[eGroupWare-tracker] Bugs #2809: Sessions not counted

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Ticket modified by Peter Tuhársky at 2012/02/29 13:45
Tracking SystemBugs
CategoryAdmin
VersionVersion 1.8.002
StatusOpen
ResolutionRemind
Completed10%
Priority5 - medium
Created byPeter Tuhársky
Created on2011/01/21 10:25
Assigned toRalf Becker
Summary#2809 - Sessions not counted
After upgrade from 1.6 to 1.8, eGW no longer counts the open sessions - there is always 0. This obviously affects the monthly statistics too.
Comment by Peter Tuhársky at 2012/02/29 13:45:
Setting permissions alone helped me in Debian Lenny. Thank You!
Comment by Alexander_Gelio Savitskiy at 2012/01/25 06:34:
Hi!

I have same problem. I done the next steps:

1) chmod o+r /var/lib/php5
2) suhosin.session.encrypt=off

and restart Apache2

And it's OK. I can see all current users now!

P.S. My conf: Debian 6.0.1 Squeeze, EGW v1.8.001 (from tar.gz installed), apache+php+postgres from repo.

Thanks,
Alexander
Comment by Sebastian Steinhuber at 2011/04/11 17:17:
Works for me now on trunk, too. Thanks,
Sebastian
Comment by Sebastian Steinhuber at 2011/04/09 16:08:
Just recognized that this bug was reported against the 1.8 release, but I reported for the current trunk.

Not sure, should I better open a new ticket linking to this one?
Comment by Sebastian Steinhuber at 2011/04/09 15:57:
&gt; E.G. for Debian or Ubunto you have also to take care of the
&gt; suhosin-extension:
&gt; On Debian/Ubunto often the suhosin-extension is installed. With this
&gt; extension, the active session data is encrypted and therefore EGroupware
&gt; is not able to read
&gt; the session data. This causes the “display of active sessions” and
&gt; notification-popups not to work as expected.
Great, that has put me into the right direction. I must admit that I didn't RTFM of the suhosin extension completely.
Please, let me leave some comments though.

&gt; In this case proceed as follows:
&gt; • chmod o+r /var/lib/php5 (enables read for “other”)
Are you supposing that 'session.save_path = /var/lib/php5'?
IMHO the directory $session.save_path must be readable only by the web server, but never by other without a good reason. /var/lib/php5 is [drwx-wx-wt root root] on debian.
In an EGroupware install with the official package, $session.save_path defaults to /var/lib/egroupware/sessions, for what I set permissions to 700 for www-data:www-data from the default 755 which is working fine now. Please tell me why if I'm wrong with 700.

&gt; • edit: /etc/apache2/conf.d/egroupware In row: php_admin_value
&gt; open_basedir add the value :/var/lib/php5 (as in .bashrc a path is
&gt; added, in this file a additional path will be added with a „:“ as
&gt; seperation , is there no value given, add it without „:“)
$session.save_path must be part of $open_basedir, got you?

&gt; • edit: /etc/php5/conf.d/suhosin.ini and change the line:
&gt; suhosin.session.encrypt=off to „off“ (default is „on“) -this disables
&gt; the encryption of the suhosin-extension
Editing egroupware.conf, /etc/apache2/conf.d/egroupware and adding
'php_value suhosin.session.encrypt off' works as well. Please consider to add this statement in /etc/apache2/conf.d/egroupware for the next release of EGroupware.

We got one step closer, but there is another issue apart from encryption.
Both with active and removed suhosin extension, the session counter gets updated only after I opened http://$egroupware/index.php?menuaction=admin.uicurrentsessions.list_sessions, i.e. 'show current sessions' in admin menu.

Thanks for your time and attention,

Sebastian
Comment by Birgit Becker at 2011/04/08 12:41:
Hi Peter which distribution are you using?

Birgit

E.G. for Debian or Ubunto you have also to take care of the suhosin-extension:
On Debian/Ubunto often the suhosin-extension is installed. With this extension, the active session data is encrypted and therefore EGroupware is not able to read 	 
the session data. This causes the “display of active sessions” and notification-popups not to work as expected. 	 
In this case proceed as follows: 	 
• chmod o+r /var/lib/php5 (enables read for “other”) 	 
• edit: /etc/apache2/conf.d/egroupware In row: php_admin_value open_basedir add the value :/var/lib/php5 (as in .bashrc a path is added, in this file a additional path will be added with a „:“ as seperation , is there no value given, add it without „:“) 	 
• edit: /etc/php5/conf.d/suhosin.ini and change the line: suhosin.session.encrypt=off to „off“ (default is „on“) -this disables the 	encryption of the suhosin-extension 	 
• then restart the apache webserver: /etc/init.d/apache2 restart 

This needs to be adapted for other distributions ...

Comment by Peter Tuhársky at 2011/04/05 12:45:
I have added /var/lib/php5 to the php_admin_value open_basedir in the file /etc/egroupware/apache.conf

Restarted Apache, however, sessions still not counted.
Comment by Tracking System at 2011/02/18 17:01:
This Tracker item was closed automatically by the system. It was previously set to a Pending status, and the original submitter did not respond within 14 days.
Comment by Sebastian Steinhuber at 2011/02/03 00:10:
I got this issue in current trunk. Session files are created and deleted according to the login, and access is granted to the web server user. I have no clue why EGroupware ignores them.

There are these apache directives in my VirtualHost config:

php_value session.save_handler files
php_value session.save_path /var/lib/egroupware/sessions
php_value open_basedir /var/www/egroupware/:/var/lib/egroupware/:/usr/share/php/:/usr/bin/php:/tmp:/var/www/jpgraph/:/usr/bin/aspell:/usr/bin/crontab:/etc/debian_version

(no difference when adding /var/lib/egroupware/sessions to open_basedir)

#ls -al /var/lib/egroupware/sessions
drwxrwx--T 2 root     www-data     60  2. Feb 19:02 .
drwxr-xr-x 4 www-data www-data   4096 12. Jan 14:48 ..
-rw------- 1 www-data www-data 446080  2. Feb 23:00 sess_p0r09cmp271o532b23jpqho6m2

Cheers,
Sebastian
Comment by Klaus Leithoff at 2011/01/26 10:48:
Either in the php.ini, or your egroupware.conf, or in your vhost configuration

open_basedir

is the name.
Comment by Peter Tuhársky at 2011/01/25 16:05:
Please, where should I look for the directive?
Comment by Klaus Leithoff at 2011/01/25 16:02:
Check if your/a open_basedir directive is in effect.
If it is, include the php session path into the directory list.
Restart your WebServer process.
After that EGroupware should be able to read / browse the session directory (given the needed rights), and with that count the sessions.

Comment by Peter Tuhársky at 2011/01/25 15:10:
Yes, there is a thread, however with no useful information. Clearly it affects more users than just me. 
Comment by Birgit Becker at 2011/01/24 14:27:
Hi Peter,

i can not confirm that in general - as far as i know this can happen by a mis-configuration, but i do not know exactly what needs to be changed. I think there have been already some threads on the user-lists about that.

Birgit

Linked entries:
https://community.egroupware.org/egroupware/index.php?menuaction=tracker.tracker_ui.edit&tr_id=2809&no_popup=1