The mailing list for listmasters using Sympa

[Serge Aumont <address@concealed>]

Muhammed Sameer wrote:
> SAlaam,
>
> Hey these are the logs that are generated once I try to edit a user.
>
>
> Sep 16 17:56:22 extranet wwsympa[29783]: SympaSession::new() 
> SympaSession::new ignoring unknown session cookie
> Sep 16 17:56:22 extranet wwsympa[29783]: [robot intranet.directi.com] [client 
> 192.168.1.3] [list prj-obox-devalerts] main::do_editsubscriber() 
> do_editsubscriber(address@concealed)
> Sep 16 17:56:22 extranet wwsympa[29783]: [robot intranet.directi.com] [client 
> 192.168.1.3] [list prj-obox-devalerts] main::do_editsubscriber() 
> do_editsubscriber: may not edit
>   
Salaam

Your session is broken so a new session is started as anonymous user. 
Sympa session uses several session hijacking prevention method that can 
be the reason why your session is broken. (doc about session hijacking : 
http://en.wikipedia.org/wiki/Session_hijacking#Prevention )

Two method used by Sympa can break  sessions :

-for each clic the session id is renewed.  You can remove this by 
changing the following line in SympaSession.pm (subroutine store) :
   ## Renew the session ID in order to prevent session hijacking
   my $new_id = &get_random();

   to be changed by

   my $new_id = $self->{'id_session'}

This is not a patch we will include in Sympa release until we have some 
technical description of a problem solved by this method.

The second reason that can break sessions is that Sympa check that the 
client IP adress is unchanged during the session. This may be a problem 
if you are using NAT, multiple proxy or any other method that may change 
the @IP of the client.
In such case Sympa logs : "SympaSession::new ignoring session cookie 
because remote host X.X.X.X is not the original host".

This can be solved applying the following patch : 
http://sourcesup.cru.fr/cgi/viewvc.cgi/trunk/wwsympa/SympaSession.pm?r1=5107&r2=5142

Let us known what solve your problem. If not anyone of thoses two method 
solve the problem, please could you check that the value of client 
cookie sympasession is registered as id_session in session_table.

Serge












Could you look for "ignoring session cookie because remote host..." in 
you logs. If this record is logued this mean probably that you are using 
a configuration with proxy, reverse proxy, nat or any other system that 
chenge the client remotehost so the session is broken and the service is 
requested as anomymous user.

In order to solve that problem, you may apply the following patch :
http://sourcesup.cru.fr/cgi/viewvc.cgi/trunk/wwsympa/SympaSession.pm?r1=5107&r2=5142



If this is not the problem. You should try to understand the raison why 
the session broken ("new ignoring unknown session cookie"). If this 
problem can be reproduced, we would be pleased if you could look at you 
client cookie "sympa_session" and search it's value in Sympa database, 
table "session_table" as field "id_session".
> Regards,
> Muhammed Sameer
>
>
> --- On Mon, 9/15/08, address@concealed <address@concealed> wrote:
>
>   
> > From: address@concealed <address@concealed>
> > Subject: [sympa-users] AUTHORIZATION REJECT (set) This action is restricted 
> > to list owners.
> > To: address@concealed
> > Date: Monday, September 15, 2008, 11:50 PM
> > Salaam,
> >
> > Hey everyone, I get this error when i try to set the
> > reception mode of a user
> > to 'No Mail'
> >
> > This is the error
> > AUTHORIZATION REJECT (set) This action is restricted to
> > list owners. 
> >
> > This even after me being the listmaster, the same thing
> > happens even if I am
> > the list owner.
> >
> > Not just do I get this, but also, sympa logs me out from
> > the interface.
> >
> > Any help will be appreciated.
> >
> > Thanks in advance,
> > Regards
> > Muhammed Sameer
> > Sysad
> > directi
> >     
>
>
>       
>