"Stay logged in" checkbox doesn't work

[zkvvoob]

Hello,

Ever since I updated my OC to v. 9.1, every user has had to login every time they close a browser. Now, I do have a 2FA (Google Authenticator) enabled, but only for the admin user. The behaviour in question affects everyone - but only in the browser, obviously - using an an app (say OC News reader on Android) is fine.

None of the browsers is set to clear cookies on exit, no other websites which preserve logins are affected. Tried under Chrome, Firefox and Opera.

Hope the information below is enough. If you need anything else, just let me know.

Steps to reproduce

1. Open a browser (i.e. Google Chrome)
2. Login to OC and select "Stay logged in"
3. Do stuff
4. Close browser
5. Re-open browser and OC page

Expected behaviour

The requested page loads straight away

Actual behaviour

Login prompt appears with the following address: /login?redirect_url=%252Fo%252Fapps%252Fnews

Server configuration

Operating system: Ubuntu 14.04.2 LTS
Web server: Apache/2.4.12
Database: MySQL
PHP version: 5.6.23
ownCloud version: 9.1.0 Stable

Updated from an older ownCloud or fresh install: 9.0.3
Where did you install ownCloud from: owncloud.org

Signing status (ownCloud 9.0 and above):

No errors have been found.

List of activated apps:

  - activity: 2.3.2
  - calendar: 1.3.3
  - comments: 0.3.0
  - contacts: 1.4.0.0
  - dav: 0.2.5
  - direct_menu: 0.9.1
  - external: 1.2
  - federatedfilesharing: 0.3.0
  - files: 1.5.1
  - files_pdfviewer: 0.8.1
  - files_sharing: 0.10.0
  - files_texteditor: 2.1
  - files_trashbin: 0.9.0
  - files_versions: 1.3.0
  - files_videoplayer: 0.9.8
  - firstrunwizard: 1.1
  - gallery: 15.0.0
  - news: 9.0.4
  - notifications: 0.3.0
  - provisioning_api: 0.5.0
  - systemtags: 0.3.0
  - tasks: true
  - templateeditor: 0.1
  - theme_switcher: 2.0
  - twofactor_totp: 0.4.1
  - updatenotification: 0.2.1
Disabled:
  - encryption
  - federation
  - files_antivirus
  - files_external
  - shorten
  - user_external
  - user_ldap

The content of config/config.php:

{
    "system": {
        "instanceid": "ocfrmdo25wiy",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "www.domain.com"
        ],
        "datadirectory": "\/home\/me\/oc\/data",
        "overwrite.cli.url": "https:\/\/www.domain.com\/o",
        "dbtype": "mysql",
        "version": "9.1.0.15",
        "dbname": "c1oc91",
        "dbhost": "localhost",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "logtimezone": "UTC",
        "installed": true,
        "loglevel": 3,
        "appstore.experimental.enabled": true,
        "theme": "S13",
        "maintenance": false,
        "htaccess.RewriteBase": "\/o"
    }
}

Are you using external storage, if yes which one: No

Are you using encryption: No

Are you using an external user-backend, if yes which one: No

LDAP configuration (delete this part if not used)

Client configuration

Browser: Google Chrome 52.0.2743.116 m (64-bit), Mozilla Firefox 47.0.1

Operating system: Windows 8.1

Logs

Web server error log

ons'
[Sun Sep 04 15:08:22.490669 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] add path info postfix: /var/www/domain.com/web/o/ocs/v2.php -> /var/www/domain.com/web/o/ocs/v2.php/apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.490692 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] strip per-dir prefix: /var/www/domain.com/web/o/ocs/v2.php/apps/notifications/api/v1/notifications -> ocs/v2.php/apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.490727 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] applying pattern '^(?:build|tests|config|lib|3rdparty|templates)/.*' to uri 'ocs/v2.php/apps/notifications/api/v1/notifications'
[Sun Sep 04 15:08:22.490770 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] add path info postfix: /var/www/domain.com/web/o/ocs/v2.php -> /var/www/domain.com/web/o/ocs/v2.php/apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.490793 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] strip per-dir prefix: /var/www/domain.com/web/o/ocs/v2.php/apps/notifications/api/v1/notifications -> ocs/v2.php/apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.490814 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] applying pattern '^(?:\\.|autotest|occ|issue|indie|db_|console).*' to uri 'ocs/v2.php/apps/notifications/api/v1/notifications'
[Sun Sep 04 15:08:22.490837 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] add path info postfix: /var/www/domain.com/web/o/ocs/v2.php -> /var/www/domain.com/web/o/ocs/v2.php/apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.490860 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] strip per-dir prefix: /var/www/domain.com/web/o/ocs/v2.php/apps/notifications/api/v1/notifications -> ocs/v2.php/apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.490881 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] applying pattern '^core/js/oc.js$' to uri 'ocs/v2.php/apps/notifications/api/v1/notifications'
[Sun Sep 04 15:08:22.490906 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] add path info postfix: /var/www/domain.com/web/o/ocs/v2.php -> /var/www/domain.com/web/o/ocs/v2.php/apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.490931 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] strip per-dir prefix: /var/www/domain.com/web/o/ocs/v2.php/apps/notifications/api/v1/notifications -> ocs/v2.php/apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.490957 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] applying pattern '^core/preview.png$' to uri 'ocs/v2.php/apps/notifications/api/v1/notifications'
[Sun Sep 04 15:08:22.490991 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] add path info postfix: /var/www/domain.com/web/o/ocs/v2.php -> /var/www/domain.com/web/o/ocs/v2.php/apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.491018 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] strip per-dir prefix: /var/www/domain.com/web/o/ocs/v2.php/apps/notifications/api/v1/notifications -> ocs/v2.php/apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.491047 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] applying pattern '.' to uri 'ocs/v2.php/apps/notifications/api/v1/notifications'
[Sun Sep 04 15:08:22.491118 2016] [rewrite:trace1] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b4029058/initial] [perdir /var/www/domain.com/web/o/] pass through /var/www/domain.com/web/o/ocs/v2.php
[Sun Sep 04 15:08:22.491436 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b210c058/subreq] [perdir /var/www/domain.com/web/] add path info postfix: /var/www/domain.com/web/apps -> /var/www/domain.com/web/apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.491472 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b210c058/subreq] [perdir /var/www/domain.com/web/] strip per-dir prefix: /var/www/domain.com/web/apps/notifications/api/v1/notifications -> apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.491499 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b210c058/subreq] [perdir /var/www/domain.com/web/] applying pattern '^.*' to uri 'apps/notifications/api/v1/notifications'
[Sun Sep 04 15:08:22.491954 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b210c058/subreq] [perdir /var/www/domain.com/web/] add path info postfix: /var/www/domain.com/web/apps -> /var/www/domain.com/web/apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.491985 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b210c058/subreq] [perdir /var/www/domain.com/web/] strip per-dir prefix: /var/www/domain.com/web/apps/notifications/api/v1/notifications -> apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.492010 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b210c058/subreq] [perdir /var/www/domain.com/web/] applying pattern '^index\\.php$' to uri 'apps/notifications/api/v1/notifications'
[Sun Sep 04 15:08:22.492037 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b210c058/subreq] [perdir /var/www/domain.com/web/] add path info postfix: /var/www/domain.com/web/apps -> /var/www/domain.com/web/apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.492068 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b210c058/subreq] [perdir /var/www/domain.com/web/] strip per-dir prefix: /var/www/domain.com/web/apps/notifications/api/v1/notifications -> apps/notifications/api/v1/notifications
[Sun Sep 04 15:08:22.492094 2016] [rewrite:trace3] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b210c058/subreq] [perdir /var/www/domain.com/web/] applying pattern '.' to uri 'apps/notifications/api/v1/notifications'
[Sun Sep 04 15:08:22.492148 2016] [rewrite:trace2] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b210c058/subreq] [perdir /var/www/domain.com/web/] rewrite 'apps/notifications/api/v1/notifications' -> '/index.php'
[Sun Sep 04 15:08:22.492177 2016] [rewrite:trace2] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b210c058/subreq] [perdir /var/www/domain.com/web/] trying to replace prefix /var/www/domain.com/web/ with /
[Sun Sep 04 15:08:22.492199 2016] [rewrite:trace1] [pid 17994] mod_rewrite.c(475): [client 192.168.1.1:59113] 192.168.1.1 - - [www.domain.com/sid#b5cfb500][rid#b210c058/subreq] [perdir /var/www/domain.com/web/] internal redirect with /index.php [INTERNAL REDIRECT]

ownCloud log (data/owncloud.log)

