Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Kill completely a running WHM browser session

Discussion in 'Security' started by sktest123, Feb 13, 2017.

  1. sktest123

    sktest123 Well-Known Member

    Joined:
    Jan 31, 2017
    Messages:
    81
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    kochin
    cPanel Access Level:
    Root Administrator
    Hello ,

    How to kill completely all running whm sessions via browser. For eg: say initially i logged into whm , then I changed the root password via the terminal/ssh . Now i want all existing whm login session to be killed . But If I reload the previous login session via browser it automatically loads again.
    Even if we try killing process or restart cpanel/cpsrvd/whostmgrd services or kill (signals) process , we are still able to load the previous login session via browser (cookies help ) and still access every section (even we change root password).

    So is there any method to kill a running/previous whm login sessions completely out of box or force them to use the new root password .
    If am wrong please clarify?
     
  2. Eminds

    Eminds Well-Known Member

    Joined:
    Nov 10, 2016
    Messages:
    211
    Likes Received:
    13
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    after resetting the root password for server and whm , go to

    /var/cpanel/sessions/cache this is where the sessions are cached so I believe removing those sessions should do what you are looking for.
     
  3. sktest123

    sktest123 Well-Known Member

    Joined:
    Jan 31, 2017
    Messages:
    81
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    kochin
    cPanel Access Level:
    Root Administrator
    no luck , just tried it , but wont resolve the issue , still able to access the browser session (removed the files like
    root:xxxxxxx at /var/cpanel/sessions/cache :)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,659
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can find the active processes for WHM with a command such as:

    Code:
    ps aux|grep whostmgrd
    Then, kill the individual processes using the "kill -9" command and restart cpsrvd via:

    Code:
    /scripts/restartsrv_cpsrvd
    Thank you.
     
  5. sktest123

    sktest123 Well-Known Member

    Joined:
    Jan 31, 2017
    Messages:
    81
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    kochin
    cPanel Access Level:
    Root Administrator
    Hello Michael,
    please note that above suggestions wont have any effect at all. It doesn't have any effect in current whm active browser session forcefully to use the new root passwd . Already I have tried all those method .
    Please verify it and if am missing some thing clarify.




    The whmcs version is
    11.62.0.10
     
    #5 sktest123, Feb 14, 2017
    Last edited: Feb 14, 2017
  6. sktest123

    sktest123 Well-Known Member

    Joined:
    Jan 31, 2017
    Messages:
    81
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    kochin
    cPanel Access Level:
    Root Administrator
    Hello Michael,

    seems my "kill" term has created the confusion, let me clarify :
    I have a current active login whm browser session
    Then I changed the root password via command line using normal "passwd" or via /scripts/realchpass (either way)
    Now I need all active browser sessions to forcefully use the new updated password when they try to visit any settings in whm or reload it.
    Can this be possible by any method either by restarting or clearing session files or as by kill commands like wise.

    "In the case if we change the password via whm , then use restart cpsrvd it will forcefully make the current session to use the new password. But if we change the root password via the command line it doesn't"
    So any better method to do the same if we change the password from command line .
     
    #6 sktest123, Feb 14, 2017
    Last edited: Feb 14, 2017
  7. sktest123

    sktest123 Well-Known Member

    Joined:
    Jan 31, 2017
    Messages:
    81
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    kochin
    cPanel Access Level:
    Root Administrator
    Let cut down it all the way ,

    Can I have below sort of functionality: After changing the root password via whm or command line,

    "Sign out all other sessions button (via browsersessions or api sessions or apps or whmcs likewise ) just to ensure that your account isn't open at another location or force to use new password."

    Incase of attacks this would be beneficial.
    As I said if am wrong please clarify
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,773
    Likes Received:
    313
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I've logged in to WebHost Manager and changed my password several times now to test this. Once I change it and I keep browser open, I can navigate to other areas of WebHost Manager, yes, but only for a moment or two. And then this message pops up for me:
     

    Attached Files:

  9. sktest123

    sktest123 Well-Known Member

    Joined:
    Jan 31, 2017
    Messages:
    81
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    kochin
    cPanel Access Level:
    Root Administrator
    Hello Support
    As you mentioned after changing the root password even via whm "the navigation to other settings happens" instead of having an immediate session invalid/expired logout.
    Server is aws ec2 amazon AMI
    Version is 11.62.0.10
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,659
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @sktest123,

    Could you open a support ticket using the link in my signature so we can investigate this further? You can post the ticket number here and I'll update this thread with the outcome.

    Thank you.
     
  11. sktest123

    sktest123 Well-Known Member

    Joined:
    Jan 31, 2017
    Messages:
    81
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    kochin
    cPanel Access Level:
    Root Administrator
    Hello ,

    It's a temporary amazon instance which I created via free tier . But as I said your "session authentication" has got a delay in reconnecting with the server after changing the root password (either via whm or ssh) . But the old httpauth as usual works better (via skiphttpauth) . To my knowledge as i mentioned above the below feature would be best after changing root password.

    "Sign out all other sessions button (via browsersessions or api sessions or apps or whmcs likewise ) just to ensure that your account isn't open at another location or force to use new password."

    If you think it's a good suggestion please add it as a feature request.
    Thanks for your prompt reply and support.
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,659
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I encourage you to open a feature request if you'd like to see such an option included in the future:

    Submit A Feature Request

    You can post the feature request URL here after it's approved so that others viewing this thread can vote and add feedback.

    Thank you.
     
Loading...

Share This Page