Project

General

Profile

Actions
Copy link

Defect #42199

closed

Stay logged in option prevevents users from logging in on Apache + mod passenger

Added by Karel Pičman 21 days ago. Updated 14 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Wont fix
Affected version:
6.0.0

Description

I've just verified on a clear installation of Debian 12 + Apache2 + libapache2-mod-passenger that the option Stay logged in on the login form prevents users from logging in. As log as this check box is checked you can't log in.

This is what I see in the log:

App 5836 output: [a8b48f7d-2236-41b7-bd27-5294c2ae4dc3] Started POST "/login" for 192.168.4.190 at 2025-02-01 09:21:30 +0100
App 5836 output: [a8b48f7d-2236-41b7-bd27-5294c2ae4dc3] Processing by AccountController#login as HTML
App 5836 output: [a8b48f7d-2236-41b7-bd27-5294c2ae4dc3]   Parameters: {"authenticity_token"=>"4UXUTv29KBldIUbhz4MwE926dkb4Xvrvp1X6ujdspLek8oqDvNfdhtxG6KyYvNNbrOGJoCZko_Zx5lBSNyK2-Q", "back_url"=>"/", "username"=>"admin", "password"=>"[FILTERED]", "autologin"=>"1", "login"=>"Login"}
App 5836 output: [a8b48f7d-2236-41b7-bd27-5294c2ae4dc3]   Current user: anonymous
App 5836 output: [a8b48f7d-2236-41b7-bd27-5294c2ae4dc3] Successful authentication for 'admin' from 192.168.4.190 at 2025-02-01 08:21:30 UTC
App 5836 output: [a8b48f7d-2236-41b7-bd27-5294c2ae4dc3] Redirected to http://redmine/
App 5836 output: [a8b48f7d-2236-41b7-bd27-5294c2ae4dc3] Completed 302 Found in 24ms (ActiveRecord: 13.5ms (14 queries, 0 cached) | GC: 0.0ms)
App 5836 output: [2106b248-ec9f-4c12-b98f-fc9ce2b57277] Started GET "/" for 192.168.4.190 at 2025-02-01 09:21:30 +0100
App 5836 output: [2106b248-ec9f-4c12-b98f-fc9ce2b57277] Processing by WelcomeController#index as HTML
App 5836 output: [2106b248-ec9f-4c12-b98f-fc9ce2b57277]   Current user: anonymous
App 5836 output: [2106b248-ec9f-4c12-b98f-fc9ce2b57277] Redirected to http://redmine/login?back_url=http%3A%2F%2Fredmine%2F
App 5836 output: [2106b248-ec9f-4c12-b98f-fc9ce2b57277] Filter chain halted as :check_if_login_required rendered or redirected
App 5836 output: [2106b248-ec9f-4c12-b98f-fc9ce2b57277] Completed 302 Found in 4ms (ActiveRecord: 0.8ms (3 queries, 0 cached) | GC: 0.0ms)
App 5836 output: [1193f1d4-6d77-4bb1-8442-81f7ae26a692] Started GET "/login?back_url=http%3A%2F%2Fredmine%2F" for 192.168.4.190 at 2025-02-01 09:21:30 +0100
App 5836 output: [1193f1d4-6d77-4bb1-8442-81f7ae26a692] Processing by AccountController#login as HTML
App 5836 output: [1193f1d4-6d77-4bb1-8442-81f7ae26a692]   Parameters: {"back_url"=>"http://redmine/"}
App 5836 output: [1193f1d4-6d77-4bb1-8442-81f7ae26a692]   Current user: anonymous
App 5836 output: [1193f1d4-6d77-4bb1-8442-81f7ae26a692]   Rendered layout layouts/base.html.erb (Duration: 5.3ms | GC: 0.0ms)
App 5836 output: [1193f1d4-6d77-4bb1-8442-81f7ae26a692] Completed 200 OK in 10ms (Views: 5.7ms | ActiveRecord: 1.1ms (3 queries, 0 cached) | GC: 0.0ms)=

In the code it seems that as soon the autologin info is written into cookies(`cookies[autologin_cookie_name] = cookie_options`), `session[:user_id]` is empty in the following call request.

The problem has appeared in v6.0.0. As soon as I use another server to run Redmine, e.g. Puma, Stay logged in works as expected.

Actions
Copy link
 #1

Updated by Open Stack 17 days ago

I see the same issue with Redmine 6.0.3.

My environment running on Ubuntu 24.04, Apache2 and libapache2-mod-passenger

Environment:
  Redmine version                6.0.3.stable
  Ruby version                   3.2.3-p157 (2024-01-18) [x86_64-linux-gnu]
  Rails version                  7.2.2.1
  Environment                    production
  Database adapter               PostgreSQL
  Mailer queue                   ActiveJob::QueueAdapters::SidekiqAdapter
  Mailer delivery                smtp
Redmine settings:
  Redmine theme                  Default
SCM:
  Git                            2.43.0
  Filesystem                     
Redmine plugins:
  no plugin installed

Actions
Copy link
 #2

Updated by Karel Pičman 16 days ago

It seems that the only affected version is Passenger is v6.0.17 included in Debian Bookworm. After its upgrade to the latest v6.0.24 it works again.

Upgrade instruction: https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/apache/install/oss/bookworm.html

I think we can close this issue.

Actions
Copy link
 #3

Updated by Go MAEDA 14 days ago

  • Status changed from New to Closed
  • Resolution set to Wont fix

Thank you for your feedback. I am closing this issue.

Actions
Copy link
 #4

Updated by nori yasu 14 days ago

I see the same issue with Redmine 6.0.3.

My environment running on Ubuntu 24.04, Nginx and Unicorn(unicorn-6.1.0)

Environment:
  Redmine version                6.0.3.stable
  Ruby version                   3.2.7-p253 (2025-02-04) [x86_64-linux]
  Rails version                  7.2.2.1
  Environment                    production
  Database adapter               Mysql2
  Mailer queue                   ActiveJob::QueueAdapters::AsyncAdapter
  Mailer delivery                smtp
Redmine settings:
  Redmine theme                  Gitmike
SCM:
  Git                            2.43.0
  Filesystem                     
Redmine plugins:
  no plugin installed
Actions
Copy link
 #5

Updated by nori yasu 14 days ago

Switching from Unicorn to Puma resolved the issue. I wanted to share this information. Thank you.

Actions
Copy link

Also available in: Atom PDF