{"reqId":"ahu2dYQoAp1MvfsHRQ2L","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:09:08+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"zkvvoob"}
{"reqId":"ahu2dYQoAp1MvfsHRQ2L","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:09:08+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"zkvvoob"}
{"reqId":"t2CS+rPFLc5ennJmnigs","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:09:53+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"user1"}
{"reqId":"t2CS+rPFLc5ennJmnigs","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:09:53+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"user1"}
{"reqId":"t2CS+rPFLc5ennJmnigs","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:09:53+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"user1"}
{"reqId":"t2CS+rPFLc5ennJmnigs","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:09:53+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"user1"}
{"reqId":"fn\/qZLgk\/+VfGRpLWofY","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:09:53+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"user1"}
{"reqId":"fn\/qZLgk\/+VfGRpLWofY","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:09:53+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"user1"}
{"reqId":"fn\/qZLgk\/+VfGRpLWofY","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:09:53+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"user1"}
{"reqId":"fn\/qZLgk\/+VfGRpLWofY","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:09:53+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"user1"}
{"reqId":"zJBX8DJ0+ysjD3j5kbz8","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:08+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"zkvvoob"}
{"reqId":"zJBX8DJ0+ysjD3j5kbz8","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:08+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"zkvvoob"}
{"reqId":"zJBX8DJ0+ysjD3j5kbz8","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:08+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"zkvvoob"}
{"reqId":"zJBX8DJ0+ysjD3j5kbz8","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:08+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"zkvvoob"}
{"reqId":"VlBy3Gsu2Qqh6yfrdcbC","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:09+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"zkvvoob"}
{"reqId":"VlBy3Gsu2Qqh6yfrdcbC","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:09+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"zkvvoob"}
{"reqId":"VlBy3Gsu2Qqh6yfrdcbC","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:09+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"zkvvoob"}
{"reqId":"VlBy3Gsu2Qqh6yfrdcbC","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:09+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"zkvvoob"}
{"reqId":"JKp4WKsjqlfoUs36d4jU","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:30+00:00","method":"POST","url":"\/o\/login?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"JKp4WKsjqlfoUs36d4jU","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:30+00:00","method":"POST","url":"\/o\/login?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"JKp4WKsjqlfoUs36d4jU","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:30+00:00","method":"POST","url":"\/o\/login?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"JKp4WKsjqlfoUs36d4jU","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:30+00:00","method":"POST","url":"\/o\/login?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"9VGn1wqMUjOtJppx9U4m","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:30+00:00","method":"GET","url":"\/o\/login\/selectchallenge?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"9VGn1wqMUjOtJppx9U4m","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:30+00:00","method":"GET","url":"\/o\/login\/selectchallenge?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"9VGn1wqMUjOtJppx9U4m","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:30+00:00","method":"GET","url":"\/o\/login\/selectchallenge?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"9VGn1wqMUjOtJppx9U4m","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:30+00:00","method":"GET","url":"\/o\/login\/selectchallenge?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"9VGn1wqMUjOtJppx9U4m","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:30+00:00","method":"GET","url":"\/o\/login\/selectchallenge?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"9VGn1wqMUjOtJppx9U4m","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:30+00:00","method":"GET","url":"\/o\/login\/selectchallenge?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"9VGn1wqMUjOtJppx9U4m","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:30+00:00","method":"GET","url":"\/o\/login\/selectchallenge?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"9VGn1wqMUjOtJppx9U4m","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:30+00:00","method":"GET","url":"\/o\/login\/selectchallenge?