Error when Reseller changes Current User in cPanel Account

Rogerio

Well-Known Member
Sep 26, 2016
78
15
8
Sao Paulo, Brazil
cPanel Access Level
Root Administrator
Hello,

I am having a problem with multiple cPanel servers. Not always, when a reseller with full privileges attempts to change the cPanel account (using the pull-down menu), an error appears that needs to re-login.

Reseller has full permissions (root access). Not related to IP change (I have fixed IP). Not related to web browser (cleaned cookies, closed/reopened browser, and so). I have some pop-up blockers and Kaspersky web-monitoring activated, but I don't think this is related.

- reseller with Root Access (Everything -> All features)
- reseller logs in
- change account in General Information -> Current User
- URL that runs: https://server:2083/cpsess6431811780/xfercpanel/client-name
- redirect to: https://server:2083/cpsess4288045185/frontend/paper_lantern/index.html?login=1&post_login=95278479209544 -> error appears

More info: the problem is fixed opening ANOTHER user... let me try to explain: I try to open foo.com.br->ERROR, relogin-> try bar.com.br->ERROR, relogin -> try blabla.com->WORKS, try foo/bar/blabla again->WORKS.

Any ideias? Image attached.
 

Attachments

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
7,990
644
263
Houston
cPanel Access Level
DataCenter Provider
Hi @Rogerio

I'm attempting to replicate this but I'm losing you at
- change account in General Information -> Current User
This isn't an option present in cPanel or WHM, do you mean the side bar where it notes current user as described here: gen_info.png

If that's the case when the reseller switches to an account that it does not own from there it won't be able to switch again though I am unable to replicate the error you're receiving.
 

Rogerio

Well-Known Member
Sep 26, 2016
78
15
8
Sao Paulo, Brazil
cPanel Access Level
Root Administrator
Hello @cPanelLauren,

yes, you're right, that's the place, but in the image you've posted, the "current user" is not a reseller with full privileges, that can see all accounts. I've created an user like "myname" and just give it root privileges in WHM->Reseller Center. Then, I log into the account and change to another account in the drop-down menu.

The problem is that is not happening always. But is happening in several servers, all with version 76. Never happened in version <76. I'm trying to figure out when occurs.

I "guess" that is something related to connection speed. When my connection is fast or when something loads faster than other thing, the problem occurs or not... I'm still trying to reproduce... Sorry for the confusion (my limited english can be a problem to explain precisely).

Rogerio
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
7,990
644
263
Houston
cPanel Access Level
DataCenter Provider
Hi @Rogerio
I "guess" that is something related to connection speed. When my connection is fast or when something loads faster than other thing, the problem occurs or not... I'm still trying to reproduce... Sorry for the confusion (my limited english can be a problem to explain precisely).
No worries, I understand what the issue is. I do think there is an issue when attempting to switch to account's the reseller doesn't own, from that point you'll be stuck. As far as the error you're receiving though, I'm unsure. Can you check WHM>>Server Configuration>>Tweak Settings and tell me what is set for:
Cookie IP validation
Validate the IP addresses used in all cookie-based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled. Strict validation requires the current IP address and the cookie IP address to exactly match. Loose validation only requires they are in the same /24.
It also possible there could be a network related issue but that wouldn't be something we'd be able to troubleshoot.
 

Rogerio

Well-Known Member
Sep 26, 2016
78
15
8
Sao Paulo, Brazil
cPanel Access Level
Root Administrator
Hello @cPanelLauren,

I have 3 resellers in this machine, like "one" (myself, with Root Privileges that can see all accounts), "two" and "three" (normal resellers/permissions). I ("one" user) can see all domains, and access all.

"Cookie IP validation" is set "disabled" because I have problems to access in 3G/4G connections that change IPs constantly, when I need to access WHM using a cellphone.

My main internet connection is very stable and has fixed IP.

Today I didn't have problems. I'm still trying to reproduce the problem. I'll keep you informed.

Rogerio
 

Rogerio

Well-Known Member
Sep 26, 2016
78
15
8
Sao Paulo, Brazil
cPanel Access Level
Root Administrator
Hello @cPanelLauren,

I'll test one more thing before open the ticket. I'm using Kaspersky Chrome plugin, and I think that can be the reason. Today I had the same problem in another server, that I never had problems before. So I did a test using MS Edge, and had no problem. So, I've removed the plugin and will test. If happens again, I'll open the ticket. Hold on some more days.

The problem is not related to connection speed. I tested today in that server, limiting my local bandwidth, and persisted.

Rogerio
 
  • Like
Reactions: cPanelLauren

Rogerio

Well-Known Member
Sep 26, 2016
78
15
8
Sao Paulo, Brazil
cPanel Access Level
Root Administrator
Hello @cPanelLauren.

Bad news, happened again, without the Kaspersky plugin...

Now I'm trying to check another thing... I didn't have problems in last days, but today I had, accessing a very old account, created in a old cPanel version (>5 years). Last time I had problem with another very old account (>7 years). I'll try to check if this is related to account age.

When I have problems using the reseller account, I need to access from WHM->List accounts and click on cPanel icon.
 

Rogerio

Well-Known Member
Sep 26, 2016
78
15
8
Sao Paulo, Brazil
cPanel Access Level
Root Administrator
Hello @cPanelLauren

The problem happened again, and I think it's confirmed: if I access a very old account first, the problem happens. If I access a more recent account, no problem occurs. But if I access a recent account first and then change to the old one, works too. All using that reseller account with full access.

I'll try to compare both folders you specified.
 
  • Like
Reactions: cPanelLauren