Project

General

Profile

Actions

Bug #25123

open

Authentication happens twice with same session id

Added by Clark ANDRIANASOLO 16 days ago. Updated 15 days ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
Security
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
I was bothered the first time
User visibility:
First impressions of Rudder
Effort required:
Small
Priority:
97
Name check:
To do
Fix check:
To do
Regression:
No

Description

When logging in as a Rudder user, I successfully log in but I see an error log about a database unique constraint violation error on (userid, sessionid) from the UserRepository#logStartSession method :

2024-07-09 13:26:03+0000 INFO  application - Rudder authentication attempt for principal 'admin' with backend 'file': success
2024-07-09 13:26:03.351:WARN :oejs.HttpChannel:qtp125622176-20: /rudder/j_spring_security_check
Exception in thread "zio-fiber-1175" com.normation.errors$SystemError: SystemError(Error when saving session 'node06kqmzsp107cm1ezn7dr0uf1tw2' info for user 'admin',org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "usersessions_pkey"|  Detail: Key (userid, sessionid)=(admin, node06kqmzsp107cm1ezn7dr0uf1tw2) already exists.)|?at zio.interop.ZioMonadErrorE.raiseError.trace(cats.scala:628)|?at cats.Monad.map(Monad.scala:35)|?at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)|?at cats.Monad.map(Monad.scala:35)|?at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)|?at cats.Monad.map(Monad.scala:35)|?at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)|?at cats.Monad.map(Monad.scala:35)|?at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)|?at cats.Monad.map(Monad.scala:35)|?at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)|?at cats.free.Free.foldMap(Free.scala:166)|?at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)|?at cats.effect.kernel.Resource.fold(Resource.scala:173)|?at com.normation.rudder.db.Doobie.transactIOResult(Doobie.scala:93)|?at com.normation.rudder.users.JdbcUserRepository.logStartSession(UserRepository.scala:622)|?at com.normation.zio.ZioRuntime.unsafeRun(ZioCommons.scala:445)
    at zio.interop.ZioMonadErrorE.raiseError.trace(cats.scala:628)
    at cats.Monad.map(Monad.scala:35)
    at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)
    at cats.Monad.map(Monad.scala:35)
    at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)
    at cats.Monad.map(Monad.scala:35)
    at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)
    at cats.Monad.map(Monad.scala:35)
    at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)
    at cats.Monad.map(Monad.scala:35)
    at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)
    at cats.free.Free.foldMap(Free.scala:166)
    at zio.interop.ZioMonadError.tailRecM.loop(cats.scala:604)
    at cats.effect.kernel.Resource.fold(Resource.scala:173)
    at com.normation.rudder.db.Doobie.transactIOResult(Doobie.scala:93)
    at com.normation.rudder.users.JdbcUserRepository.logStartSession(UserRepository.scala:622)
    at com.normation.zio.ZioRuntime.unsafeRun(ZioCommons.scala:445)
2024-07-09 13:26:10+0000 INFO  application - Rudder authentication attempt for principal 'admin' with backend 'file': success

The database error suggests that we are executing the authenticate method twice with the same context (session and user).

We would like to know in which cases this happens, and at least avoid throwing this error.


Related issues 1 (0 open1 closed)

Related to Rudder - Bug #24017: Webapp can fail to start with null sessionid error ReleasedFran├žois ARMANDActions
Actions #1

Updated by Clark ANDRIANASOLO 16 days ago

  • Related to Bug #24017: Webapp can fail to start with null sessionid error added
Actions #2

Updated by Clark ANDRIANASOLO 16 days ago

  • Description updated (diff)
Actions #3

Updated by Clark ANDRIANASOLO 16 days ago

  • File deleted (clipboard-202407091608-isen3.png)
Actions #4

Updated by Clark ANDRIANASOLO 16 days ago

  • Description updated (diff)
Actions #5

Updated by Clark ANDRIANASOLO 15 days ago

The error happened when :
  • starting a long "archive export" process
  • restarting the webapp in the middle of the process
  • logging in again
Actions

Also available in: Atom PDF