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"Ao4ZgD1TT9dicB9weTU0","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:35+00:00","method":"GET","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"Ao4ZgD1TT9dicB9weTU0","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:35+00:00","method":"GET","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"Ao4ZgD1TT9dicB9weTU0","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:35+00:00","method":"GET","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"Ao4ZgD1TT9dicB9weTU0","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:35+00:00","method":"GET","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"Ao4ZgD1TT9dicB9weTU0","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:35+00:00","method":"GET","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"Ao4ZgD1TT9dicB9weTU0","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:35+00:00","method":"GET","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"Ao4ZgD1TT9dicB9weTU0","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:35+00:00","method":"GET","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"Ao4ZgD1TT9dicB9weTU0","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:35+00:00","method":"GET","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"lYGQ8QQ7mdoHr\/zweIwI","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:43+00:00","method":"POST","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"lYGQ8QQ7mdoHr\/zweIwI","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:43+00:00","method":"POST","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"lYGQ8QQ7mdoHr\/zweIwI","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:43+00:00","method":"POST","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"lYGQ8QQ7mdoHr\/zweIwI","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:43+00:00","method":"POST","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"lYGQ8QQ7mdoHr\/zweIwI","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:43+00:00","method":"POST","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"lYGQ8QQ7mdoHr\/zweIwI","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:43+00:00","method":"POST","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"lYGQ8QQ7mdoHr\/zweIwI","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:43+00:00","method":"POST","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"lYGQ8QQ7mdoHr\/zweIwI","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:43+00:00","method":"POST","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"lYGQ8QQ7mdoHr\/zweIwI","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:43+00:00","method":"POST","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"lYGQ8QQ7mdoHr\/zweIwI","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:43+00:00","method":"POST","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"lYGQ8QQ7mdoHr\/zweIwI","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:43+00:00","method":"POST","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"lYGQ8QQ7mdoHr\/zweIwI","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:43+00:00","method":"POST","url":"\/o\/login\/challenge\/totp?redirect_url=%252Fo%252Fapps%252Fnews","user":"zkvvoob"}
{"reqId":"tKJN5zjAOeETlJRgFw4i","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:43+00:00","method":"GET","url":"\/o\/apps\/news","user":"zkvvoob"}
{"reqId":"tKJN5zjAOeETlJRgFw4i","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:43+00:00","method":"GET","url":"\/o\/apps\/news","user":"zkvvoob"}
{"reqId":"tKJN5zjAOeETlJRgFw4i","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:43+00:00","method":"GET","url":"\/o\/apps\/news","user":"zkvvoob"}
{"reqId":"tKJN5zjAOeETlJRgFw4i","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:43+00:00","method":"GET","url":"\/o\/apps\/news","user":"zkvvoob"}
{"reqId":"tKJN5zjAOeETlJRgFw4i","remoteAddr":"192.168.1.1","app":"PHP","message":"file_exists(): open_basedir restriction in effect. File(\/var\/www\/clients\/client1\/web3\/web\/o\/themes\/S13\/apps\/tasks\/img\/tasks.svg) is not within the allowed path(s): (\/var\/www\/clients\/client1\/web3\/web:\/var\/www\/clients\/client1\/web3\/private:\/var\/www\/clients\/client1\/web3\/tmp:\/var\/www\/domain.com\/web:\/srv\/www\/domain.com\/web:\/usr\/share\/php5:\/usr\/share\/php:\/tmp:\/usr\/share\/phpmyadmin:\/etc\/phpmyadmin:\/var\/lib\/phpmyadmin:\/usr\/share\/php:\/home\/bobo\/oc\/data:\/dev) at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/URLGenerator.php#158","level":3,"time":"2016-09-04T12:10:44+00:00","method":"GET","url":"\/o\/apps\/news","user":"zkvvoob"}
