No longer log in after update - request timeout

Cerix · March 27, 2023, 11:35am

After updating to 5.40 I can no longer log in, the server log is this:

ERROR "GET /ghost/api/admin/users/me/?include=roles" 403 1ms
Authorization failed
"Unable to determine the authenticated user or integration. Check that cookies are being passed through if using session authentication."
Error ID:
    e1949a10-cc91-11ed-bf6b-eff84db3c8a9
----------------------------------------
NoPermissionError: Authorization failed
    at authorizeAdminApi (/var/lib/ghost/versions/5.40.1/core/server/services/auth/authorize.js:33:25)
    at Layer.handle [as handle_request] (/var/lib/ghost/versions/5.40.1/node_modules/express/lib/router/layer.js:95:5)
    at next (/var/lib/ghost/versions/5.40.1/node_modules/express/lib/router/route.js:144:13)
    at authenticate (/var/lib/ghost/versions/5.40.1/core/server/services/auth/session/middleware.js:28:13)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
[2023-03-27 11:24:04] INFO "GET /ghost/api/admin/site/" 200 2ms
[2023-03-27 11:24:04] INFO "GET /ghost/api/admin/authentication/setup/" 200 7ms

when logging in, the next Post request to ghost/api/admin/session after a while returns error 524
while on the server the log reports:

[2023-03-27 11:27:54] INFO "POST /ghost/api/admin/session" 200 99011ms

very strange that ghost takes more than 1,5 minutes to process the request.

Do you have any suggestions?

mjw · March 27, 2023, 7:07pm

Error 524 is a timeout error, and usually caused by a long-running process on the server. This could be a consequence of increased server load following the upgrade.

What server are you running, and how much CPU and memory is available?

Cerix · March 27, 2023, 8:13pm

it is not related to server resources, i am using an Oracle vps with 2CPU 24gb ram. i have other ghost installations that are still not up to date and have no problems.

from the log you can see that the other requests are processed within a few milliseconds only the /admin/session takes more than 1,5 minutes

Cerix · March 27, 2023, 8:53pm

the timeout is forced by the cloudflare proxy, and is set to 100sec.
If I disable the proxy, the request is never processed even after more than 10 minutes.

Only if I close the browser page does the log appear on the server:

[2023-03-27 20:50:00] INFO "POST /ghost/api/admin/session" 200 5805ms

Even if I enter an incorrect password the request returns the code 200 (only after timeout)

If I send several consecutive requests by pressing the login button, the page breaks and appears:

Page not found

in the log:

NotFoundError: Page not found

mjw · March 27, 2023, 9:14pm

Do you have anything in your setup, e.g., Nginx caching, that could prevent the authentication cookie being set?

Topic		Replies	Views
Login API timeout with certain user after site migration Self-hosting	7	28	September 25, 2024
Admin Access Failure Self-hosting	2	501	June 14, 2023
Cannot login after upgrading to 5.0.2 Self-hosting	2	945	May 27, 2022
Admin endpoints (such as POST /ghost/api/admin/session) no longer works Developer help	0	496	September 28, 2022
Increasing the Reauthentication Interval to prevent timeouts Developer help	1	516	July 20, 2021

No longer log in after update - request timeout

Related topics