You are not logged in.
Bonjour,
I want to do an update with a working environment.
I downloaded 10.0.11 with wget.
tar -xvf and copy the stuff to
chmod www-data:www-data to
/var/www/glpi
Go to website
Get some errors:
Erkennung von vorherigen GLPI Daten
Vorhandene Dateien von vorherigen GLPI Versionen können zu Sicherheitslücken oder Fehlern führen.
Wir haben Dateien aus früherige Versionen von GLPI entdeckt
Bitte aktualisiere GLPI nach der Anleitung in der Dokumentation.
Sicherheitseinstellungen für Sitzungen (Sessions)
Sicherheit der Sitzungs-Cookies
Die PHP-Direktive "session.cookie_secure" sollte auf den Wert "on" gesetzt sein , wenn GLPI über HTTPS erreichbar ist.
Datenbank Zeitzone
Aktiviert die Verwendung von Zeitzonen.
Der Zugriff auf die Zeitzonen-Datenbank (mysql) ist nicht erlaubt.
Last edited by krischeu (2024-01-19 11:28:55)
Offline
I found an entry at
/etc/php/8.2/apache2/php.ini
; https://php.net/session.cookie-secure
session.cookie_secure = 1
So the settings seems ok. Error must be elsewhere.
Can anybody give me a help?
Offline
Restored the vm from backup. Still at V10.0.10 - But if anyone can give me some hints, I will do a new try.
Offline
I cannot recreate the issue.
Setting both session.cookie_secure and session.cookie_httponly to 1 and then restarting Apache makes the checks pass for me. Are you sure Apache is actually using PHP 8.2 and not a different version?
ls /etc/apache2/mods-enabled/ | grep 'php'
If it shows another version like 8.1,
sudo a2dismod php8.1
sudo a2enmod php8.2
sudo systemctl restart apache2
GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.
Offline
Hi,
sorry for the late response. Holiday :-)
The output of the comand "ls /etc/apache2/mods-enabled/ | grep 'php'" is:
php8.2.conf
php8.2.load
Offline
root@SVR007:~# a2enmod php8.2
Considering dependency mpm_prefork for php8.2:
Considering conflict mpm_event for mpm_prefork:
Considering conflict mpm_worker for mpm_prefork:
Module mpm_prefork already enabled
Considering conflict php5 for php8.2:
Module php8.2 already enabled
root@SVR007:~#
Offline
Hi everyone, more or less the same problem here:
unable to avoid the message regarding session.cookie_secure and session.cookie_httponly on a Siteground server running PHP 8.2.14
I created a php.ini file and put it in the GLPI root with this sintax:
; GLPI dedicated configuration
; runs on PHP 8.x.x
session.cookie_secure = true
session.cookie_httponly = true
but nothing happend
here my setup data.
<details><summary>Informazioni sul sistema, l'installazione e la configurazione</summary><pre>GLPI 10.0.11 ( => /home/customer/www/glpi.nomadit.biz/public_html)
Installation mode: TARBALL
Current language:it_IT
</pre></details><details><summary>Server</summary><pre>
Operating system: Linux gnldm1087.siteground.biz 5.15.126-MCIclouder399 #399 SMP PREEMPT Wed Aug 16 16:53:17 EEST 2023 x86_64
PHP 8.2.14 apache2handler (Core, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apache2handler, bcmath, bz2, calendar,
ctype, curl, date, dba, dom, enchant, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, imagick, imap, intl, json,
libxml, mbstring, memcached, mysqli, mysqlnd, openssl, pcre, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, posix, pspell, random,
session, shmop, soap, sockets, sodium, sqlite3, standard, sysvmsg, sysvsem, tidy, tokenizer, xml, xmlreader, xmlwriter, xsl,
zip, zlib)
Setup: max_execution_time="120" memory_limit="768M" post_max_size="256M" safe_mode="" session.save_handler="files"
upload_max_filesize="256M" disable_functions=""
Software: Apache ()
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Server Software: Source distribution
Server Version: 5.7.44-48-log
Server SQL Mode: NO_ENGINE_SUBSTITUTION
Parameters: upeprxvjwejbz@localhost/dbwhvsmsbhhgmf
Host info: Localhost via UNIX socket
PHP version (8.2.14) is supported.
