Session_login.cgi working Intermittently

Hi Guys,

I am having a reproducible situation where I click on the "Login to Control Panel" button in WHMCS which is supposed to use the session based login to go right into the Virtualmin Virtual Server Admin login area. What is happening from a freshly opened IE 9 browser is a 500 error is received after the first click on "Login to Control Panel". I then refresh the tab showing the 500 error and I see the login area. I then go back to my WHMCS Product Details and click on the button again, this time it logs me in without issue. Once I am able to successfully login it is difficult to reproduce the error.

I am also able to reproduce this in FF, but instead of a server 500 error I get an error about cookies until I successfully login manually with the username and password and then logout and try again from the "Login to Control Panel" button.

I have not been able to spot any errors in the Webmin logged actions.

Please let me know if there is a simple solution to this or where to look for possible causes.

~Jeremy

Status: 
Closed (fixed)

Comments

Update -

I get the following in auth.log when the 500 error displays :

Aug 18 22:11:03 mars perl[17407]: pam_unix(webmin:session): session opened for user jeremiahbrock.com by (uid=0)

~Jeremy

-- Update

When I completely close out of IE, open a fresh browser and try the session login which results in a 500 error message, I see the following in auth.log :

Aug 18 22:21:17 mars perl[17713]: pam_unix(webmin:session): session opened for user jeremiahbrock.com by (uid=0)

When I refresh the tab showing the 500 message I get :

Aug 18 22:21:36 mars webmin[17712]: Invalid login as from 69.33.169.227

When I try to login via the "Login to Control Panel" again I get the following :

Aug 18 22:21:42 mars perl[17718]: pam_unix(webmin:session): session opened for user jeremiahbrock.com by (uid=0) Aug 18 22:21:42 mars webmin[17718]: Successful login as jeremiahbrock.com from 69.33.169.227

~Jeremy

This may be because WHMCS isn't passing the testing cooking parameter ..

To avoid the need for this, try editing /etc/webmin/miniserv.conf and adding the line no_testing_cookie=1 , then running /etc/webmin/restart

Hi Jamie,

You rock, that fixed it!!

Would you mind pointing me to some documentation or give an example of the proper parameters to be passed so I can pass it on to Matt at WHMCS?

Thanx,

~Jeremy

Great!

WHMCS should pass the notestingcookie=1 parameter to session_login.cgi along with the username and password..

Hi Jamie,

I might need this re-opened now that I am experiencing something similar. After about 12 hours or so the session login quit working altogether. Users were brought to the login with the username filled in. To resolve this I restarted webmin. Please advise.

~Jeremy

So has whmcs been updated with the fix I suggested?

Hi Jamie,

No, WHMCS has not been updated, I am bypassing the cookie check with your recommendation that works in the miniserv.conf. There seems to be an issue where the webmin side of things quits accepting session based logins and needs to be restarted.

~Jeremy

That is unusual .. I would be interested to know if any errors are logged to /var/webmin/miniserv.error , in particular about failed logins. That's the only reason I can think of for this to happen..

Automatically closed -- issue fixed for 2 weeks with no activity.

Hi Jamie,

Sorry to re-open this but the issue is back. The only work around I have been able to find is to have a cron job that kicks off a restart of webmin every hour. This is a bandaid when there should be a cure. I am not receiving any errors in /var/webmin/miniserv.error.

Please let me know if there is something else I can try.

I am using the WHMCS module with the patch to send the notestingcookie=1

Look forward to your response,

~Jeremy

Ok, I know why this happens now .. the real issue is that remote API calls (such as those made by WHMCS) don't restart Webmin properly, causing new users to not be activated,

The upcoming 3.88 Virtualmin release will fix this.

Has anyone told you today how awesome your support is?

I am very pleased to here this will be fixed.

~Jeremy