Page 1 of 1

Get error API DirectAdmin : Security Error: No valid session key

Posted: 01 Jul 2020, 08:46
by robertg
Since the new versions of DirectAdmin we have problems with using the API for CSF. T We didn't change our scripts and it works for years well.

Debugging DirectAdmin I see the next message:

/CMD_PLUGINS_ADMIN/csf/index.raw
Command::doCommand(/CMD_PLUGINS_ADMIN/csf/index.raw)
Sessions::touch:Command::doCommand:/CMD_PLUGINS_ADMIN/csf/index.raw): no sesssion filename is set.
Command::doCommand(/CMD_PLUGINS_ADMIN/csf/index.raw) : finished
Command::run: finished /CMD_PLUGINS_ADMIN/csf/index.raw

The error that our API script gets back is : Security Error: No valid session key (error of CSF)

I can't find a solution.

I contacted the helpdesk of DirectAdmin already but send me to this forum.

What is the problem and a solution or is it a bug?

Re: Get error API DirectAdmin : Security Error: No valid session key

Posted: 01 Jul 2020, 09:54
by ForumAdmin
That means that there is a discrepancy found with the DA session file. If you look in /usr/local/directadmin/plugins/csf/exec/da_csf.cgi for the error you can see that it checks that the key in the session file matches the SESSION_KEY, it checks that the IP in the session file matches REMOTE_ADDR. If either of those are different it fails. It might be possible you would see an issue if you are connecting using an IPv6 instead of an IPv4 IP, but other than that I've no idea why it wouldn't match for your session, we are unable to recreate any issues.

If you are using IPv6 to access csf in DA it would narrow down the possible issue.

Re: Get error API DirectAdmin : Security Error: No valid session key

Posted: 01 Jul 2020, 10:57
by robertg
Thank you for the answer. Older versions of CSF haven't this problem. I tested it with the lastest DA and an earlier version of CSF.

I found the next

if (($session{key} eq "") or ($session{ip} eq "") or ($session{ip} ne $ENV{REMOTE_ADDR}) or ($session{key} ne $ENV{SESSION_KEY})) {
print "Security Error: No valid session key";
exit;
}

After deleting this part, it is working again. That is not really the solution because we are running many servers with the same issue.
I am not using IPv6.

How can be there a discrepancy with the DA session file? I don't see the solution yet.

Re: Get error API DirectAdmin : Security Error: No valid session key

Posted: 14 Jul 2020, 06:50
by samcuran
Hi, whether direct admin is similar to cpanel? because i had issue on using API for CSF. Whether i need to check my session file?
and how do i manage discrepancies? acnl hair guide

Re: Get error API DirectAdmin : Security Error: No valid session key

Posted: 15 Jul 2020, 12:15
by mahmutcanyar
Yes, I had the same problem, when we connect with the API, it cannot see the session.

I also fixed the problem in the same way, but when the update comes, it may still be broken. It is not a definitive solution. Who needs to communicate this situation in order to avoid this problem again when the update comes?
robertg wrote: 01 Jul 2020, 10:57 Thank you for the answer. Older versions of CSF haven't this problem. I tested it with the lastest DA and an earlier version of CSF.

I found the next

if (($session{key} eq "") or ($session{ip} eq "") or ($session{ip} ne $ENV{REMOTE_ADDR}) or ($session{key} ne $ENV{SESSION_KEY})) {
print "Security Error: No valid session key";
exit;
}

After deleting this part, it is working again. That is not really the solution because we are running many servers with the same issue.
I am not using IPv6.

How can be there a discrepancy with the DA session file? I don't see the solution yet.

Re: Get error API DirectAdmin : Security Error: No valid session key

Posted: 16 Jul 2020, 15:18
by ForumAdmin
If you can provide root access to a server with this specific issue, please log a ticket on our helpdesk so that we can investigate as we are unable to recreate the problem:
https://support.configserver.com

Re: Get error API DirectAdmin : Security Error: No valid session key

Posted: 07 Aug 2020, 11:06
by mahmutcanyar
I changed the lines as below. File: /usr/local/directadmin/plugins/csf/exec/da_csf.cgi
if (($session{key} eq "") or ($session{ip} eq "") or ($session{ip} ne $ENV{REMOTE_ADDR}) or ($session{key} ne $ENV{SESSION_KEY})) {
&loginfail("Security Error: No valid session key".$session{ip}."===".$ENV{REMOTE_ADDR}."====".$ENV{SESSION_ID});
exit;
}

I displayed the following error.
File: /var/lib/csf/da1596794374.error

To disable DirectAdmin session checks, create a touch file called /var/lib/csf/csf.da.skip

Security Error: No valid session key===156.34.23.101====

Session ID = []
Session File [/usr/local/directadmin/data/sessions/da_sess_]...does not exist




my note: Because the information on the server is valuable, I cannot provide server login information.