Configuration caching issue when overriding globalStorage in lemonldap-ng.ini
Concerned version
Version: %2.0.0
Platform: Nginx + LLNG-Fastcgi-Server
Summary
When overriding globalStorage in lemonldap-ng.ini, saving session-related options in the manager will cause the portal to use an incorrect session module in some cases because of an inconsistent configuration cache.
How to reproduce
- Start from a default LLNG with globalStorage=Apache::Session::File in the json config files
- Override the globalStorage in lemonldap-ng.ini (because of #1307 (closed)) for instance:
[all]
globalStorage = Apache::Session::Browseable::Redis
globalStorageOptions = { server => '192.168.0.1:6379' }
-
At this stage, everything seems to work fine, sessions get created and read from redis susccessfully. The configuration cache (/tmp/lemonldap-ng-config/something) contains globalStorage=Apache::Session::Browseable::Redis
-
However, the manager still displays globalStorage=Apache::Session::File
-
Now, modify anything in the manager, the manager will detect an inconsistency in session storage module and ask you to force saving the change and possibly lose all your sessions. You have to force the save.
-
When saving the new configuration, the manager sends Apache::Session::File as the global Storage to the configuration save rest endpoint.
-
LLNG then updates the configuration cache to contain globalStorage=Apache::Session::File
-
At this stage, everything still works fine, but /tmp/lemonldap-ng-config/something now contains globalStorage=Apache::Session::File
-
Now, reboot LLNG-FastCGI-Server
-
Upon initialization, Apache::Session::File (from the config cache) ends up being stored in ($class->tsv->{sessionStorageModule}) by Handler::Main::Reload::sessionStorageInit !
-
Now create a new session on the portal: it gets stored in Redis because for some reason, the portal code that handles session storage still sees globalStorage as being overriden by lemonldap-ng.ini
-
But if you wait 10 minutes (or remove /tmp/lemonldap-ng-sessions), your session is suddenly no longer valid because the portal tries to read it using handler code, which got initialized to Apache::Session::File on restart :
LLNG[20238]: Session 0e5f193ac9eb3c9f2cb3fcd28f1a7ef7e0951e2483c4fddad4bba79bc9a6488e can't be
retrieved
LLNG[20238]: Session cannot be tied: Object does not exist in the data store at /usr/share/perl
5/Apache/Session/Store/File.pm line 98.
-
Sessions are now only valid for however long the session cache lasts! Users have to reauthenticate every 10 minutes and become unhappy :(
-
To repair the configuration, remove the configuration cache and restart LLNG fastcgi server. The config gets generated correctly this time.
Backends used
Configuration in files
Sessions in Redis (and sometimes, sadly, in files too!)
Possible fixes
I think the best way to fix this is to make sure that Reload.pm considers overrides from lemonldap-ng.ini when setting the session storage module. (possibly in sessionStorageInit)
But maybe it would be best to avoid modifying the config cache when the manager tries to save an overriden setting? Not sure what's the right way here.