Author Topic: Login fails: Invalid request! No data was saved.  (Read 2536 times)

Offline acema

  • Newbie
  • *
  • Posts: 3
Login fails: Invalid request! No data was saved.
« on: December 07, 2019, 09:59:29 AM »
Hello Experts,

I installed Roundcubemail 1.4.1 with PHP 7.3 and Lighttpd with PHP-FPM. The installer runs fine, the MySQL (well, MariaDB) database is initialized, SMTP and IMAP work fine. But the login fails: Invalid request! No data was saved.

From the logs:
Dec  4 16:24:41 localhost lighttpd[1211]: 192.168.2.5 192.168.2.6:10010 - [04/Dec/2019:16:24:41 +0000] "POST /?_task=login HTTP/1.1" 401 5263 "https://a.b.c.de/?_task=login" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
Dec  4 16:37:10 localhost lighttpd[1211]: 192.168.2.3 192.168.2.6:10010 - [04/Dec/2019:16:37:10 +0000] "GET / HTTP/1.1" 401 5155 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
Dec  4 16:37:10 localhost lighttpd[1211]: 192.168.2.3 192.168.2.6:10010 - [04/Dec/2019:16:37:10 +0000] "GET /skins/elastic/deps/bootstrap.min.css?s=1550069270 HTTP/1.1" 200 46104 "http://192.168.2.6:10010/" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
Dec  4 16:38:43 localhost roundcubemail[5546]: <dbr19hhn> Session destroy: dbr19hhnm7o5sqt2jn1s5k2g70
Dec  4 16:38:43 localhost roundcubemail[5546]: <dbr19hhn> Failed login for XXX from 192.168.2.5(X-Real-IP: 192.168.2.1,X-Forwarded-For: 192.168.2.1) in session dbr19hhnm7o5sqt2 (error: 1)


I even started intensive debugging to find the root cause. rcube::check_request fails because the token and sess_tok have different values like:
token=MzJb12gkonJl0uJVEfrXk2pshrmEgEmy
sess_tok=B9JhHRHHof6PhbanhRJQpA2X032EUsKu

Clearing cookies, restarting the browser didn't help. Now I am lost.

Any help is welcome!
« Last Edit: December 07, 2019, 10:05:17 AM by acema »

Offline acema

  • Newbie
  • *
  • Posts: 3
Re: Login fails: Invalid request! No data was saved.
« Reply #1 on: December 07, 2019, 10:10:57 AM »
.. Minutes after the support request the issue was solved. I set the session_path to '/tmp' => bad idea.