Hi,
I am using Moodle 3.4
We are taking examination of around 25000 students in moodle.
There are total 120 quizzes.
I am facing invalidsesskey problem a lot while quiz attempt.
We are using redis session driver to handle sessions.
I am clueless why it happens again and again
Please help me in configuring error free sessions.
No help
Not a clue.
I'm struggling to think how this might happen. Have you covered the basics... enabled Debugging, checked the web server error log for any hints?
Is there anything unusual about your setup and/or any dependencies on external systems (that might be causing this)? For example, what are you using for authentication?
Hi Howard,
Thanks for reply.
Debugging is set of ALL with Display debug messages
But it shows nothing.
Below errors comes continuously now
Warning: rmdir(/home/aisectce/moodledata/cache/cachestore_file/default_application): Directory not empty in /home/aisectce/public_html/lib/moodlelib.php on line 9221
Warning: rmdir(/home/aisectce/moodledata/cache/cachestore_file): Directory not empty in /home/aisectce/public_html/lib/moodlelib.php on line 9221
Hi Aditya,
try to purge the cache stores via CLI, https://docs.moodle.org/34/en/Administration_via_command_line#Purge_caches, using the same user your web server is running with.
Guessing a permission issue in the /cache folder.
HTH,
Matteo
Hi Matteo
Thanks for reply.
Right now its 755 what permission I should give to cache folder??
Hi Aditya,
it depends on the user your Moodle instance is running on top of : 777 is open to anyone - not fine unless for debugging purposes -, 755 readable and traversable (it should be for folders only the "x") by others - which is fine but not required - but you need to check even the user/group for the first "7" - ideally it could be 0750 or strictly 0700 (more at https://docs.moodle.org/34/en/Security_recommendations#Most_secure.2Fparanoid_file_permissions ).
HTH,
Matteo
Don't run redis myself, but ...
https://tracker.moodle.org/browse/MDL-54606
Does have available a redis_test.php script as well as other info on monitoring from CLI.
'spirit of sharing', Ken
Hi Ken,
Thanks for reply.
I will check what you share
Hi Below is error details of invalidsesskey:
Your session has most likely timed out. Please log in again.
File: /lib/setuplib.php
Line: 482
Error code: invalidsesskey
* line 482 of /lib/setuplib.php: moodle_exception thrown
* line 85 of /lib/sessionlib.php: call to print_error()
* line 216 of /lib/externallib.php: call to require_sesskey()
* line 59 of /lib/ajax/service.php: call to external_api::call_external_function()
Have you upgraded your Moodle site and do you have latest version PHP installed?
Hi Kavita,
Thanks for reply
I am using Moodle 3.4.1 (Build: 20180115)
I mean have you upgraded it from older version or it has been installed from scratch.
And the version of PHP?
Yes I upgraded it from older version and PHP version is PHP 7.2
I am not sure but i think it is related to some of the plugins which are not supported in Moodle 3.4
Only FORDSON Theme is installed additional
All other are core components of Moodle.
Around 1000 students are giving exam in a batch and I am facing this problem a lot.
Please help
How often are you running cron?
In the task list, check setting for:
\core\task\stats_cron_task
\core\task\session_cleanup_task
Warning:
rmdir(/home/aisectce/moodledata/cache/cachestore_file/default_application):
Directory not empty in /home/aisectce/public_html/lib/moodlelib.php on
line 9221
line 9221 is part of a section which has this comment at the beginning:
* Delete directory or only its content
Line 9221:
* $result = rmdir($dir); // If anything left the result will be false, no ne$
clearstatcache(); // Make sure file stat cache is properly invalidated.
return $result;
Looks like it's trying to clear the stat cache
Permissions?
You should be able to make the permissions quite liberal in subdirectories of
moodledata/cache/cachestore_file/default_application
You've not shared the setup of your server... where is moodledata? From what I can gather so far site is meant o handle a lot of traffic so there might be some tweaks needed to parts/pieces.
'spirit of sharing', Ken
Hi Ken
Thanks for reply.