{"reqId":"tKJN5zjAOeETlJRgFw4i","remoteAddr":"192.168.1.1","app":"PHP","message":"file_exists(): open_basedir restriction in effect. File(\/var\/www\/clients\/client1\/web3\/web\/o\/themes\/S13\/apps\/tasks\/img\/tasks.svg) is not within the allowed path(s): (\/var\/www\/clients\/client1\/web3\/web:\/var\/www\/clients\/client1\/web3\/private:\/var\/www\/clients\/client1\/web3\/tmp:\/var\/www\/domain.com\/web:\/srv\/www\/domain.com\/web:\/usr\/share\/php5:\/usr\/share\/php:\/tmp:\/usr\/share\/phpmyadmin:\/etc\/phpmyadmin:\/var\/lib\/phpmyadmin:\/usr\/share\/php:\/home\/bobo\/oc\/data:\/dev) at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/URLGenerator.php#160","level":3,"time":"2016-09-04T12:10:44+00:00","method":"GET","url":"\/o\/apps\/news","user":"zkvvoob"}
{"reqId":"tKJN5zjAOeETlJRgFw4i","remoteAddr":"192.168.1.1","app":"PHP","message":"file_exists(): open_basedir restriction in effect. File(\/var\/www\/clients\/client1\/web3\/web\/o\/themes\/S13\/apps\/tasks\/img\/tasks.png) is not within the allowed path(s): (\/var\/www\/clients\/client1\/web3\/web:\/var\/www\/clients\/client1\/web3\/private:\/var\/www\/clients\/client1\/web3\/tmp:\/var\/www\/domain.com\/web:\/srv\/www\/domain.com\/web:\/usr\/share\/php5:\/usr\/share\/php:\/tmp:\/usr\/share\/phpmyadmin:\/etc\/phpmyadmin:\/var\/lib\/phpmyadmin:\/usr\/share\/php:\/home\/bobo\/oc\/data:\/dev) at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/URLGenerator.php#161","level":3,"time":"2016-09-04T12:10:44+00:00","method":"GET","url":"\/o\/apps\/news","user":"zkvvoob"}
{"reqId":"IeTwS+S7crbNkpEOiI\/R","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:45+00:00","method":"GET","url":"\/o\/avatar\/zkvvoob\/32","user":"zkvvoob"}
{"reqId":"IeTwS+S7crbNkpEOiI\/R","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:45+00:00","method":"GET","url":"\/o\/avatar\/zkvvoob\/32","user":"zkvvoob"}
{"reqId":"IeTwS+S7crbNkpEOiI\/R","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:45+00:00","method":"GET","url":"\/o\/avatar\/zkvvoob\/32","user":"zkvvoob"}
{"reqId":"IeTwS+S7crbNkpEOiI\/R","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:45+00:00","method":"GET","url":"\/o\/avatar\/zkvvoob\/32","user":"zkvvoob"}
{"reqId":"930+v+ugh7kktHK+Y9fk","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:46+00:00","method":"GET","url":"\/o\/apps\/news\/feeds\/active","user":"zkvvoob"}
{"reqId":"930+v+ugh7kktHK+Y9fk","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:46+00:00","method":"GET","url":"\/o\/apps\/news\/feeds\/active","user":"zkvvoob"}
{"reqId":"930+v+ugh7kktHK+Y9fk","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:46+00:00","method":"GET","url":"\/o\/apps\/news\/feeds\/active","user":"zkvvoob"}
{"reqId":"930+v+ugh7kktHK+Y9fk","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:46+00:00","method":"GET","url":"\/o\/apps\/news\/feeds\/active","user":"zkvvoob"}
{"reqId":"n8AD+P42z5J2lPM7Ylzz","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:47+00:00","method":"GET","url":"\/o\/apps\/news\/settings","user":"zkvvoob"}
{"reqId":"n8AD+P42z5J2lPM7Ylzz","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:47+00:00","method":"GET","url":"\/o\/apps\/news\/settings","user":"zkvvoob"}
{"reqId":"n8AD+P42z5J2lPM7Ylzz","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:47+00:00","method":"GET","url":"\/o\/apps\/news\/settings","user":"zkvvoob"}
{"reqId":"n8AD+P42z5J2lPM7Ylzz","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:47+00:00","method":"GET","url":"\/o\/apps\/news\/settings","user":"zkvvoob"}
{"reqId":"cThaE8cFpqtu9ayoSZIX","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:47+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"zkvvoob"}
{"reqId":"cThaE8cFpqtu9ayoSZIX","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:47+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"zkvvoob"}
{"reqId":"cThaE8cFpqtu9ayoSZIX","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:47+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"zkvvoob"}
{"reqId":"cThaE8cFpqtu9ayoSZIX","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:47+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"zkvvoob"}
{"reqId":"XStu871\/ETcNQsmBAocZ","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:47+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"zkvvoob"}
{"reqId":"XStu871\/ETcNQsmBAocZ","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:47+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"zkvvoob"}
{"reqId":"XStu871\/ETcNQsmBAocZ","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:47+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"zkvvoob"}
{"reqId":"XStu871\/ETcNQsmBAocZ","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:47+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"zkvvoob"}
{"reqId":"wZIifJ1iRAgEwH91q3X7","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:49+00:00","method":"GET","url":"\/o\/apps\/news\/items?id=5&limit=40&oldestFirst=false&search=&showAll=false&type=1","user":"zkvvoob"}
{"reqId":"wZIifJ1iRAgEwH91q3X7","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:49+00:00","method":"GET","url":"\/o\/apps\/news\/items?id=5&limit=40&oldestFirst=false&search=&showAll=false&type=1","user":"zkvvoob"}
