[pmwiki-users] Authentication timeout

David Kramer david at thekramers.net
Sun Aug 22 22:49:10 CDT 2010 

On 08/22/2010 11:07 PM, David Kramer wrote:
> I've been using PMWiki for a few years, though I'm far from an expert in
> it.  I use it for coordinating some user groups and non-profit orgs.
> 
> I just upgraded my server from Ubuntu 9.10 to 10.04LTS.  Everything
> seems to be pretty much working, but I'm finding for pages with
> passwords in PMWiki, I have to enter the password each time.  The
> authentication doesn't last even for seconds.  I have tried multiple
> browsers and multiple client OSes and machines to ensure this is not a
> client-side issue.
> 
> I've scanned the list and here's the relevant settings that might be
> affecting it in /etc/php5/apache2/php.ini:
> 
> session.cache_expire = 180
> session.gc_divisor = 1000
> session.gc_maxlifetime = 1440
> 
> Obviously a lot changed when I upgraded, so I'm not positive whether the
> problem is with PHP, PMWiki, or Apache.  I can say that HTTP auth works
> as usual for other things I have on the same server.
> 
> What can I look at next?

Some more googling and things I've tried:

- I see that there was some issue with session.save_path under Ubuntu
(see https://bugs.launchpad.net/ubuntu/+source/php5/+bug/316441 and
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/573222), so I tried
setting that to /var/lib/php5 to match /etc/cron.d/php5, but no joy.  I
tried creating /tmp/phpsessions and making it owned by www-data and
using that value, but that didn't work either.

I left it as /var/lib/php5, and I see session files ARE being created there.

- I noticed that /var/lib/php5 had strange permissions (write but not read):
root at janus:/var/www/pmwiki# l /var/lib/php5/
total 12
drwx-wx-wt  2 root     root     4096 2010-08-22 23:22 .
drwxr-xr-x 90 root     root     4096 2010-08-21 18:27 ..
-rw-------  1 www-data www-data   37 2010-08-22 23:22
sess_t3a8r3l7n5jn4f1o0hm4ujlmn1

I tried changing the ownership to www-data but that didn't help, so I
changed it back to root.

- I tried commenting out the line in /etc/cron.d/php5

- I tried ?action=diag, and I see the password in the session:
    [HTTP_SESSION_VARS] => Array
        (
            [authpw] => Array
                (
                    [(DELETED)] => 1
                )

            [authid] =>
        )

    [_SESSION] => Array
        (
            [authpw] => Array
                (
                    [(DELETED)] => 1
                )

            [authid] =>
        )

- I tried resetting the passwords on the pages.  No joy.

Looking for more ideas.

Thanks.

More information about the pmwiki-users mailing list