/17 12:38 AM Mike, looks good (r5326). I haven't seen a "No auth" graph in the past 30 minutes of continuous paging around, and pages with lots of graphs like the processor health page no longer fail to load some of the graphs.

Mike Stupalov added a comment - 2014/04/16 09:36 PM

Now should be finally fixed in r5323.
Pls, test someone

Mike Stupalov added a comment - 2014/04/16 09:36 PM Now should be finally fixed in r5323. Pls, test someone

Cameron Moore added a comment - 2014/04/16 02:19 PM

Mike,
At line 28 of html/includes/authenticate.inc.php, you regenerate the Session ID every 20 seconds ($lifetime_id = 20).

So, let's say you go to a Device Overview page, wait 18 seconds, and then click the Collectd tab (or any page that has many graphs that may take a few seconds to load). Any graphs that are requested after the remaining 2 seconds of our original session will fail with "No Auth" because the browser has already queued up the requests with the original Session ID.

I was able to see this happening in FF with the Network developer tab (F12). Click on a GET request and then the Cookies tab to watch the cookies change.

I ended up setting $lifetime_id = 43200 (12 hrs) since I figured my session could expire when I'm out of the office. Adam thought you may want to avoid generating new Session IDs when hitting graph.php, but I'll leave that to you guys.

Cameron Moore added a comment - 2014/04/16 02:19 PM Mike, At line 28 of html/includes/authenticate.inc.php , you regenerate the Session ID every 20 seconds ( $lifetime_id = 20 ). So, let's say you go to a Device Overview page, wait 18 seconds, and then click the Collectd tab (or any page that has many graphs that may take a few seconds to load). Any graphs that are requested after the remaining 2 seconds of our original session will fail with "No Auth" because the browser has already queued up the requests with the original Session ID. I was able to see this happening in FF with the Network developer tab (F12). Click on a GET request and then the Cookies tab to watch the cookies change. I ended up setting $lifetime_id = 43200 (12 hrs) since I figured my session could expire when I'm out of the office. Adam thought you may want to avoid generating new Session IDs when hitting graph.php, but I'll leave that to you guys.

Remco Bressers added a comment - 2014/04/11 02:03 AM

Hi Mike,
I just upgraded to latest (5277) and will keep an eye open for this issue. Please keep the ticket open for a few more days.
Thanks!

Remco Bressers added a comment - 2014/04/11 02:03 AM Hi Mike, I just upgraded to latest (5277) and will keep an eye open for this issue. Please keep the ticket open for a few more days. Thanks!

People

Assignee:: Mike Stupalov

Reporter:: Remco Bressers

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2014/03/17 09:10 PM

Updated:: 2014/12/05 01:44 AM

Resolved:: 2014/04/18 05:02 PM