Ubuntu
phpmyadmin package

phpmyadmin cookie authentication broken

Bug #98817 reported by Geoff on 2007-03-30

This bug report is a duplicate of: Bug #114044: PHPMyAdmin will not run on 64bit without php5-mcrypt, forgotten requirement?. Edit Remove

Affects		Status	Importance	Assigned to	Milestone
	phpmyadmin (Ubuntu)	New	Undecided	Unassigned

Bug Description

Binary package hint: phpmyadmin

phpmyadmin (4:2.9.1.1-2ubuntu1) on feisty with apache2 (2.2.3-3.2build1). Cannot authenticate using cookies.

So, in /var/lib/phpmyadmin/config.inc.php

$cfg['Servers'][$i]['auth_type'] = 'cookie'; will not work.

$cfg['Servers'][$i]['auth_type'] = 'http'; will.

Revision history for this message

marcw (marcw) wrote on 2007-04-29:

Same thing is happening to me on a fresh Feisty install. But http auth doesn't completely solve things either.

I went through the (quite well hidden) instructions for running htpasswd first and adding the Alias to the apache2.conf file, all of which did indeed allow me to achieve a phpmyadmin login page. But from there it was impossible to login. And then I saw the suggestion in this bug. Indeed that allowed me to login. Unfortunately, I can't then logout without getting an auth error. I'm going to read the changelogs and see if this isn't fixed in a newer release.

Revision history for this message

Sornen (sornen) wrote on 2007-05-10:

Same thing with me on an amd64 system, but not on a slower i386 system. I can get this to work on occasions with cookie enabled, but it is flaky and will bump me back to the phpmyadmin log on. Seems to be random perhaps, suggesting a race condition. I used
$cfg['Servers'][$i]['auth_type'] = 'config'

to get phpmyadmin to work.

Revision history for this message

Joe Clifford (joeclifford) wrote on 2007-05-13:

I can confirm the same problem with feisty on an Intel Xeon EMT64 server. Every time I log in I get put back to the log in page after clicking anything. I have discovered that the suggestion in Bug #114044 fixes the issue for me, ie:

sudo apt-get install php5-mcrypt

After which logging in works fine......I hope this helps.

It seems this problem exists only on 64 bit systems as I don't have to have php5-mcrypt installed on my x86 system at home to log in to phpmyadmin.

Revision history for this message

Geoff (gtc) wrote on 2007-05-14:

Joe, I can confirm that this works on my system as well (which is a 64-bit Xen environment).

I suggest php5-mcrypt be added as a package dependency for phpmyadmin to resolve this issue.

Revision history for this message

Bartek Wilczynski (bartek) wrote on 2007-05-15:

Another confirmation that the bug is present and well described and NOT FIXED YET!

I have two servers both with 64bit CPUs, both have a fresh feisty install with all upgrades.

The only difference is that I have amd64 architecture on one whereas th other is i386.
Somehow the i386 system can work well without php5-mcrypt package and the amd64 does give me a very unstable situation with authentication (failing when trying to logout, sometimes silently, and logging off suddenly with no reason)

Miraculously installing php5-mcrypt solves the problem on amd64 even without restarting apache or mysql.

THIS MAY BE A SECURITY PROBLEM - there is certainly something wrong with authentication in phpmyadmin on amd64.

Revision history for this message

Dan O'Huiginn (daniel-ohuiginn) wrote on 2007-05-25:

This seems identical to bug 114044. That bug has been fixed in gutsy (although there is a separate problem with php5-mcrypt in gutsy, which actually makes the situation worse for now....)

Revision history for this message

madsmao (mads-nordholm) wrote on 2007-06-18:

Still an issue on Feisty AMD64. Shouldn't this be quite easy to fix?

Revision history for this message

Bob Stockdale (stocks29) wrote on 2007-07-09: