SOLVED [CPANEL-39236] Login bug can cause services to restart

rolinger

Well-Known Member
Feb 13, 2017
49
3
58
Tampa
cPanel Access Level
Root Administrator
I discovered an odd glitch that probably should be reported as a bug.

If you login to WHM, go to a service that can be restarted, such as "SQL Server (MySQL) " and then select "YES" to restart the service. The service restarts displaying the startup info and that the service has been restarted and is active again. All is good.

However, if you stay on this screen and the Login session times out, it will take you back to the login screen. If you login again, the page starts back up on the "I already selected YES to restart the service" response page - and it restarts the service again. This can be replicated as I have done it, by accident, a few times now.

The WHM is remembering the last page you were on, and after login, takes you back to the same page - if it happens to be the "response" page AFTER clicking a "YES, Restart Service" - then the Login will trigger another 'restart service'. WHM session login page should never allow the page to land on the service restart "response" page.
 
Last edited by a moderator:

quietFinn

Well-Known Member
Feb 4, 2006
1,787
406
438
Finland
cPanel Access Level
Root Administrator
You are right, has happened to me a few times. :oops:
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,043
111
118
Houston, TX
cPanel Access Level
Root Administrator

rolinger

Well-Known Member
Feb 13, 2017
49
3
58
Tampa
cPanel Access Level
Root Administrator
@cPanelAnthony, I just read the article. It states that when "WHM detects an IP change it logs you out". Well, yes, that could happen too. But the issue can happen any time WHM forces an auto logout. Cookies expire, IP change, etc . My IP rarely changes but due to session/cookie timeout the logout/restart service occurs quite frequently during my dev testing (which often requires service restarts).
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
13,382
2,106
363
cPanel Access Level
Root Administrator
Hey there! Our team did look into this issue and decided not to apply any fixes to workaround this problem. The explanation was that this is essentially the same as bookmarking a restart service page, such as /cpsessXXXXXXXX/scripts/reshttpd?confirm=1, as that would also trigger this behavior.
 

rolinger

Well-Known Member
Feb 13, 2017
49
3
58
Tampa
cPanel Access Level
Root Administrator
This is a bad 'intended' behavior. This just happened to me again.

Bookmarking a service `restart` makes no sense. I can understand book marking the page before clicking on a restart, but not book marking a page that has already triggered a restart. Logging directly into a `triggered` restart page causes the service to restart again. Besides, booking marking a `service restart` page isn't really a daily activity that one would need to book mark. And even if you did, after a day or so the system will auto logout a user. So to book mark a page means you must first login again but because you were logged out you didn't quite know what page you may have been left on - and suddenly you are accidentally restarting a service.

At a minimum, the authentication process should check to see if its taking the user to a `service restart` page and leave the user on the page where it forces them to CLICK `restart service` - it shouldn't be automatically doing it.

I urge your team to reconsider this. Logging in should never auto-trigger anything; its just bad design.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
13,382
2,106
363
cPanel Access Level
Root Administrator
There isn't a way to workaround this. It's the same as when you make a purchase in a checkout and the page gives you the "do not refresh" warning. That's because if you do, it will send the signal to the server again, and you'll inadvertently make an additional purchase as many times as you refresh the page.