SOLVED [CPANEL-39236] Login bug can cause services to restart

[rolinger]

I discovered an odd glitch that probably should be reported as a bug.

If you login to WHM, go to a service that can be restarted, such as "SQL Server (MySQL) " and then select "YES" to restart the service. The service restarts displaying the startup info and that the service has been restarted and is active again. All is good.

However, if you stay on this screen and the Login session times out, it will take you back to the login screen. If you login again, the page starts back up on the "I already selected YES to restart the service" response page - and it restarts the service again. This can be replicated as I have done it, by accident, a few times now.

The WHM is remembering the last page you were on, and after login, takes you back to the same page - if it happens to be the "response" page AFTER clicking a "YES, Restart Service" - then the Login will trigger another 'restart service'. WHM session login page should never allow the page to land on the service restart "response" page.

 

[quietFinn]

You are right, has happened to me a few times.

 

[cPanelAnthony]

Thanks for the tip! I am looking into this and will update this thread as soon as possible.

 

[cPanelAnthony]

Hello again! I am very sorry for the delay! I have been able to replicate this issue by forcing the server to log me out while following these steps. I will get a case open and update this thread as soon as I finish gathering information on this issue.

 

[cPanelAnthony]

We have opened an internal case to investigate this issue. You can keep track of it get more information by following this article.

Services restart again if you get logged out of WHM due to cookies and log in

I will also update this thread once a fix has been implemented. Thank you for reporting this!

 

[rolinger]

Coolio, thanks for jumping on it @cPanelAnthony

 

[rolinger]

@cPanelAnthony, I just read the article. It states that when "WHM detects an IP change it logs you out". Well, yes, that could happen too. But the issue can happen any time WHM forces an auto logout. Cookies expire, IP change, etc . My IP rarely changes but due to session/cookie timeout the logout/restart service occurs quite frequently during my dev testing (which often requires service restarts).

 

[rolinger]

Just happened again on my apache service.

Any update on this?

 

[cPRex]

Hey there! Our team did look into this issue and decided not to apply any fixes to workaround this problem. The explanation was that this is essentially the same as bookmarking a restart service page, such as /cpsessXXXXXXXX/scripts/reshttpd?confirm=1, as that would also trigger this behavior.

 

[rolinger]

This is a bad 'intended' behavior. This just happened to me again.

Bookmarking a service `restart` makes no sense. I can understand book marking the page before clicking on a restart, but not book marking a page that has already triggered a restart. Logging directly into a `triggered` restart page causes the service to restart again. Besides, booking marking a `service restart` page isn't really a daily activity that one would need to book mark. And even if you did, after a day or so the system will auto logout a user. So to book mark a page means you must first login again but because you were logged out you didn't quite know what page you may have been left on - and suddenly you are accidentally restarting a service.

At a minimum, the authentication process should check to see if its taking the user to a `service restart` page and leave the user on the page where it forces them to CLICK `restart service` - it shouldn't be automatically doing it.

I urge your team to reconsider this. Logging in should never auto-trigger anything; its just bad design.

 

[cPRex]

There isn't a way to workaround this. It's the same as when you make a purchase in a checkout and the page gives you the "do not refresh" warning. That's because if you do, it will send the signal to the server again, and you'll inadvertently make an additional purchase as many times as you refresh the page.