My moodledata directory is with public_html
Permissions of moodledata/cache/cachestore_file/default_application is 0777
Whenever I clear cache I got below warnings:
Warning: rmdir(/home/aisectce/moodledata/cache/cachestore_file/default_application/core_databasemeta): Directory not empty in /home/aisectce/public_html/lib/moodlelib.php on line 9221
Warning: rmdir(/home/aisectce/moodledata/cache/cachestore_file/default_application): Directory not empty in /home/aisectce/public_html/lib/moodlelib.php on line 9221
Warning: rmdir(/home/aisectce/moodledata/cache/cachestore_file): Directory not empty in /home/aisectce/public_html/lib/moodlelib.php on line 9221
Can you please elaborate about Task List, I did not get your point (Sorry for that)
Cron runs once in a day at 12:00 AM
Ken around 1000 students are attempting different quiz at a time.
Waiting for your kind reply.
Think the recommenation for how to run cron is now every minute. Howard/others can verify that if you think I'm incorrect.
There are probably many things that need catching up on your site, so suggest you login as root and go to /path/to/moodlecode/admin/cli/ and run cron. php cron.php [ENTER]. That error or take a very long time. If it errors, please don copy and paste the error output to a text document for later posting back here in this thread. Continue to try however ... like I said, there might be a lot for Moodle to catch up upon.
moodledata in public_html isn't the normal location on a dedicated server. And that is one of the reasons for your concern on permissions. public_html is normally used in a setup of apache's 'user space' - which is restricted. So where are you hosted and please provide some specs of hosting setup. You might be hosted on something that's simply under-powered for what you want to do with it. OR you could/might be able to move moodledata to a more secure location AND then be able to be more liberal with permissions for the 'apache' user.
task ... use the Site Admin menu search box for 'task'. Looking for link to 'Scheduled Task'. Those are, for lack of a better term, sub-crons. When you run the main cron.php file, it calls task based upon their settings. ASAP runs 'as soon as possible'. Others have a 'cron' setup of their own. Check the two task mentioned previously.
In higher versions of Mooldle, there is a 'run now' link below some of the task.
Those, BTW, can also be run from command line ... one at a time .... /path/to/moodlecode/admin/tool/task/cli/
So set the cron job to run every minute. Run the cron job from the command line until it doesn't show anything (that means it's 'caught up'). And then gather info to respond to question above, please.
'spirit of sharing', Ken
Hi Ken,
Thanks for reply
Should I run CRON every minute??????
I scheduled cron run on server through CPanel:
0 0 * * * url_of_my_website/admin/cli/cron.php >/dev/null
Should I change this to per minute???
My Server configuration is as follows:
Dual Intel XEON E5-2670
16 Core / 32 Threads
2.66GHz / 3.3GHz Turbo
64 GB RAM
480 GB SSD
CentOS 7.x (64bit)
WHM/cPanel
2 IP Address
Gigabit Uplink
Unlimited Data Transfer
I have around 7 moodle instances installed on server in different accounts.
I did not get any error in cron.
Location of moodledata was in public_html before but then moodle says
Your site configuration might not be secure. Please make sure that your dataroot directory (/home/mysite/public_html/moodledata) is not directly accessible via web.
That's why it is in /home/mysite/moodledata
stat_cron_task look like this:
session_cleanup_task look like this:
I hope I didnt miss anything you required to know
Waiting for your kind reply
Thanks for info ... helps ...
Howard? Emma? Every minute?
Due to 'around 7' think I'd split up he cron jobs for the sites and run each sites cron job staggered 0 for site A, 1 for site B, 2 for site C, etc.
Why? Have a sandbox server with multiple sandbox sites ... cron's set to run every minute at the same time to begin with. The webmin 'front page'/dashboard has a 'dial' for memory ... when the cron jobs would kick in (all scheduled to run at the same time) I'd see that 'dial' burst to around 30-40% of max of 16Gig memory.
After I staggered the cron jobs per sandbox site, burst to only 10-20% and the 'high' side of that was result of 2 of 5 sites running autobackups .
