Password has to be reset after logging out

[fl02]

Sympa 6.2.24, one virtual host
Debian 9

Each time I logout of my Sympa instance I can't login again on both domains without requesting a new password. Is that a bug or known issue or could it be a configuration error on my part? Appreciate your thoughts!
Thanks!

[dverdin]

Hi,
You mean that typing the password you previously defined doe not work?

[fl02]

Yes exactly: I set a password, login, logout, try to login again and get the error: »ERROR () - Provided password is incorrect«. When I request and set a new password, it works again.

[dverdin]

I think your password doesn't work at all. When requesting a password, you use an authentication URL . So you have a session when redefining a password and that's the session you're using until logging out.
Do you have any logs related to this problem?

[fl02]

sympa.log:

Jan 17 15:26:40 mail wwsympa[30671]: notice main:: (example.com) [robot lists.example2.com] [client 192.168.0.1] Does NOT match HTTP_HOST; setting cookie_domain to lists.example2.com
Jan 17 15:26:40 mail wwsympa[30671]: notice main:: (example.com) [robot lists.example2.com] [client 192.168.0.1] Does NOT match HTTP_HOST; setting cookie_domain to lists.example2.com
Jan 17 15:26:40 mail wwsympa[30671]: info main::do_home() [robot lists.example2.com] [session 35059202178636] [client 192.168.0.1]
Jan 17 15:26:40 mail wwsympa[30671]: info main::do_home() [robot lists.example2.com] [session 35059202178636] [client 192.168.0.1]
Jan 17 15:26:45 mail wwsympa[30671]: notice main:: (example.com) [robot lists.example2.com] [client 192.168.0.1] Does NOT match HTTP_HOST; setting cookie_domain to lists.example2.com
Jan 17 15:26:45 mail wwsympa[30671]: notice main:: (example.com) [robot lists.example2.com] [client 192.168.0.1] Does NOT match HTTP_HOST; setting cookie_domain to lists.example2.com
Jan 17 15:26:45 mail wwsympa[30671]: info main::do_login(me@example.com) [robot lists.example2.com] [session 35059202178636] [client 192.168.0.1]
Jan 17 15:26:45 mail wwsympa[30671]: info main::do_login(me@example.com) [robot lists.example2.com] [session 35059202178636] [client 192.168.0.1]
Jan 17 15:26:45 mail wwsympa[30671]: err main::#1606 > main::do_login#3296 > Sympa::Auth::check_auth#56 > Sympa::Auth::authentication#186 Incorrect password for user me@example.com
Jan 17 15:26:45 mail wwsympa[30671]: err main::#1606 > main::do_login#3296 > Sympa::Auth::check_auth#56 > Sympa::Auth::authentication#186 Incorrect password for user me@example.com
Jan 17 15:26:45 mail wwsympa[30671]: notice main::do_login() Authentication failed
Jan 17 15:26:45 mail wwsympa[30671]: notice main::do_login() Authentication failed
Jan 17 15:26:46 mail wwsympa[30671]: info main::do_renewpasswd(me@example.com) [robot lists.example2.com] [session 35059202178636] [client 192.168.0.1]
Jan 17 15:26:46 mail wwsympa[30671]: info main::do_renewpasswd(me@example.com) [robot lists.example2.com] [session 35059202178636] [client 192.168.0.1]
Jan 17 15:27:10 mail wwsympa[30671]: info main::do_login(me@example.com) [robot example.com] [session 33771277981798] [client 192.168.0.1]
Jan 17 15:27:10 mail wwsympa[30671]: info main::do_login(me@example.com) [robot example.com] [session 33771277981798] [client 192.168.0.1]
Jan 17 15:27:10 mail wwsympa[30671]: err main::#1606 > main::do_login#3296 > Sympa::Auth::check_auth#56 > Sympa::Auth::authentication#186 Incorrect password for user me@example.com
Jan 17 15:27:10 mail wwsympa[30671]: err main::#1606 > main::do_login#3296 > Sympa::Auth::check_auth#56 > Sympa::Auth::authentication#186 Incorrect password for user me@example.com
Jan 17 15:27:10 mail wwsympa[30671]: notice main::do_login() Authentication failed
Jan 17 15:27:10 mail wwsympa[30671]: notice main::do_login() Authentication failed
Jan 17 15:27:10 mail wwsympa[30671]: info main::do_renewpasswd(me@example.com) [robot example.com] [session 33771277981798] [client 192.168.0.1]
Jan 17 15:27:10 mail wwsympa[30671]: info main::do_renewpasswd(me@example.com) [robot example.com] [session 33771277981798] [client 192.168.0.1]
Jan 17 15:27:11 mail wwsympa[30671]: notice Sympa::Tools::WWW::_get_css_url() Template file /usr/share/sympa/default/web_tt2/css.tt2 or configuration has changed; updating CSS file /var/lib/sympa/static_content/css/style.css
Jan 17 15:27:11 mail wwsympa[30671]: notice Sympa::Tools::WWW::_get_css_url() Template file /usr/share/sympa/default/web_tt2/css.tt2 or configuration has changed; updating CSS file /var/lib/sympa/static_content/css/style.css

[qosobrin]

I was able to reproduce the problem in 6.2.26 but it disappeared when, after setting the new password, I closed the browser and opened it again. After that, the new password worked flawlessly.

[ikedas]

I (and another user on the same server) reproduced this bug on 6.2.20 and 6.2.22 a few times. Though it is not necessarily the reason, both of them have listmaster privilege and are registered as privileged owners of several lists.

[vlrmt]

Same issue faced with a public instance of Sympa 6.2.34. Resetting my password apparently solved the problem (to be confirmed over the time).

[racke]

This is still a problem with the current beta, the password is changed by Sympa. IMHO this is really a serious issue. It might be a problem with cookies, as there are cookies for lists.example.com and .lists.example.com.
Also there is an sympa_altemail Cookie ... what is the purpose of that one?

[ikedas]

This problem still occurs on my site(s). I agree we would be better to solve it soon --- I'll assign 6.2.40 milestone (maybe at spring).

On sympa_altemail cookie, I'll open another issue.

[ikedas]

Recently I couldn't reproduce it with 6.2.41b.1. Did anyone reproduced this bug with 6.2.40 or later?

[ikedas]

If there will not be additional reports of reproducing, I'd like to close this issue by now.