Sessions configuration is OK.
Allocated memory is sufficient.
mysqli extension is installed.
Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter.
curl extension is installed.
gd extension is installed.
intl extension is installed.
zlib extension is installed.
The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.
Database engine version (5.7.44) is supported.
No files from previous GLPI version detected.
The log file has been created successfully.
Write access to /home/customer/www/glpi.nomadit.biz/public_html/files/_cache has been validated.
Write access to /home/customer/www/glpi.nomadit.biz/public_html/files/_cron has been validated.
Write access to /home/customer/www/glpi.nomadit.biz/public_html/files has been validated.
Write access to /home/customer/www/glpi.nomadit.biz/public_html/files/_dumps has been validated.
Write access to /home/customer/www/glpi.nomadit.biz/public_html/files/_graphs has been validated.
Write access to /home/customer/www/glpi.nomadit.biz/public_html/files/_lock has been validated.
Write access to /home/customer/www/glpi.nomadit.biz/public_html/files/_pictures has been validated.
Write access to /home/customer/www/glpi.nomadit.biz/public_html/files/_plugins has been validated.
Write access to /home/customer/www/glpi.nomadit.biz/public_html/files/_rss has been validated.
Write access to /home/customer/www/glpi.nomadit.biz/public_html/files/_sessions has been validated.
Write access to /home/customer/www/glpi.nomadit.biz/public_html/files/_tmp has been validated.
Write access to /home/customer/www/glpi.nomadit.biz/public_html/files/_uploads has been validated.
The following directories should be placed outside "/home/customer/www/glpi.nomadit.biz/public_html":
‣ "/home/customer/www/glpi.nomadit.biz/public_html/files" ("GLPI_VAR_DIR")
You can ignore this suggestion if your web server root directory is "/home/customer/www/glpi.nomadit.biz/public_html/public".
PHP directive "session.cookie_secure" should be set to "on" when GLPI can be accessed on HTTPS protocol.
PHP directive "session.cookie_httponly" should be set to "on" to prevent client-side script to access cookie values.
OS and PHP are relying on 64 bits integers.
exif extension is installed.
ldap extension is not present.
openssl extension is installed.
Following extensions are installed: bz2, Phar, zip.
Zend OPcache extension is installed.
Following extensions are installed: ctype, iconv, mbstring, sodium.
Write access to /home/customer/www/glpi.nomadit.biz/public_html/marketplace has been validated.
Access to timezone database (mysql) is not allowed.
</pre></details><details><summary>GLPI constants</summary><pre>
GLPI_ROOT: "/home/customer/www/glpi.nomadit.biz/public_html"
GLPI_CONFIG_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/config"
GLPI_VAR_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files"
GLPI_MARKETPLACE_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/marketplace"
GLPI_USE_CSRF_CHECK: "1"
GLPI_CSRF_EXPIRES: "7200"
GLPI_CSRF_MAX_TOKENS: "100"
GLPI_USE_IDOR_CHECK: "1"
GLPI_IDOR_EXPIRES: "7200"
GLPI_ALLOW_IFRAME_IN_RICH_TEXT: false
GLPI_SERVERSIDE_URL_ALLOWLIST: ["/^(https?|feed):\\/\\/[^@:]+(\\/.*)?$/"]
GLPI_TELEMETRY_URI: "https://telemetry.glpi-project.org"
GLPI_INSTALL_MODE: "TARBALL"
GLPI_NETWORK_MAIL: "glpi@teclib.com"
GLPI_NETWORK_SERVICES: "https://services.glpi-network.com"
GLPI_MARKETPLACE_ALLOW_OVERRIDE: true
GLPI_MARKETPLACE_MANUAL_DOWNLOADS: true
GLPI_USER_AGENT_EXTRA_COMMENTS: ""
GLPI_DISABLE_ONLY_FULL_GROUP_BY_SQL_MODE: "1"
GLPI_AJAX_DASHBOARD: "1"
GLPI_CALDAV_IMPORT_STATE: 0
GLPI_DEMO_MODE: "0"
GLPI_CENTRAL_WARNINGS: "1"
GLPI_TEXT_MAXSIZE: "4000"
GLPI_DOC_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files"
GLPI_CACHE_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files/_cache"
GLPI_CRON_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files/_cron"
GLPI_DUMP_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files/_dumps"
GLPI_GRAPH_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files/_graphs"
GLPI_LOCAL_I18N_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files/_locales"
GLPI_LOCK_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files/_lock"
GLPI_LOG_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files/_log"
