Fri, 10 Apr 2026 04:38:50 +0000 https://bugs.horde.org/ticket/7618 Logout failed with mysql session handler Hello, I would notice failed logout from horde when I set MySql session handler. After logout the following page has shown: "We cannot verify that this request was really sent by you. It could be a malicious request." This happens only after the upgrade with same configuration from horde-groupware-webmail edition 1.1.3. I set logging to debug, but I don't see particular info when the error page is loaded: 2008-10-31T13:27:48.521862+01:00 vm-wm1 HORDE[27594]: [horde] SQL Query by SessionHandler_mysql::_read(): query = "SELECT session_data FROM horde_sessionhandler WHERE session_id = 'rfs2mupupttp6g45cq37gqpkv3' FOR UPDATE" [pid 27594 on line 139 of "/var/www/html/horde-webmail-1.2/lib/Horde/SessionHandler/mysql.php"] 2008-10-31T13:27:48.530715+01:00 vm-wm1 HORDE[27594]: [horde] Connected to the following memcache servers:23.23.23.23:11211, 23.23.23.24:11211, 23.23.23.25:11211, 23.23.23.26:11211, 23.23.23.27:11211 [pid 27594 on line 127 of "/var/www/html/horde-webmail-1.2/lib/Horde/Memcache.php"] 2008-10-31T13:27:48.605488+01:00 vm-wm1 HORDE[27594]: [horde] Max memory usage: 7864320 bytes [pid 27594 on line 339 of "/var/www/html/horde-webmail-1.2/lib/Horde/Registry.php"] 2008-10-31T13:27:49.509675+01:00 vm-wm1 HORDE[27573]: [horde] SQL Query by SessionHandler_mysql::_read(): query = "SELECT session_data FROM horde_sessionhandler WHERE session_id = 'spg7isdick0fifkop111ksjlk6' FOR UPDATE" [pid 27573 on line 139 of "/var/www/html/horde-webmail-1.2/lib/Horde/SessionHandler/mysql.php"] 2008-10-31T13:27:49.531630+01:00 vm-wm1 HORDE[27573]: [horde] Connected to the following memcache servers:23.23.23.23:11211, 23.23.23.24:11211, 23.23.23.25:11211, 23.23.23.26:11211, 23.23.23.27:11211 [pid 27573 on line 127 of "/var/www/html/horde-webmail-1.2/lib/Horde/Memcache.php"] 2008-10-31T13:27:49.556592+01:00 vm-wm1 HORDE[27573]: [horde] Max memory usage: 7077888 bytes [pid 27573 on line 339 of "/var/www/html/horde-webmail-1.2/lib/Horde/Registry.php"] 2008-10-31T13:27:49.563092+01:00 vm-wm1 HORDE[27573]: [horde] Session data unchanged (id = spg7isdick0fifkop111ksjlk6) [pid 27573 on line 253 of "/var/www/html/horde-webmail-1.2/lib/Horde/SessionHandler.php"] This is my conf.php: $conf['vhosts'] = false; $conf['debug_level'] = E_ALL & ~E_NOTICE; $conf['max_exec_time'] = 0; $conf['compress_pages'] = true; $conf['secret_key'] = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; $conf['umask'] = 077; $conf['use_ssl'] = 2; $conf['server']['name'] = $_SERVER['SERVER_NAME']; $conf['server']['port'] = $_SERVER['SERVER_PORT']; $conf['urls']['token_lifetime'] = 60; $conf['urls']['hmac_lifetime'] = 30; $conf['urls']['pretty'] = false; $conf['safe_ips'] = array(); $conf['session']['name'] = 'Horde'; $conf['session']['use_only_cookies'] = true; $conf['session']['cache_limiter'] = 'nocache'; $conf['session']['timeout'] = 0; $conf['cookie']['domain'] = $_SERVER['SERVER_NAME']; $conf['cookie']['path'] = '/'; $conf['sql']['persistent'] = true; $conf['sql']['username'] = 'userdb'; $conf['sql']['password'] = 'xxxx'; $conf['sql']['hostspec'] = 'host.it'; $conf['sql']['port'] = 3355; $conf['sql']['protocol'] = 'tcp'; $conf['sql']['database'] = 'mydb'; $conf['sql']['charset'] = 'iso-8859-1'; $conf['sql']['splitread'] = false; $conf['sql']['phptype'] = 'mysql'; $conf['auth']['admins'] = array('hordemaster'); $conf['auth']['checkip'] = true; $conf['auth']['checkbrowser'] = true; $conf['auth']['alternate_login'] = false; $conf['auth']['redirect_on_logout'] = false; $conf['auth']['params']['app'] = 'imp'; $conf['auth']['driver'] = 'application'; $conf['signup']['allow'] = false; $conf['log']['priority'] = PEAR_LOG_DEBUG; $conf['log']['ident'] = 'HORDE'; $conf['log']['params'] = array(); $conf['log']['name'] = LOG_LOCAL6; $conf['log']['type'] = 'syslog'; $conf['log']['enabled'] = true; $conf['log_accesskeys'] = false; $conf['prefs']['params']['driverconfig'] = 'horde'; $conf['prefs']['driver'] = 'sql'; $conf['alarms']['params']['driverconfig'] = 