Roundcube Community Forum

 

Across timezones expired sessions are issued.

Started by FlexiRexi, June 27, 2021, 01:07:39 PM

Previous topic - Next topic

FlexiRexi

I believe I've run into a bug. I tried to provide someone I know with a free email address on my server. The server is GMT-5 and the individual lives in GMT-7.

The issue is they fail to successfully login because their session immediately expires, confirmed in developer tools in the browser. Effectively, roundcube issues "roundcube_sessionauth" cookies which are already expired outside the servers timezone.

I would be fine configuring a timeout that's 1 day out to get around this bug but I'm not seeing such an option in the configurations.

Any help?

JohnDoh

QuoteThe issue is they fail to successfully login because their session immediately expires, confirmed in developer tools in the browser. Effectively, Roundcube issues "roundcube_sessionauth" cookies which are already expired outside the servers timezone.

What version of Roundcube are you running? the `roundcube_sessionauth` is issued with no expiry as it is a session cookie. The expiry only gets set when the session is terminated.

It sounds more like a configuration issue than a session handling one. What version of PHP are you using? What session storage are you using? Are the time zones correctly configured both in your PHP and your database engine settings?

I guess lastly just for good measure have you tried with all Roundcube plugins disabled? Is there anything in the Roundcube error log? May be try enabling `session_debug` and see if that shows anything.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more...

FlexiRexi

This was out of an install through mailinabox, a script that setups a mail server in a single go. I suppose they could have done any number of things configuration wise. I'll look into your suggestions and see what I can come up with.

Roundcube Webmail 1.4.11
PHP 7.2.24-0ubuntu0.18.04.7

FlexiRexi

I couldn't get anything out of web/mail/debug logs that helped me.

I decided to created a proxy in other time zones to test myself and had no issues logging in. So now I see the issue is just this person's PC/browser (yes, they tried clearing cookies/incognito mode/usual stuff).

In any case, never mind my original post, it's not a roundcube problem. :)