Auto-login Bug

Provider: OVH

Virtualization Type: VPS

System: Centos 7.5

Installation option:

OLS or Enterprise?

Installing from official server or mirror server?

Install Memcached extension for PHP?

Install LiteSpeed Memcached?

Install Memcached?

Install Redis extension for PHP?

Install Redis?


Since version 2.0.3 After using the autologin for the Database, you are able to logout of phpMyadmin as well as Cyberpanel but even after logging out of both, Anyone is able to re-access phpMyadmin by just going to https://servername:8090/phpmyadmin/index.php and have full access to the session of the last person who was logged in. The session is not closed at all. This is a huge security breech if being used on a pc that is not a personal machine.

Yes, correct, the login session is not clearing even after logout unless we clear the browser cache and session ourself , kind of security issue.

Just noticed this on my new CyberPanel 2 build 3 machine. Very concerning. Fortunately I am able to limit access to port 8090 (and thus phpMyAdmin) to my IP address.

I spent some time trying to force phpMyAdmin to expire the logon cookie after 10 seconds, but was not successful. I tested by adding this line to /usr/local/CyberCP/public/phpmyadmin/

$cfg[‘LoginCookieValidity’] = 10;

I think the phpMyAdmin Signon authentication mode that they are using (Installation — phpMyAdmin 5.1.2-dev documentation) does not use the phpMyAdmin cookies.

There is a suggestion here about how to revert to normal phpMyAdmin logon:

Disabling the Signon authentication might be the most secure option for now.