{"reqId":"wZIifJ1iRAgEwH91q3X7","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:49+00:00","method":"GET","url":"\/o\/apps\/news\/items?id=5&limit=40&oldestFirst=false&search=&showAll=false&type=1","user":"zkvvoob"}
{"reqId":"wZIifJ1iRAgEwH91q3X7","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:49+00:00","method":"GET","url":"\/o\/apps\/news\/items?id=5&limit=40&oldestFirst=false&search=&showAll=false&type=1","user":"zkvvoob"}
{"reqId":"lpqPfwuwoJOJd\/VEqclL","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:51+00:00","method":"GET","url":"\/o\/apps\/files\/","user":"zkvvoob"}
{"reqId":"lpqPfwuwoJOJd\/VEqclL","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:51+00:00","method":"GET","url":"\/o\/apps\/files\/","user":"zkvvoob"}
{"reqId":"lpqPfwuwoJOJd\/VEqclL","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:51+00:00","method":"GET","url":"\/o\/apps\/files\/","user":"zkvvoob"}
{"reqId":"lpqPfwuwoJOJd\/VEqclL","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:51+00:00","method":"GET","url":"\/o\/apps\/files\/","user":"zkvvoob"}
{"reqId":"lpqPfwuwoJOJd\/VEqclL","remoteAddr":"192.168.1.1","app":"PHP","message":"file_exists(): open_basedir restriction in effect. File(\/var\/www\/clients\/client1\/web3\/web\/o\/themes\/S13\/apps\/tasks\/img\/tasks.svg) is not within the allowed path(s): (\/var\/www\/clients\/client1\/web3\/web:\/var\/www\/clients\/client1\/web3\/private:\/var\/www\/clients\/client1\/web3\/tmp:\/var\/www\/domain.com\/web:\/srv\/www\/domain.com\/web:\/usr\/share\/php5:\/usr\/share\/php:\/tmp:\/usr\/share\/phpmyadmin:\/etc\/phpmyadmin:\/var\/lib\/phpmyadmin:\/usr\/share\/php:\/home\/bobo\/oc\/data:\/dev) at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/URLGenerator.php#158","level":3,"time":"2016-09-04T12:10:51+00:00","method":"GET","url":"\/o\/apps\/files\/","user":"zkvvoob"}
{"reqId":"lpqPfwuwoJOJd\/VEqclL","remoteAddr":"192.168.1.1","app":"PHP","message":"file_exists(): open_basedir restriction in effect. File(\/var\/www\/clients\/client1\/web3\/web\/o\/themes\/S13\/apps\/tasks\/img\/tasks.svg) is not within the allowed path(s): (\/var\/www\/clients\/client1\/web3\/web:\/var\/www\/clients\/client1\/web3\/private:\/var\/www\/clients\/client1\/web3\/tmp:\/var\/www\/domain.com\/web:\/srv\/www\/domain.com\/web:\/usr\/share\/php5:\/usr\/share\/php:\/tmp:\/usr\/share\/phpmyadmin:\/etc\/phpmyadmin:\/var\/lib\/phpmyadmin:\/usr\/share\/php:\/home\/bobo\/oc\/data:\/dev) at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/URLGenerator.php#160","level":3,"time":"2016-09-04T12:10:51+00:00","method":"GET","url":"\/o\/apps\/files\/","user":"zkvvoob"}
{"reqId":"lpqPfwuwoJOJd\/VEqclL","remoteAddr":"192.168.1.1","app":"PHP","message":"file_exists(): open_basedir restriction in effect. File(\/var\/www\/clients\/client1\/web3\/web\/o\/themes\/S13\/apps\/tasks\/img\/tasks.png) is not within the allowed path(s): (\/var\/www\/clients\/client1\/web3\/web:\/var\/www\/clients\/client1\/web3\/private:\/var\/www\/clients\/client1\/web3\/tmp:\/var\/www\/domain.com\/web:\/srv\/www\/domain.com\/web:\/usr\/share\/php5:\/usr\/share\/php:\/tmp:\/usr\/share\/phpmyadmin:\/etc\/phpmyadmin:\/var\/lib\/phpmyadmin:\/usr\/share\/php:\/home\/bobo\/oc\/data:\/dev) at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/URLGenerator.php#161","level":3,"time":"2016-09-04T12:10:51+00:00","method":"GET","url":"\/o\/apps\/files\/","user":"zkvvoob"}
{"reqId":"t4FPGkZcalQ2rlsmsbxl","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:53+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"user1"}
{"reqId":"t4FPGkZcalQ2rlsmsbxl","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:53+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"user1"}
{"reqId":"t4FPGkZcalQ2rlsmsbxl","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:53+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"user1"}
{"reqId":"t4FPGkZcalQ2rlsmsbxl","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:53+00:00","method":"GET","url":"\/o\/apps\/news\/folders","user":"user1"}
{"reqId":"ZiVdFMU3\/eHoLQ5T56ky","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:53+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"user1"}
{"reqId":"ZiVdFMU3\/eHoLQ5T56ky","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:53+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"user1"}
{"reqId":"ZiVdFMU3\/eHoLQ5T56ky","remoteAddr":"192.168.1.1","app":"PHP","message":"Undefined index: two-factor-providers at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#111","level":3,"time":"2016-09-04T12:10:53+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"user1"}
{"reqId":"ZiVdFMU3\/eHoLQ5T56ky","remoteAddr":"192.168.1.1","app":"PHP","message":"Invalid argument supplied for foreach() at \/var\/www\/clients\/client1\/web3\/web\/o\/lib\/private\/Authentication\/TwoFactorAuth\/Manager.php#112","level":3,"time":"2016-09-04T12:10:53+00:00","method":"GET","url":"\/o\/apps\/news\/feeds","user":"user1"}

