• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Being logged out of Plesk after nearly every page (error 400 with cookie delete)

KublerMDK

New Pleskian
I'm having an issue with my fairly recent install of Plesk.

After logging into the Web Pro Edition control panel ( from port 8443 ) I can see the control panel fine, however if I click a link ( e.g Tools & Settings or Customers ), then I am redirected to a login again.

I'll usually be taken to a link like /login_up.php3?success_redirect_url=https%3A%2F%2F<<redacted>>%3A8443%2Fplesk%2Fsessions%2F

If I fill in my username and password again, I'll be logged in and taken to the expected page, but clicking anything will log me out again.

After some digging around in the Chrome dev inspector tools I found that a request to /admin/task/task-progress/ is failing with an error 400, no big deal, EXCEPT that it's got a header requesting the PHPSESSID be deleted (as per the screenshot)

This means that about a second after logging into the page my browser is being instructed to remove the cookie that has my Session Id which means any requests afterwards aren't working and it asks me to login.

Plesk%20-%20admin.task.task-progress_2016-08-05%2001.38.38.png




Server Info
It's a Linode machine running Ubuntu v14.04
It's got 8GB of ram and at least 3GB of HDD space available.
Plesk version 12.5.30


Other checking

I've updated Plesk to the latest version, it looks to have downloaded PSA_12.5.30
I updated it by ssh'ing in as root and running
> plesk installer --select-release-latest --upgrade-installed-components

I've checked that PHP sessions are being saved and work as expected. Other websites work (e.g WordPress sites) and I even specifically tested saving something to the PHP session and then in another request outputting it. So there doesn't seem to be an issue with that.

I can't find anything useful in the error logs. Checking /var/log/sw-cp-server/ the access.log file is empty and error.log only had an error from when I tried to access the site whilst also upgrading it.
sw-engine.log was pretty boring only having :

[05-Aug-2016 01:44:06] NOTICE: fpm is running, pid 4080
[05-Aug-2016 01:44:06] NOTICE: ready to handle connections
[05-Aug-2016 02:15:44] NOTICE: Terminating ...
[05-Aug-2016 02:15:44] NOTICE: exiting, bye-bye!

I tailed /var/log/*/*.log and didn't find anything else that was any use.

I've restarted apache, nginx and psa, plus rebooted the server.
I've logged in with different browsers on different IP addresses and also in incognito mode.
I've logged in with different user accounts and the admin account.

Help
If someone can point me to where some useful error logs might be, an existing knowledge base article, or something else, then that would be great.
Although I haven't been able to find any useful KB articles or forum posts. Most point to increasing the session timeout to being 30mins, it already was but I tried increasing it and it didn't make any difference.

I haven't tried digging through the code to see what the requests are doing, I don't really feel like it. Would probably try to rebuild the server instead and see if the problem goes away.


Note : There's a couple of other issues with the server / Plesk install. The IP address changed, but I can't easily change things like the IP settings. I've done a few things manually by following the KB articles, but accidentally set the new IP to dedicated instead of shared and can't easily change it whilst being kicked out of the Plesk control panel. Seeing as the logging out was occurring before the IP address change they should be separate issues.
 
Have you tried to clean cache and cookies of your browser?
Yes, I've tried that. I've tried it in multiple ways. As I mentioned I've tried different browsers, also incognito mode. Plus with the chrome dev tools open having the cache cleared.
I've cleared the cookies. I've cleared the browser's cache and cookies more generally. That doesn't seem to be the issue.

However I have tried again today and it magically works. Maybe some server based cache expired, I'm not sure. Ohh well.
 
This has been driving me crazy for ages too!

For me, I found out it was because my Plesk URL is a domain proxied through CloudFlare. Everytime I clicked on a new page, CloudFlare was proxying me through a different server/IP address and Plesk was kicking me out.

Enabling Allow IP address changes during a single session worked for me!

Hope this helps someone who may also be proxying through CloudFlare.
 
Back
Top