Menu
▾
▴
#4854 (ok 4.5) "Error: Token mismatch" when using multiple servers in parallel
When trying to use phpMyAdmin with multiple servers simultaniously, I get a "Error: Token mismatch" for the previous server.
reproduction steps:
- Have phpMyAdmin set up with multiple servers.
- Start phpMyAdmin and log into "server 1" - you see the main screen.
- At the lower right of the right window, there is an icon "Open new phpMyAdmin window" - click it to open a new phpMyAdmin window.
- The window now shows the main screen of "server 1" in another window.
- In "General Settings" on the main screen, a "Current Server" drop-down allows selecting another server. - Select "server 2".
- Log into "server 2".
- You see the main screen of "server 2" in the previously opened new window.
- Activate the first window again which shows the main screen of "server 1".
- Nearly any action done there results in "Error: Token mismatch".
PS: I have a multi-server setup, so I use "$cfg['ServerDefault'] = 0;" in my configuration file.
And by the way, this issue is not new. I basically have it as long as there has been this "Open new phpMyAdmin window" icon, which is the case for quite some time already.
This is a known issue. The cause of the problem is first window having expired token. Workaround for now would be to reloading the first window without the token (For example, by retyping the url) and selecting the server 1 again.
PR: https://github.com/phpmyadmin/phpmyadmin/pull/1648
I cannot reproduce this problem in 4.4.2. When the token expires in either window, I am taken back to the login panel in this window
I believe it's the same as https://github.com/phpmyadmin/phpmyadmin/pull/1563#issuecomment-78942637
In the above steps, before opening a second tab, can you start network monitoring on the first tab to see the request that triggers redirection to login panel? Does this request have pmaUser, pmaPass, pma-iv for the server correctly?
Madhura,
To test, I am forcing a validity of 20 seconds.
I believe that I should be looking for a POST to index.php? In this case, I don't see the parameters you mentioned.
Marc,
Not sure you have to force validity to 20 seconds. In the first window a token mismatch happens not because of session expiry but due to token change by a call to PMA_secureSession() while login in the second window.
Can you try with reasonably large value for session validity
Madhura,
with ServerDefault set to 0 and a normal LoginCookieValidity, I cannot reproduce the bug in MAINT_4_4_2. Moreover, when testing your pull request, I can no longer log in to either servers.
Last edit: Marc Delisle 2015-04-22
I still have the problem in phpMyAdmin 4.4.3.
I tried on the demo server right now using "http://demo.phpmyadmin.net/QA_4_4/index.php" and I can reproduce the very same problem there.
I tested again with ServerDefault set to 0 (was not sure whether I had this earlier) and seems to work fine.
If the bug can not be reproduced under some conditions and can not log in with this fix its probably best not to merge the fix. There is a workaround for the bug anyways. So I'd close the pull request for now.
How is the work around for this bug? I regularly use the Firefox private mode as private mode and non-private mode do not share cookies. But this only allows to connect to two MySQL servers simultaneously.
Is there any further trick to be able to connect to more than 2 servers at once without using multiple different browsers?
Should be fixed with https://github.com/phpmyadmin/phpmyadmin/pull/1762