Browser log

JQMIGRATE: Migrate is installed, version 1.4.0
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2822238.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2822218.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2809555.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2822248.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2822229.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.abc/images/253/81057e58befdc7f53f97d9f9c8ab8b4d.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2822193.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2811122.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2709306.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2822215.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.abc/images/253/f59ca1fc9a29f407c18d376727f5e24c.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2822212.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2752337.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2821808.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2747548.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2822097.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2822181.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.abc/images/253/2f1e0cd68765f312e892151f3c273fd8.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2820779.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2820826.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2821585.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.abc/images/253/244e4877d3633456c903ba98e081475e.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.abc/images/253/b58c6cb3125516fa3b67a626171e1a43.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2822115.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.abc/images/253/2b1898b60483e47a0dd77453532c93a5.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2820814.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.xyz/shimg/zx350c_2822117.jpg'. This content should also be served over HTTPS.
/o/apps/news/#/items/folders/5:1 Mixed Content: The page at 'https://www.domain.com/o/apps/news/#/items/folders/5' was loaded over HTTPS, but requested an insecure image 'http://www.news.abc/images/253/54a6deea8174e175d3261a504c3e7086.jpg'. This content should also be served over HTTPS.
Failed to parse SourceMap: https://www.domain.com/o/apps/news/js/vendor/angular-route/angular-route.min.js.map
Failed to parse SourceMap: https://www.domain.com/o/apps/news/js/vendor/angular/angular.min.js.map
Failed to parse SourceMap: https://www.domain.com/o/apps/news/js/vendor/es6-shim/es6-shim.map
Failed to parse SourceMap: https://www.domain.com/o/apps/news/js/vendor/angular-sanitize/angular-sanitize.min.js.map
Failed to parse SourceMap: https://www.domain.com/o/core/vendor/jquery/dist/jquery.min.map
Failed to parse SourceMap: https://www.domain.com/o/apps/news/js/vendor/angular-animate/angular-animate.min.js.map

[PVince81]

Indeed, seems broken even in 9.1.1RC1.

Also doesn't work in 9.0.5RC1, 9.0.4.
Works fine in v8.2.7.

My steps:

1. Clear cookies
2. Setup OC
3. Create a user "user1"
4. Log out
5. Login as "user1" and tick "Remember"
6. Click the login arrow
7. Close the browser
8. Open the browser again on ownCloud's URL

Expected

Login remembered

Actual

Login page is back.

Regression from 8.2

[PVince81]

Trying to bisect this... very difficult. In some cases when I thought a commit is broken, the next time I try it, it works again.

Now trying again and being more careful about every action. Clear cookies, which URL I open after reopening the browser, etc.

[PVince81]

Okay, bisect says that this commit 6f4712a is the breaking one.
I retried it 5 times to confirm that it's broken and also tried the previous one several times to confirm that it works.

[PVince81]

and this doesn't make any sense at all! The commit doesn't even look related 😞

[PVince81]

There is something very fishy about this commit.

I tried the following:

• branch off the commit and revert it: still broken
• branch off the previous commit that works and apply the changeset from 6f4712a on top of it, still works.

So this means the commit as displayed in github doesn't affect it. But it seems to be attached to other potential changes...

[PVince81]

RACE CONDITION.......

I see two requests arriving at the server, both with the same "remember me" cookie.
The first one goes through and redirects to the main page. But for some reason the UI doesn't show it. (to be investigated).
The second one goes through too, but seems to fail. Because as soon as a "remember me" cookie was used, its token gets destroyed in the DB and replaced by a new one. But the second request still has the old token, so fails...

If I go through the two requests slowly with a debugger in a way that makes them work sequentially, the "remember me" does work.

This is only rough guessed info, will need more debugging.

[PVince81]

Added some debugging, here we can see the requests:

{"reqId":"tSkXHkCZ2ipn\/E01YmJO","remoteAddr":"127.0.0.1","app":"core","message":"loginWithCookie: $uid=user1 $currentToken=ITm+1ZXGaIQZg+fjW6v19IokNfFD1cD\/","level":0,"time":"2016-09-06T17:02:47+00:00","method":"GET","url":"\/owncloud\/","user":"--"}
{"reqId":"tSkXHkCZ2ipn\/E01YmJO","remoteAddr":"127.0.0.1","app":"core","message":"Authentication cookie accepted for user user1","level":0,"time":"2016-09-06T17:02:47+00:00","method":"GET","url":"\/owncloud\/","user":"user1"}
{"reqId":"LDC4c2L\/NxImiwlchpV8","remoteAddr":"127.0.0.1","app":"core","message":"loginWithCookie: $uid=user1 $currentToken=ITm+1ZXGaIQZg+fjW6v19IokNfFD1cD\/","level":0,"time":"2016-09-06T17:02:48+00:00","method":"GET","url":"\/owncloud\/","user":"--"}
{"reqId":"LDC4c2L\/NxImiwlchpV8","remoteAddr":"127.0.0.1","app":"core","message":"Authentication cookie rejected for user user1","level":2,"time":"2016-09-06T17:02:48+00:00","method":"GET","url":"\/owncloud\/","user":"--"}

They indeed both arrive with the same "oc_token".

