Session Timeout when attempting to view or add passwords

82 views
Skip to first unread message

Dan Pasacrita

unread,
Jul 13, 2015, 12:46:12 PM7/13/15
to webpass...@googlegroups.com
So we're having an issue right now where doing pretty much anything with passwords in WebPasswordSafe v1.3 will give the message "Session Timeout. Please Login Again." Then it will boot you back to the main page, still logged in.

Logging in and out does not work, and this is reproducible from multiple browsers and locations. It occurs every single time, making the app quite useless.

Right now we're running it from CentOS Linux release 7.1.1503 (Core), inside of apache-tomcat-7.0.61. We have virtual hosts set up in 2.4 that first use mod_rewrite to forward to https, and then from there we use mod_jk to forward requests to 8443 and the webpasswordsafe directory. I'm not the most familiar person with apache and tomcat, so sorry if some of that is confusing/doesn't make sense.

Any idea why this could be happening? The app is currently unusable until this is fixed, so I'm open for suggestions. I was thinking I could try and set up wps as the root application to see if that works.

von Rotz Johannes

unread,
Jul 14, 2015, 2:53:41 AM7/14/15
to webpass...@googlegroups.com


On 07/13/2015 06:46 PM, Dan Pasacrita wrote:
> Right now we're running it from CentOS Linux release 7.1.1503 (Core), inside of
> apache-tomcat-7.0.61. We have virtual hosts set up in 2.4 that first use
> mod_rewrite to forward to https, and then from there we use mod_jk to forward
> requests to 8443 and the webpasswordsafe directory. I'm not the most familiar
> person with apache and tomcat, so sorry if some of that is confusing/doesn't
> make sense.

Hi,

well, this doesn't look like a very common setup. I wouldn't be
surprised if this isn't a wps specific problem. Some basic checks that
pop into my mind would be connecting directly to tomcat on port 8443 to
see if httpd is the problem, disabling selinux (if enabled), verifying
permissions in general, etc.

If logging doesn't even work, there's probably something essential
missing ;)

Cheers, J.

Gordon Tetlow

unread,
Jul 18, 2015, 2:14:38 AM7/18/15
to Dan Pasacrita, webpass...@googlegroups.com
I would check the clock on your server to make sure it's accurate.

Gordon
--
You received this message because you are subscribed to the Google Groups "webpasswordsafe" group.
To unsubscribe from this group and stop receiving emails from it, send an email to webpasswordsa...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Marek Mickal

unread,
Nov 19, 2015, 3:26:29 PM11/19/15
to webpasswordsafe
I had a similar issue ... new JCEs worked for me ... I just updated the opensuse system from version 12.1 to 13.1 and had to update java as well. After that I got the same error like you ... I tried to view/change the password I got a session timeout ... then I found in following log /opt/webpasswordsafe/catalina_base/logs/catalina.out an error message saying ...

SEVERE: Exception while dispatching incoming RPC call ..... org.jasypt.exceptions.EncryptionOperationNotPossibleException: Encryption raised an exception. ..... A possible cause is you are using strong encryption algorithms and you have not installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files in this Java Virtual Machine

Subsequently I downloaded latest JCE files for my new java version 1.8 (http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html) and placed them both (US_export_policy.jar and local_policy.jar) into $JAVA_HOME/lib/security.

After tomcat restart it started to work perfectly ... It might be worth to try ...


Dne pondělí 13. července 2015 18:46:12 UTC+2 Dan Pasacrita napsal(a):
Reply all
Reply to author
Forward
0 new messages