'horde'; $conf['alarms']['params']['ttl'] = 300; $conf['alarms']['driver'] = 'sql'; $conf['datatree']['params']['driverconfig'] = 'horde'; $conf['datatree']['driver'] = 'sql'; $conf['group']['driverconfig'] = 'horde'; $conf['group']['driver'] = 'sql'; $conf['group']['cache'] = false; $conf['perms']['driverconfig'] = 'horde'; $conf['perms']['driver'] = 'sql'; $conf['share']['no_sharing'] = true; $conf['share']['any_group'] = false; $conf['share']['cache'] = false; $conf['share']['driver'] = 'sql'; $conf['cache']['default_lifetime'] = 86400; $conf['cache']['driver'] = 'memcache'; $conf['lock']['params']['driverconfig'] = 'horde'; $conf['lock']['driver'] = 'sql'; $conf['token']['params']['driverconfig'] = 'horde'; $conf['token']['driver'] = 'sql'; $conf['mailer']['params']['host'] = 'smtp.it'; $conf['mailer']['params']['auth'] = false; $conf['mailer']['type'] = 'smtp'; $conf['mailformat']['brokenrfc2231'] = false; $conf['vfs']['type'] = 'none'; $conf['sessionhandler']['params']['persistent'] = true; $conf['sessionhandler']['params']['rowlocking'] = true; $conf['sessionhandler']['params']['port'] = 3355; $conf['sessionhandler']['params']['protocol'] = 'tcp'; $conf['sessionhandler']['params']['hostspec'] = 'host.it'; $conf['sessionhandler']['params']['username'] = 'userdb'; $conf['sessionhandler']['params']['password'] = 'xxxxx'; $conf['sessionhandler']['params']['database'] = 'mydb'; $conf['sessionhandler']['type'] = 'mysql'; $conf['sessionhandler']['memcache'] = false; $conf['mime']['magic_db'] = '/usr/share/file/magic'; $conf['problems']['email'] = 'falon@csi.it'; $conf['problems']['maildomain'] = 'csi.it'; $conf['problems']['tickets'] = false; $conf['problems']['attachments'] = true; $conf['menu']['apps'] = array(); $conf['menu']['always'] = false; $conf['menu']['links']['help'] = 'all'; $conf['menu']['links']['options'] = 'authenticated'; $conf['menu']['links']['problem'] = 'never'; $conf['menu']['links']['login'] = 'all'; $conf['menu']['links']['logout'] = 'authenticated'; $conf['hooks']['permsdenied'] = false; $conf['hooks']['username'] = false; $conf['hooks']['preauthenticate'] = true; $conf['hooks']['postauthenticate'] = false; $conf['hooks']['authldap'] = false; $conf['hooks']['groupldap'] = false; $conf['portal']['fixed_blocks'] = array('horde:weatherdotcom'); $conf['weatherdotcom']['partner_id'] = 'xxxxxxxx'; $conf['weatherdotcom']['license_key'] = 'xxxxxxxx'; $conf['accounts']['params']['host'] = '23.23.23.29'; $conf['accounts']['params']['port'] = 388; $conf['accounts']['params']['basedn'] = 'c=IT'; $conf['accounts']['params']['binddn'] = 'brother'; $conf['accounts']['params']['password'] = 'syster'; $conf['accounts']['params']['attr'] = 'uid'; $conf['accounts']['params']['version'] = '3'; $conf['accounts']['params']['strip'] = false; $conf['accounts']['driver'] = 'ldap'; $conf['user']['verify_from_addr'] = false; $conf['imsp']['enabled'] = false; $conf['kolab']['enabled'] = false; $conf['memcache']['hostspec'] = array('23.23.23.23', '23.23.23.24', '23.23.23.25', '23.23.23.26', '23.23.23.27'); $conf['memcache']['port'] = array('11211', '11211', '11211', '11211', '11211'); $conf['memcache']['weight'] = array('1', '1', '1', '1', '1'); $conf['memcache']['persistent'] = true; $conf['memcache']['compression'] = false; $conf['memcache']['large_items'] = true; $conf['memcache']['enabled'] = true; /* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */ I see that logout works if I use memcache as custom session handler. I thank you very much Best Regards marco Fri, 31 Oct 2008 12:42:08 +0000 https://bugs.horde.org/ticket/7618#t50211 Do you have any other session problems with the mysql handler? Are you using innodb tables? Thu, 06 Nov 2008 04:57:57 +0000 https://bugs.horde.org/ticket/7618#t50362 > Do you have any other session problems with the mysql handler? Are > you using innodb tables? I use inno_db session_handler table. I made some test again. If I set conf[sessionhandler][params][persistent] to true, then I don't have logout issue, but after login session