User gets logged out on page refresh


#1

Summary

Using Apache reverse proxy on fresh install with email/passowrd- every time user logs in and browser page is refreshed user is logged out. ( also opening new tab in same browser asks for login again ). If page is not refreshed everything works- sending messages , using system console etc.

Steps to reproduce

How can we reproduce the issue (what version are you using?)

Mattermost:
Version: 5.1.0
Build Number: 5.1.0
Build Date: Fri Jul 13 19:03:45 UTC 2018
Build Hash: 54994502241bf40bebd9a9d7719c58f708aef5b1
Build Enterprise Ready: true
DB Version: 5.1.0

Proxy : Apache/2.4.10 ( Debian ) on separate server.

Apache vhost config:

<VirtualHost xxx.xxx.xxx.xxx:80>
    ServerName some.sub.domain
    ServerAdmin xxx@xxx.xx

    ErrorLog ${APACHE_LOG_DIR}/mattermost-error.log
    CustomLog ${APACHE_LOG_DIR}/mattermost-access.log combined

    # Enforce HTTPS:
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
<VirtualHost xxx.xxx.xxx.xxx:443>
    ServerName some.sub.domain
    ServerAdmin xxx@xxx.xx

    ErrorLog ${APACHE_LOG_DIR}/mattermost-error.log
    CustomLog ${APACHE_LOG_DIR}/mattermost-access.log combined

    RewriteEngine On
    RewriteCond %{REQUEST_URI} ^/api/v[0-9]+/(users/)?websocket [NC,OR]
    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
    RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
    RewriteRule .* ws://192.168.0.29:8065%{REQUEST_URI} [P,QSA,L]
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
    RewriteRule .* http://192.168.0.29:8065%{REQUEST_URI} [P,QSA,L]
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Ssl 'on'

    RequestHeader unset If-Modified-Since
    RequestHeader unset If-None-Match

    <LocationMatch "/api/(?<version>v[0-9]+)/(?<users>users/)?websocket$">
            Require all granted
            ProxyPassReverse ws://192.168.0.29:8065/api/v%{env:MATCH_VERSION}/%{env:MATCH_USERS}websocket
            ProxyPassReverseCookieDomain 192.168.0.29 some.sub.domain
    </LocationMatch>
    <Location />
            Require all granted
            ProxyPassReverse http://192.168.0.29:8065/
            ProxyPassReverseCookieDomain 192.168.0.29 some.sub.domain
    </Location>
    SSLEngine on

    SSLCertificateFile /etc/apache2/server.crt  # valid trusted  certificate
    SSLCertificateKeyFile /etc/apache2/server.key
    SSLCertificateChainFile /etc/apache2/gd_bundle-g2-g1.crt

    ProxyPreserveHost On
    ProxyRequests Off
 </VirtualHost>

In mattermost config SiteURL is set to “some.sub.domain”.

Mattermost log:

{"level":"info","ts":1533836758.4524226,"caller":"mux/mux.go:162","msg":"Invalid session","error":"GetSession: Invalid session token=t8m9pyxb43deigaty8tnwybanw, err=<no value>, "}
{"level":"info","ts":1533836765.1927357,"caller":"mux/mux.go:162","msg":"Invalid session","error":"GetSession: Invalid session token=15or6ies5fyedd7yuimp87hpxo, err=<no value>, "}
{"level":"error","ts":1533836768.9420962,"caller":"app/websocket_router.go:94","msg":"websocket routing error: seq=1 uid= WebSocket connection is not authenticated. Please log in and try again. [details: ]"}
{"level":"info","ts":1533836769.7385144,"caller":"mux/mux.go:162","msg":"Invalid session","error":"GetSession: Invalid session token=r1ro6ywifbfffbfm3heutpktpr, err=<no value>, "}
{"level":"error","ts":1533836772.8043542,"caller":"app/websocket_router.go:94","msg":"websocket routing error: seq=1 uid= WebSocket connection is not authenticated. Please log in and try again. [details: ]"}
{"level":"info","ts":1533836773.4485762,"caller":"mux/mux.go:162","msg":"Invalid session","error":"GetSession: Invalid session token=tmjrn16fjpynfxd8do3yc5x4rc, err=<no value>, "}
{"level":"error","ts":1533836789.3535001,"caller":"web/handlers.go:142","msg":"Invalid or missing channel_id parameter in request URL","path":"/api/v4/channels/posts","request_id":"uw48b6atk7rnjmoh577kosqwjy","ip_addr":"xxx.xxx.xxx.xxx","user_id":"h4cu98hajpdziqfoc74o489ido","method":"GET","err_where":"Context","http_code":400,"err_details":""}
{"level":"info","ts":1533836791.8211064,"caller":"mux/mux.go:162","msg":"Invalid session","error":"GetSession: Invalid session token=au7i6m57xtg8u8bue7bq84sxbr, err=<no value>, "}
session","error":"GetSession: Invalid session token=pqbxfukzrjgpinpq1dngxcwrjh, err=<no value>, "}

#2

Hi @myhkam, thanks for reaching out!

Can you also help share your Session related settings?


#3
    "SessionLengthWebInDays": 30,
    "SessionLengthMobileInDays": 30,
    "SessionLengthSSOInDays": 30,
    "SessionCacheInMinutes": 10,
    "SessionIdleTimeoutInMinutes": 70,

#4

This sounds similar to this ticket except the issue there is with desktop app / mobile: https://mattermost.atlassian.net/browse/MM-11319.

@myhkam Do you see any browser console errors in addition to the server logs you shared?


#5

Only info in console:

After logging in
21:22:49.696 websocket connecting to wss://chat.xxx.xx/api/v4/websocket websocket_client.jsx:35:12 

After/on reloading page 
21:23:04.664 websocket closed 0.04f385f9485b24b06ab9.js:1:803014
21:23:04.740 Navigated to https://chat.xxx.xx/webware/channels/town-square
21:23:06.765 websocket connecting to wss://chat.xxx.xx/api/v4/websocket websocket_client.jsx:35:12 

I can log in from both app and browser, and both will work fine side by side, buf if I refresh either of them it will log out that one.


#6

@myhkam Letting you know that I’ve asked our devs and any community members to look at this and I’ll let you know once I get feedback.