Get error API DirectAdmin : Security Error: No valid session key

Post Reply
robertg
Junior Member
Posts: 2
Joined: 01 Jul 2020, 08:20

Get error API DirectAdmin : Security Error: No valid session key

Post by robertg »

Since the new versions of DirectAdmin we have problems with using the API for CSF. T We didn't change our scripts and it works for years well.

Debugging DirectAdmin I see the next message:

/CMD_PLUGINS_ADMIN/csf/index.raw
Command::doCommand(/CMD_PLUGINS_ADMIN/csf/index.raw)
Sessions::touch:Command::doCommand:/CMD_PLUGINS_ADMIN/csf/index.raw): no sesssion filename is set.
Command::doCommand(/CMD_PLUGINS_ADMIN/csf/index.raw) : finished
Command::run: finished /CMD_PLUGINS_ADMIN/csf/index.raw

The error that our API script gets back is : Security Error: No valid session key (error of CSF)

I can't find a solution.

I contacted the helpdesk of DirectAdmin already but send me to this forum.

What is the problem and a solution or is it a bug?

ForumAdmin
Moderator
Posts: 1475
Joined: 01 Oct 2008, 09:24

Re: Get error API DirectAdmin : Security Error: No valid session key

Post by ForumAdmin »

That means that there is a discrepancy found with the DA session file. If you look in /usr/local/directadmin/plugins/csf/exec/da_csf.cgi for the error you can see that it checks that the key in the session file matches the SESSION_KEY, it checks that the IP in the session file matches REMOTE_ADDR. If either of those are different it fails. It might be possible you would see an issue if you are connecting using an IPv6 instead of an IPv4 IP, but other than that I've no idea why it wouldn't match for your session, we are unable to recreate any issues.

If you are using IPv6 to access csf in DA it would narrow down the possible issue.

robertg
Junior Member
Posts: 2
Joined: 01 Jul 2020, 08:20

Re: Get error API DirectAdmin : Security Error: No valid session key

Post by robertg »

Thank you for the answer. Older versions of CSF haven't this problem. I tested it with the lastest DA and an earlier version of CSF.

I found the next

if (($session{key} eq "") or ($session{ip} eq "") or ($session{ip} ne $ENV{REMOTE_ADDR}) or ($session{key} ne $ENV{SESSION_KEY})) {
print "Security Error: No valid session key";
exit;
}

After deleting this part, it is working again. That is not really the solution because we are running many servers with the same issue.
I am not using IPv6.

How can be there a discrepancy with the DA session file? I don't see the solution yet.

Post Reply