GLPI_PICTURE_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files/_pictures"
GLPI_PLUGIN_DOC_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files/_plugins"
GLPI_RSS_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files/_rss"
GLPI_SESSION_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files/_sessions"
GLPI_TMP_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files/_tmp"
GLPI_UPLOAD_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files/_uploads"
GLPI_INVENTORY_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/files/_inventories"
GLPI_NETWORK_REGISTRATION_API_URL: "https://services.glpi-network.com/api/registration/"
GLPI_MARKETPLACE_PLUGINS_API_URI: "https://services.glpi-network.com/api/marketplace/"
GLPI_I18N_DIR: "/home/customer/www/glpi.nomadit.biz/public_html/locales"
GLPI_VERSION: "10.0.11"
GLPI_SCHEMA_VERSION: "10.0.11@6795e1eea6621428b5ef42350d555715bda8a96f"
GLPI_MARKETPLACE_PRERELEASES: false
GLPI_MIN_PHP: "7.4.0"
GLPI_MAX_PHP: "8.4.0"
GLPI_YEAR: "2023"
</pre></details><details><summary>Libraries</summary><pre>
htmlawed/htmlawed version 1.2.14 in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/htmlawed/htmlawed)
phpmailer/phpmailer version 6.8.0 in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/phpmailer/phpmailer/src)
simplepie/simplepie version 1.5.8 in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/simplepie/simplepie/library)
tecnickcom/tcpdf version 6.4.4 in (/home/customer/www/glpi.nomadit.biz/public_html/marketplace/pdf/vendor/tecnickcom/tcpdf)
michelf/php-markdown in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/michelf/php-markdown/Michelf)
true/punycode in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/true/punycode/src)
iamcal/lib_autolink in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/iamcal/lib_autolink)
sabre/dav in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/sabre/dav/lib/DAV)
sabre/http in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/sabre/http/lib)
sabre/uri in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/sabre/uri/lib)
sabre/vobject in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/sabre/vobject/lib)
laminas/laminas-i18n in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/laminas/laminas-i18n/src)
laminas/laminas-servicemanager in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/laminas/laminas-servicemanager/src)
monolog/monolog in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/monolog/monolog/src/Monolog)
sebastian/diff in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/sebastian/diff/src)
donatj/phpuseragentparser in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/donatj/phpuseragentparser/src/UserAgent)
elvanto/litemoji in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/elvanto/litemoji/src)
symfony/console in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/symfony/console)
scssphp/scssphp in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/scssphp/scssphp/src)
laminas/laminas-mail in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/laminas/laminas-mail/src/Protocol)
laminas/laminas-mime in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/laminas/laminas-mime/src)
rlanvin/php-rrule in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/rlanvin/php-rrule/src)
ramsey/uuid in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/ramsey/uuid/src)
psr/log in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/psr/log/Psr/Log)
psr/simple-cache in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/psr/simple-cache/src)
psr/cache in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/psr/cache/src)
league/csv in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/league/csv/src)
mexitek/phpcolors in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/mexitek/phpcolors/src/Mexitek/PHPColors)
guzzlehttp/guzzle in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/guzzlehttp/guzzle/src)
guzzlehttp/psr7 in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/guzzlehttp/psr7/src)
glpi-project/inventory_format in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/glpi-project/inventory_format/lib/php)