freezes. Sometime I can browse imap folder and navigate for a while, but finally browser freezes. The error I see into log is this: "2008-11-06T10:43:00.348816+01:00 vm HORDE[22497]: [horde] Error retrieving session data (id = m4h77vd7f9tl94v9q7ludjbca4): Lock wait timeout exceeded; try restarting transaction [pid 22497 on line 144 of "/var/www/html/horde-webmail-1.2/lib/Horde/SessionHandler/mysql.php"] 2008-11-06T10:43:52.354482+01:00 vm HORDE[22497]: [imp] Error writing session data: Lock wait timeout exceeded; try restarting transaction [pid 22497 on line 185 of "/var/www/html/horde-webmail-1.2/lib/Horde/SessionHandler/mysql.php"] 2008-11-06T10:44:44.361514+01:00 vm HORDE[22497]: [horde] Error retrieving session data (id = m4h77vd7f9tl94v9q7ludjbca4): Lock wait timeout exceeded; try restarting transaction [pid 22497 on line 144 of "/var/www/html/horde-webmail-1.2/lib/Horde/SessionHandler/mysql.php"] " If I set conf[sessionhandler][params][persistent] to false, I don't have problem. Horde is fast and work well. But if I try logout, I receive this error: "We cannot verify that this request was really sent by you. It could be a malicious request". If I go back to previous page I reload horde, so no logout happens. MySQL is 5.0.32. Thu, 06 Nov 2008 09:52:42 +0000 https://bugs.horde.org/ticket/7618#t50392 FWIW, I'm experiencing the same issues, same error messages, happening with the same settings for 'persistent'. At one point, I thought the cookie settings in Firefox (keep or remove on exit) had an influence, but I'm not sure anymore. Software used is Horde 3.3, IMP 4.3, PHP 5.2.6 on Apache 2.2.10, MySQL 5.0.45, all running on Solaris 10. Wed, 12 Nov 2008 10:35:46 +0000 https://bugs.horde.org/ticket/7618#t50681 Installation infos : horde-webmail-1.2.1 ; php-5.2.6 ; debian etch DB : mysql-4.1.11 (tables using default engine MyISAM) I think I meet the same pb. It works perfectly with file-based sessions but it rocks much more for me with Mysql-based sessions. I'll add that : 1. If I try to delete a message, it fails too with the same message "We cannot verify that this request was..." without error in logs : Jan 23 18:43:37 HORDE [debug] [horde] SQL Query by essionHandler_mysql::_read(): query = "SELECT session_data FROM horde_sessionhandler WHERE session_id = 'l4itih4bh7aj2qof1l2mr9br37' FOR UPDATE" [pid 17265 on line 139 of "/var/www/horde/lib/Horde/SessionHandler/mysql.php"] Jan 23 18:43:37 HORDE [debug] [imp] We cannot verify that this request was really sent by you. It could be a malicious request. If you intended to perform this action, you can retry it now. [pid 17265 on line 176 of "/var/www/horde/lib/Horde/Notification.php"] 2. I can't logout when app=imp (it is shown in the url), but I can logout properly when app=horde. 3. It works if I use a distinct database for horde_sessionhandler (InnoDB and MyISAM too). For instance the logs when I delete a message : Jan 23 18:54:31 HORDE [debug] [horde] SQL Query by essionHandler_mysql::_read(): query = "SELECT session_data FROM horde_sessionhandler WHERE session_id = 'vej5n9hm0q2lt68tud8q26ajr1' FOR UPDATE" [pid 17423 on line 139 of "/var/www/horde/lib/Horde/SessionHandler/mysql.php"] Jan 23 18:54:31 HORDE [debug] [horde] Session data unchanged (id = vej5n9hm0q2lt68tud8q26ajr1) [pid 17423 on line 253 of "/var/www/horde/lib/Horde/SessionHandler.php"] 4. Using separate databases allows me to use the persistent connections with the global database but not with the database dedicated for the horde_sessionhandler table (cannot connect anymore with error in logs : Jan 23 12:29:53 HORDE [error] [horde] Error retrieving session data (id = fh5kqpdsi4gihmodguds5rdl03): Lock wait timeout exceeded; try restarting transaction [pid 15201 on line 144 of "/var/www/horde/lib/Horde/SessionHandler/mysql.php"] I don't know what parameters I missed in horde ? php ? mysql ? Hope it helps. Fri, 23 Jan 2009 18:53:49 +0000 https://bugs.horde.org/ticket/7618#t51908 Duplicate of Ticket #7931. Tue, 30 Jun 2009 18:44:45 +0000 https://bugs.horde.org/ticket/7618#t54753