[phpMyAdmin Developers] [User Quesion/Possible issue or bug] Cookie Authentication doesn't work in chrooted PHP-FPM setup with restricted PHP settings

Michal Čihař michal at cihar.com
Fri Jan 6 17:10:31 CET 2017


First of all this is really not the place to ask for support, see <http

Lukas L. píše v Út 03. 01. 2017 v 15:39 +0100:
> I have a problem with the Cookie authentication. I will try to
> explain my setup and the appearing problem as good as possible. It's
> a bit complicated due to the fact, that there is no error message in
> the interface and in the logs.
> Setup
> The system is an Ubuntu 16.04 LTS (Xenial) with PHP-FPM, Nginx and
> MySQL installed from the package repositories.
> I use PHP-FPM pools, where every pool, has an own chroot.
> Nginx connects to PHP-FPM with Unix-Sockets.
> I am using phpMyAdmin version
> Problem
> phpMyAdmin is installed and accessible on a subdomain. All traffic is
> exchanged via HTTPS.
> Actually phpMyAdmin connects to MySQL via TCP connection. The problem
> is, that the Cookie authentication doesn't work. So if I set
> $cfg[auth_type] = "cookie"; I can't login to phpMyAdmin. The
> interface and the logs doesn't show any errors. When I change the
> mentioned variable to "http" so that HTTP Auth is used, the login
> works without problems.
> Configuration
> I use a few special PHP settings for security reasons. They are
> mostly the same as in the OWASP PHP Configuration Cheat Sheet. This
> document can be found here:
> https://www.owasp.org/index.php/PHP_Configuration_Cheat_Sheet

Are you accessing phpMyAdmin over https? If not than setting
 session.cookie_secure   = On from that list will break it as the
browser won't send back the cookies.

	Michal Čihař | https://cihar.com/ | https://weblate.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.phpmyadmin.net/pipermail/developers/attachments/20170106/a64089b0/attachment.sig>

More information about the Developers mailing list