Skip to main content

cpanel session log

ottdev
End of Feb 2016 this changed - is the length controlled by a setting or it's only being truncated in the log
# grep -m1 "2016-02.*NEW " session_log [2016-02-01 01:59:12 -0500] info [cpsrvd] 1.2.3.4 NEW username:qcBosOuRuAGsuhOMTh_ls5E2IrROwx__YM_Bs9J972EP9ZaG7aNJFs2_0OOmoVT5 address=1.2.3.4,app=cpaneld,creator=username,method=handle_form_login,path=form,possessed=0 # grep -m1 "2017.*NEW " session_log [2017-01-04 21:18:18 -0500] info [cpsrvd] 1.2.3.4 NEW root:nFYzl15pEU3egiBP address=1.2.3.4,app=whostmgrd,creator=root,method=handle_form_login,path=form,possessed=0

Comments

5 comments

Date Votes
  • cPanelMichael
    Hello, The session name referenced in the log should match what you see in the following directory: /var/cpanel/sessions/raw/ It's not possible to modify how the session name is generated. Thank you.
    0
  • ottdev
    Hello, The session name referenced in the log should match what you see in the following directory: /var/cpanel/sessions/raw/ It's not possible to modify how the session name is generated. Thank you.

    What controls the length ? They changed from 64 characters to 16 characters as of Feb 29/2016.
    0
  • cPanelMichael
    Hello, Here's a quote from our
    I believe this is the change you are noticing in the log output you provided. Thank you.
    0
  • ottdev
    I am not asking about the frequency of logins (there may be less, I didn't notice) - I understand you mean when a user logged in, it also hooked them up for sql and backups even if they didn't go there. Now it waits until they actually use these functions - so instead of 3 logins, it only creates one initially. I understand that - but why did the session length decrease from 64 characters to only 16 - wouldn't 64 charcters be more secure ? NEW username:qcBosOuRuAGsuhOMTh_ls5E2IrROwx__YM_Bs9J972EP9ZaG7aNJFs2_0OOmoVT5
    0
  • cPanelMichael
    Hello, I don't see the specific case number that references the change, so it's possible that it was changed as part of the Security Tokens functionality included in a previous version. The session name you see in /usr/local/cpanel/logs/session_log doesn't include data that's usable in a web browser or through an external application for authentication. It's the name the corresponds to a file in the /var/cpanel/sessions/raw directory. Thus, it's not considered a security risk because it's not a value that can be used for access to cPanel/WHM/Webmail. Here's an example of what you will see if you view the session file in the /var/cpanel/sessions/raw directory:
    # cat root:wB0vfgw_V3Ttj0VF ip_address=1.2.3.4 login_theme=cpanel origin_as_string=address=1.2.3.4,app=whostmgrd,creator=root,method=handle_form_login,path=form,possessed=0 user=root external_validation_token=2FXf0Qz5KF2eJH4C original_ip_address=1.2.3.4 cp_security_token=/cpsess1234592347 successful_internal_auth_with_timestamp=1494261947 pass=2021757500b5754351234531603035673733383336683936383033626268385 tfa_verified=0
    Notice that the actual security tokens are stored within the session file and do not correspond to the session name that appears in the session log. Thus, whether "wB0vfgw_V3Ttj0VF" in this example is 16-characters or 64-characters should not matter. Thank you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post