[SM-USERS] getting the dreaded "you must be logged in to access this page"
We recently migrated from an RHEL 4 system to a new RHEL6.2 server running Squirrelmail 1.4.22 & php 5.3.3. Everything had been running smoothly for a few weeks, but as of this morning we have a number of users reporting that after they successfully log in, when they click on any links they get "ERROR: You must be logged in to access this page". >From doing some digging I guess this is a problem people have run into before, >but I couldn't find any solutions that worked for us. I've tried disabling all of our plugins (listed below) without any effect. The problem appears to mostly be limited to chrome users, but not all chrome users. It works fine in chrome on my system, but (with the same version of chrome), other users get this error. Just got a report as I was typing this of two firefox user that are also affected. It appears that the cookie named "key" is being set on login, but then as soon as a user clicks a link within squirrelmail this cookie disappears. For unaffected users, this key stays around until the session ends. Installed plugins 1. delete_move_next 2. cookie_warning 3. newmail 4. squirrelspell 5. squirrel_logger SquirrelMail configtest This script will try to check some aspects of your SquirrelMail configuration and point you to errors whereever it can find them. You need to go run conf.pl in the config/ directory first before you run this script. SquirrelMail version: 1.4.22-2.el6 Config file version:1.4.0 Config file last modified: 09 March 2012 11:29:59 Checking PHP configuration... PHP version 5.3.3 OK. Running as N/A(N/A) / N/A(N/A) display_errors: error_reporting: 22527 variables_order OK: GPCS. PHP extensions OK. Dynamic loading is disabled. Checking paths... Data dir OK. Attachment dir OK. Plugins OK. Themes OK. Default language OK. Base URL detected as: https://warlock.simons-rock.edu/webmail/src (location base autodetected) Checking outgoing mail service sendmail OK Checking IMAP service IMAP server ready (* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.) Capabilities: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN Checking internationalization (i18n) settings... gettext - Gettext functions are available. On some systems you must have appropriate system locales compiled. mbstring - Mbstring functions are available. recode - Recode functions are unavailable. iconv - Iconv functions are available. timezone - Webmail users can change their time zone settings. Checking database functions... not using database functionality. Congratulations, your SquirrelMail setup looks fine to me! Brian Gold System Administrator Bard College at Simon's Rock -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] getting the dreaded "you must be logged in to access this page"
On 03/09/2012 12:07 PM, Brian Gold wrote: > We recently migrated from an RHEL 4 system to a new RHEL6.2 server running > Squirrelmail 1.4.22& php 5.3.3. Everything had been > running smoothly for a few weeks, but as of this morning we have a number of > users reporting that after they successfully log in, > when they click on any links they get "ERROR: You must be logged in to access > this page". Where are your PHP sessions being stored (session.save_path in php.ini)? Is that filesystem full? If it's tmpfs, do you have tmpwatch cleaning up things that it shouldn't (like empty hash directories, etc)? HTH, Dave -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] getting the dreaded "you must be logged in to access this page"
> Where are your PHP sessions being stored (session.save_path in php.ini)? > Is that filesystem full? If it's tmpfs, do you have tmpwatch cleaning up > things that it shouldn't (like empty hash directories, etc)? > > HTH, > > Dave /var/lib/php/session Still over 5GB available. -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] getting the dreaded "you must be logged in to access this page"
2012.03.09 19:36 Brian Gold rašė: >> Where are your PHP sessions being stored (session.save_path in php.ini)? >> Is that filesystem full? If it's tmpfs, do you have tmpwatch cleaning >> up things that it shouldn't (like empty hash directories, > etc)? >> >> HTH, >> >> Dave > > /var/lib/php/session > Still over 5GB available. Could you show all your php session settings and list of enabled php extensions. -- Tomas -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] getting the dreaded "you must be logged in to access this page"
