Author Topic: "Your session is invalid or expired." But only from a form submission page.  (Read 4711 times)

Offline ernied

  • Newbie
  • *
  • Posts: 8
When we upgraded from v0.9.5 to v1.0 release, we tested the new version and found that everything worked fine with the old data in the MySQL database. So we foolishly went ahead with the new version.

Now, when people log in from our website's home page, they get the error message "Your session is invalid or expired". They can log in from the Roundcube login prompt just fine, but this is frustrating for customers because they're logging in twice.

After further testing, I also found that you can log in from our home page just fine *if* you're already logged into Roundcube in another browser tab. This appears to me to be an issue with the way Roundcube is saving its session data, but after tinkering with the $config['session_XXX'] variables, I haven't been able to find anything yet. Changing the session storage method from db to php doesn't change anything, nor does changing the session_lifetime. Turning the ip_check variable off doesn't even seem to be changing whether the IP address gets stored with the session data in the database, which I find odd (and wouldn't that affect customers with NAT?).

Our logs look like this after one such login attempt:

logs/session:

[29-Apr-2014 13:05:16 -0700]: Aborted session 7f2smbl2baucaa1dh1ki6ur0v3; no valid session data found

logs/sql:

[29-Apr-2014 13:05:16 -0700]: [1] DELETE FROM session WHERE sess_id = '7f2smbl2baucaa1dh1ki6ur
0v3';
[29-Apr-2014 13:05:16 -0700]: [2] DELETE FROM session WHERE sess_id = '7f2smbl2baucaa1dh1ki6ur
0v3';

logs/userlogins:

[29-Apr-2014 13:05:16 -0700]: Failed login for XXXXXX from 209.53.201.127 in session 7f2smbl2b
aucaa1dh1ki6ur0v3 (error: 1)

Offline interfasys

  • Newbie
  • *
  • Posts: 1
truncate the session table in the database and try again

Offline ernied

  • Newbie
  • *
  • Posts: 8
Actually, it looks like Roundcube is taking care of that on its own, every hour. I don't see a single session in the database that's more than 45 minutes old.

Offline osos

  • Jr. Member
  • **
  • Posts: 11
Did you ever find the reason/solution for this trouble?

My users report the same, and I see the same log entries. However, I have not yet been able to reproduce myself, why I was unable to debug sucessfully.

Running RC 1.0.4