wapmorgan/unified-archive in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/wapmorgan/unified-archive/src)
paragonie/sodium_compat in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/paragonie/sodium_compat/src)
symfony/cache in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/symfony/cache)
html2text/html2text in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/html2text/html2text/src)
symfony/css-selector in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/symfony/css-selector)
symfony/dom-crawler in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/symfony/dom-crawler)
twig/twig in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/twig/twig/src)
twig/string-extra in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/twig/string-extra)
symfony/polyfill-ctype not found
symfony/polyfill-iconv not found
symfony/polyfill-mbstring not found
symfony/polyfill-php80 not found
symfony/polyfill-php81 not found
symfony/polyfill-php82 in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/symfony/polyfill-php82)
league/oauth2-client in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/league/oauth2-client/src/Provider)
league/oauth2-google in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/league/oauth2-google/src/Provider)
thenetworg/oauth2-azure in (/home/customer/www/glpi.nomadit.biz/public_html/vendor/thenetworg/oauth2-azure/src/Provider)
</pre></details><details><summary>SQL replicas</summary><pre>
Not active
</pre></details><details><summary>Notifications</summary><pre>
Way of sending emails: PHP
</pre></details><details><summary>Plugins list</summary><pre>
fields Name: Campi aggiuntivi Version: 1.21.6 State: Enabled
Install Method: Marketplace
pdf Name: Stampa in PDF Version: 3.0.0 State: Enabled
Install Method: Marketplace
useditemsexport Name: Used items export Version: 2.5.1 State: Enabled
Install Method: Marketplace
</pre></details>
Have someone the same problem and solved in some way?
Thank you
Offline
I found an entry at
/etc/php/8.2/apache2/php.ini
; https://php.net/session.cookie-secure session.cookie_secure = 1
So the settings seems ok. Error must be elsewhere.
Can anybody give me a help?
This worked for me, I don't know if it's stable or not but worked:
edit the .htaccess file in the root directory and add this lines at the bottom
# Special lines for PHP cookie sessions
php_value session.cookie_secure 1
php_value session.cookie_httponly 1
Offline
I have done the following: /var/www/glpi/.htaccess
# Eingefügt von HK 20240118
php_value session.cookie_secure 1
php_value session.cookie_httponly 1
Last edited by krischeu (2024-01-19 11:44:09)
Offline
It comes still with the following error:
Sicherheitseinstellungen für Sitzungen (Sessions)
Sicherheit der Sitzungs-Cookies
Die PHP-Direktive "session.cookie_secure" sollte auf den Wert "on" gesetzt sein , wenn GLPI über HTTPS erreichbar ist.
Offline
[solved]
/etc/php/8.2/apache2/php.ini
/etc/php/8.2/cli/php.ini
-->session.cookie_secure = "on"
-->session.use_only_cookies = 1
-->session.cookie_httponly = on
Offline
Now there is only one error message left:
Erkennung von vorherigen GLPI Daten
Vorhandene Dateien von vorherigen GLPI Versionen können zu Sicherheitslücken oder Fehlern führen.
Wir haben Dateien aus früherige Versionen von GLPI entdeckt
Bitte aktualisiere GLPI nach der Anleitung in der Dokumentation.
Last edited by krischeu (2024-01-19 11:33:31)
Offline
Did you copy the new GLPI files over the existing ones? If so, that isn't the correct upgrade procedure and will likely cause issues. Notably, it would probably cause CSS issues as the palette files were renamed but are still seen the same way by the SCSS compiler (one version has them prefixed by underscores). It also leaves old code files behind which could throw errors.
The upgrade procedure is to rename/move the old GLPI folder, extract the new files to the correct location, and then copy only the user data/configs/plugins from your old GLPI version to the new one.
https://glpi-install.readthedocs.io/en/ … pdate.html
GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.
Offline
I have done the following: /var/www/glpi/.htaccess
# Eingefügt von HK 20240118 php_value session.cookie_secure 1 php_value session.cookie_httponly 1
It worked,thanks
Offline