> From: Tomas Kuliavas [mailto:to...@users.sourceforge.net] > Sent: Friday, March 09, 2012 12:41 PM > To: squirrelmail-users@lists.sourceforge.net > Subject: Re: [SM-USERS] getting the dreaded "you must be logged in to access > this page" > > Could you show all your php session settings and list of enabled php > extensions. > > -- > Tomas https://warlock.simons-rock.edu/webmail/src/phpinfo.php -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] getting the dreaded "you must be logged in to access this page"
Brian Gold wrote: > >> From: Tomas Kuliavas [mailto:to...@users.sourceforge.net] >> Sent: Friday, March 09, 2012 12:41 PM >> To: squirrelmail-users@lists.sourceforge.net >> Subject: Re: [SM-USERS] getting the dreaded "you must be logged in to >> access this page" >> >> Could you show all your php session settings and list of enabled php >> extensions. >> >> -- >> Tomas > > https://warlock.simons-rock.edu/webmail/src/phpinfo.php > > You have session.use_cookies Off http://php.net/session.configuration#ini.session.use-cookies SquirrelMail does not work without cookies without making massive changes in SquirrelMail code. Instead of upping memory limit to 512M get APC extension and make sure that server side sorting enabled in your setup, if IMAP server supports it. I suspect that you have php-pecl-apc rpm in your RHEL DVD. -- View this message in context: http://old.nabble.com/Re%3A-getting-the-dreaded-%22you-must-be-logged-in-to-access-this-page%22-tp33473353p33473780.html Sent from the squirrelmail-users mailing list archive at Nabble.com. -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] getting the dreaded "you must be logged in to access this page"
> You have session.use_cookies Off > http://php.net/session.configuration#ini.session.use-cookies > > SquirrelMail does not work without cookies without making massive changes in > SquirrelMail code. > > Instead of upping memory limit to 512M get APC extension and make sure that > server side sorting enabled in your setup, if IMAP > server supports it. I suspect that you have php-pecl-apc rpm in your RHEL DVD. Oops, forgot to turn this back on. I had turned it off while testing based on this post here: http://www.linuxquestions.org/questions/linux-server-73/squirrelmail-v1-4-21-returning-error-with-google-chrome-875651/ Either way, didn't seem to have any effect on my problem. Memory limit has been adjusted to 128M and APC has been installed (and it's shm_size adjusted to 512). -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
[SM-USERS] unserialize errors
Hello, Unexpectedly, I have started seeing errors with PHP 5.3.8 and SM 1.4.22: When trying to compose a message, I see this error: Message not sent. Server replied: Email delivery error 75 Can't execute command '/usr/sbin/sendmail -i -t -fu...@example.com'. In the logs: Mar 9 17:37:50 vmail httpd: PHP Notice: unserialize() [function.unserialize]: Error at offset 694 of 1684 bytes in /var/www/html/src/compose.php on line 371 Mar 9 18:42:55 vmail httpd: PHP Notice: unserialize() [function.unserialize]: Error at offset 809 of 3727 bytes in /var/www/html/src/compose.php on line 371 ... Mar 9 18:54:01 vmail httpd: PHP Notice: unserialize() [function.unserialize]: Error at offset 829 of 1819 bytes in /var/www/html/src/compose.php on line 371 Mar 9 19:45:19 vmail httpd: PHP Notice: unserialize() [function.unserialize]: Error at offset 1134 of 2159 bytes in /var/www/html/src/compose.php on line 371 Mar 9 20:29:51 vmail httpd: PHP Deprecated: Directive 'magic_quotes_gpc' is deprecated in PHP 5.3 and greater in Unknown on line 0 Any advice please? Thanks, Nick -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] getting the dreaded "you must be logged in to access this page"
Brian Gold wrote: > >> You have session.use_cookiesOff >> http://php.net/session.configuration#ini.session.use-cookies >> >> SquirrelMail does not work without cookies without making massive changes >> in SquirrelMail code. >> >> Instead of upping memory limit to 512M get APC extension and make sure >> that server side sorting enabled in your setup, if IMAP >> server supports it. I suspect that you have php-pecl-apc rpm in your RHEL >> DVD. > > Oops, forgot to turn this back on. I had turned it off while testing based > on this post here: > http://www.linuxquestions.org/questions/linux-server-73/squirrelmail-v1-4-21-returning-error-with-google-chrome-875651/ > Either way, didn't seem to have any effect on my problem. > > Memory limit has been adjusted to 128M and APC has been installed (and > it's shm_size adjusted to 512). > Is your server clock correct? Could you check, if you can reproduce problem with SELinux set to permissive mode? Could you check if '4. General settings -> 16. Only secure cookies if poss. -> false' solves it? Could you check your webserver logs and make sure that browsers don't try to fetch signout.php or index.php without users clicking on signout link or knowingly entering your webmail login page? -- View this message in context: http://old.nabble.com/Re%3A-getting-the-dreaded-%22you-must-be-logged-in-to-access-this-page%22-tp33473353p33473977.html Sent from the squirrelmail-users mailing list archive at Nabble.com. -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] getting the dreaded "you must be logged in to access this page"
> Is your server clock correct? > > Could you check, if you can reproduce problem with SELinux set to permissive > mode? > > Could you check if '4. General settings -> 16. Only secure cookies if poss. > -> false' solves it? > > Could you check your webserver logs and make sure that browsers don't try to > fetch signout.php or index.php without users clicking > on signout link or knowingly entering your webmail login page? Server clock is correct and syncing via NTP to an onsite server (as almost all our servers do). Already tried setting "Only secure cookies" to false and that had no effect http://pastebin.com/CqTEsZn6 - unaffected chrome user http://pastebin.com/ND3JXkX6 - affected chrome user It does look like the affected user is being redirected to login.php at some point. The only steps that I took in the affected chrome user were the following: Load /webmail/src/login.php - enter username & password Load Leftnav & inbox Click the subject line of the first message in the inbox -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] getting the dreaded "you must be logged in to access this page"
Brian Gold wrote: > >> Is your server clock correct? >> >> Could you check, if you can reproduce problem with SELinux set to >> permissive mode? >> >> Could you check if '4. General settings -> 16. Only secure cookies if >> poss. >> -> false' solves it? >> >> Could you check your webserver logs and make sure that browsers don't try >> to fetch signout.php or index.php without users clicking >> on signout link or knowingly entering your webmail login page? > > Server clock is correct and syncing via NTP to an onsite server (as almost > all our servers do). > > Already tried setting "Only secure cookies" to false and that had no > effect > > http://pastebin.com/CqTEsZn6 - unaffected chrome user > http://pastebin.com/ND3JXkX6 - affected chrome user > > It does look like the affected user is being redirected to login.php at > some point. The only steps that I took in the affected > chrome user were the following: > > Load /webmail/src/login.php - enter username & password > Load Leftnav & inbox > Click the subject line of the first message in the inbox > Patch for login.php http://pastebin.com/gVZNuKYd Not sure if formating is correct. It is used in environment which has some slight API differences. Let me know if you need offline copy or detailed explanation about side effects of this patch. -- View this message in context: http://old.nabble.com/Re%3A-getting-the-dreaded-%22you-must-be-logged-in-to-access-this-page%22-tp33473353p33474217.html Sent from the squirrelmail-users mailing list archive at Nabble.com. -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] getting the dreaded "you must be logged in to access this page"
> Patch for login.php http://pastebin.com/gVZNuKYd > > Not sure if formating is correct. It is used in environment which has some > slight API differences. Let me know if you need offline copy or detailed > explanation about side effects of this patch. That definitely appears to have resolved the issue. An explanation about side effects would be greatly appreciated. Thanks very much for all your assistance, Brian -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] unserialize errors
On 9/3/2012 9:01 μμ, Nikolaos Milas wrote: > When trying to compose a message, I see this error: > > Message not sent. Server replied: > > Email delivery error > 75 Can't execute command '/usr/sbin/sendmail -i -t > -fu...@example.com'. I found that this error was irrelevant to SM (and we corrected it). The PHP Notices are obviously due to PHP 5.3.8 and I will look forward to some patch, when available. Best Regards, Nick -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
