According to above access log This URL /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1 has been queried 2 times First one was /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1 Second /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1
Since secureHash is one-time hash here might be the issue It is not clear why session was invalidated ..... I'll try to perform more test tonight/tomorrow On Thu, 26 Mar 2020 at 13:49, Daniel Baker <i...@collisiondetection.biz> wrote: > No other OM logins. > > > I actually titled this wrong, it is a REST call not SOAP. > > > Thanks, > > > Dan > > > On 26/03/2020 00:27, Maxim Solodovnik wrote: > > is it possible OM was opened in second tab with active login? > > On Thu, 26 Mar 2020 at 04:15, Daniel Baker <i...@collisiondetection.biz> > wrote: > >> Not sure why I am getting this during entering of a room : >> >> >> I get invalid hash / Access denied show in the browser: >> >> >> [image: image] >> >> >> The url looks like this which seems correct to my understanding : >> >> >> tail -f localhost_access_log.2020-03-25 >> >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +0000] "GET >> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1" >> 200 96 >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +0000] "POST >> /openmeetings/services/user/hash?&sid=973f7132-39f7-47d0-b614-7845c4ed0411 >> HTTP/1.1" 200 96 >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "GET >> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1 >> HTTP/1.1" 200 7231 >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "GET >> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 - >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "GET >> /openmeetings/css/theme.css HTTP/1.1" 304 - >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "GET >> /openmeetings/css/custom.css HTTP/1.1" 304 - >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "-" 400 - >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "-" 400 - >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +0000] "GET >> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1" >> 200 96 >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +0000] "GET >> /openmeetings/services/room/32?&sid=25d019cb-728c-4c7e-a88e-88910b3eae51 >> HTTP/1.1" 200 444 >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +0000] "GET >> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1" >> 200 96 >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +0000] "POST >> /openmeetings/services/user/hash?&sid=bd8227ad-88d1-41ba-b4ce-69239844e5a1 >> HTTP/1.1" 200 96 >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +0000] "GET >> **/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?0-1.0 >> *-access~denied*&secure=9c271470-cfaa-4e95-9d64-**9210b9e4a7cc&language=1&_=1585164268523 >> HTTP/1.1" 200 180 >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +0000] "GET >> /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1 >> HTTP/1.1" 200 7328 >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "-" 400 - >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "-" 400 - >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "-" 400 - >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "GET >> /openmeetings/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initializer/kendo.default.mobile.min-ver-70A144DCABA4386C973AE2446CA25F3D.css >> HTTP/1.1" 200 111339 >> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "GET >> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 - >> >> >> >> OM Version : >> >> >> Name OpenMeetings Version5.0.0-M3 Revisionb739f87 Build >> date2019-12-11T11:42:09Z >> >> >> I can see access denied in the log so that pinpoints it somewhat. Is >> there a way to see my SOAP call is correct or a verbose logging mode ? >> >> Thanks, >> >> Dan >> > > > -- > WBR > Maxim aka solomax > > -- WBR Maxim aka solomax