[PVince81]

Ohhhh, now I know why Chromium is sending two requests and why I was getting random results...

Every time I reopened Chromium, I typed the letter L "l" which would find "http://localhost/owncloud" in the history and auto-select it as URL. But now before I even hit enter, Chromium already sends a request to the server with the cookie... And in most of my tests, I hit enter very quickly so it would re-send a second request with the same payload...

[PVince81]

ah, and additionally the "redirect" was received by the first call, the one from the address bar.

And since the second call's cookie is rejected, instead of reusing whichever session was just created by the other one, it fails.

Now the question is whether we can make the second request use the session from the first one... It might not even be possible because the second request started before the first one returned, so there is no session cookie yet.

Ah, what a nightmare!

[PVince81]

@zkvvoob can you ask the users who have the issue to try with Firefox instead ? Goal is to find out whether the issue you are having is exactly what I described. Firefox doesn't do an extra request.

[PVince81]

@zkvvoob another way is that whenever the user types or copies the URL in the address bar, instead of hitting "enter" directly, wait a second or two... then hit enter.

@zkvvoob do you have more information about the exact workflow how ownCloud is being reopened after being closed. Is it a bookmark ? Or typed in address bar ? Or a tab that reopens upon restore ?

[PVince81]

I checked the request headers, but there seems to be no way to distinguish Chrome's address bar request from the real open, so we can't discard the first request. 😦

[zkvvoob]

Just played a bit more in Firefox: made sure it keeps cookies for a few
other websites; logged in to OC, did some stuff, then closed the browser.
When I reopened and tried OC, got redirected to the login screen.

In 99% of the cases everyone here uses a bookmark to open OC. Very rarely
would anyone resort to typing the address and relying on the browser's
history.

2016-09-06 20:15 GMT+03:00 Vincent Petry [email protected]:

@zkvvoob https://github.com/zkvvoob another way is that whenever the
user types or copies the URL in the address bar, instead of hitting "enter"
directly, wait a second or two... then hit enter.

@zkvvoob https://github.com/zkvvoob do you have more information about
the exact workflow how ownCloud is being reopened after being closed. Is it
a bookmark ? Or typed in address bar ? Or a tab that reopens upon restore ?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#26027 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AHSqcPPVRzPv_VfZSMXlKZPdw9yN7-Rtks5qnZ-fgaJpZM4J0haz
.

[PVince81]

I was actually testing on v9.0.5RC1 / stable9.

Now I just tried on v9.1.0 and indeed it's completely broken.
Somehow I can't find the matching piece of code any more and there is no code that calls loginWithCookie. @ChristophWurst where did it go ?

[ChristophWurst]

@PVince81 it's gone, unfortunately. I probably refactored it away while working on the auth stuff 🙈 🙊

[cthil]

Same problem over here, doesn't work either with Safari or Chromium.
The issue was already reported some time ago as #25602 and traced back to a cookie lifetime issue, but never fixed (even if the issue was closed).

[giladwolff]

Disclaimer: I was trying to find a different bug but ended up reading this. I had a weird cookie issue that ended up being related to cookie size limits. They are different in Chrome and Firefox. Chrome has 4096 bytes per cookie limit while firefox limits are much higher. Just thought of mentioning this as this may be related.

[PVince81]

@ChristophWurst any chance to bring it back ?

[ghost]

@PVince81 It seems @ChristophWurst is working at nextcloud/server#1347

[covici]

I usually just log in via the equivalent of the run dialog, no bookmark, history or anything and I am using internet explorer and its completely broke using 9.1.0.

[PVince81]

We can't reuse their code due to licensing issues... ok then will need to reimplement it ourselves here.

[ghost]

@PVince81 Sure, i know. But maybe @ChristophWurst is providing the code changes with a different license as implementing something broken and then don't fix it doesn't look like a good move to me.

[felixboehm]

@pmaier1
reopened

[ownclouders]

Hey, this issue has been closed because the label status/STALE is set and there were no updates for 7 days. Feel free to reopen this issue if you deem it appropriate.

(This is an automated comment from GitMate.io.)

[PVince81]

@DeepDiver1975 I heard you had some ideas how to bring it back ?

[haarp]

If you're using Apache, you can work around the cookie lifetime issue with something like:

# Fix ownCloud setting session cookies only
# also needs higher session_lifetime in config.php for best results
<Directory /var/www/owncloud>
    Header edit Set-Cookie ^(.*)$ $1;Max-Age=1296000
</Directory>

Note that I'm still on 9.1

[davitol]

"Stay logged in" checkbox is no longer available in oC 10.1.
oC v.9.1 reached to EOL, so let's close the ticket