Your CPanel probably doesn't have anything 'realtime' like that so since your server is Linux you would watch top to get an idea of what's happening when all 'around 7' sites run their cron jobs.
With 'around' 7' staggered that means each site's cron will run every 'around 7' minutes.
I'd also use /path/to/php /path/to/site/admin/cli/cron.php --- whatever
rather than using anything that's web like wget, curl, or whatever.
That takes apache out of the loop. It's just php and the DB server then.
'different accounts'
So the reason for moodledata located in public_html must be related to 'different accounts' - which means you have 'customers' and they have access to their accounts and can see/manually access moodledata.
Are your 'customers' to be trusted?
The following for 'food thought' ... not response really ...
Are the sites running under a different domain? That means that each domain has their own config files for apache? ... ie, virtual apaches? Does the main config file for apache have a 'public_html' section?
Nice thing about linux ... one can configure a server in multiple ways ... but 'stray' too far and some strange things could happen.
---- end food for thought ----
No errors on cron ... well that's a good sign, but has anything been done so far addressed the reported problem of 'invalid session key'?
'spirit of sharing', Ken
Hi Ken,
Thanks for reply
I will check what you suggest.
I have a website like mysite.com and server belongs to mysite.com
I have 3 moodle lms for three different universities on server:
mysite.com/lms1
mysite.com/lms2
mysite.com/lms3
All above lms comes under one account.
No cron job configured for any lms.
Now I have few moodle instances for examination with another website like mysite2.com:
exam.mysite2.com
exam1.mysite2.com
exam3.mysite2.com
exam4.mysite2.com
There is individual account for each exam moodle instance. We have separate cPanels for each account.
mysite2.com is hosted in different server. Vendor of this server is also different.
So actully we can say all exam instances are sub domain of mysite2.com
Entry for each exam instance in dns zone of mysite2.com
Cron job is configured for exam.mysite2.com only.
"invalidsesskey" problem comes in one domain ie. exam.mysite2.com only where session swapped within same domain users.
can you please clarify "where session swapped within same domain users." - are you trying to share the session across multiple Moodle sites? - If so - I'd expect this is causing your issue. Moodle is not designed to allow sharing of sessions - you would be better using something like mnet to connect the sites.
Hi Dan,
Thanks for reply.
No I am not sharing sessions. Each domain has its own session.
Same domain means session swapped between user1 and user2 of exam.mysite2.com
Session wont mixed with any other domain.
I just noticed an earlier post of yours:
https://moodle.org/mod/forum/discuss.php?d=363932#p1469501
that suggests that your users are seeing screens that make it look like they are logged in as someone else. That is most likely a malfunctioning web proxy or caching tool that is sitting in between your students and your Moodle site. It will be loading a form in the browser from that cache and include a different users sesskey as a hidden var within a form - instead of showing the page loaded directly from your Moodle site.
the other possibility is mis-configuration of your redis server - but if you were getting this same behaviour with sessions stored in your db and in redis then it is more likely to be a web proxy or caching tool causing this.
Hi Dan,
Thanks for reply.
Redis is configured as per moodle only.
$CFG->session_handler_class='\core\session\redis';
$CFG->session_redis_host='127.0.0.1';
$CFG->session_redis_port=6379;// Optional.
$CFG->session_redis_database=0;// Optional, default is db 0.
$CFG->session_redis_prefix='onlineexam';// Optional, default is don't set one.
$CFG->session_redis_acquire_lock_timeout=120;
$CFG->session_redis_lock_expire=7200;
Also When nothing is configured in config.php this problem comes.
When db is configured this problem comes:
$CFG->session_handler_class='\core\session\database';
$CFG->session_database_acquire_lock_timeout=120;
I am not using web proxy.
If caching tool causing this then with or without in both conditions why it comes again and again.
Just to confirm - are your users seeing pages in their browser that show a different user logged in other than themselves? If this is occurring when using Redis and when using Moodle database for sessions - this is not likely to be Moodle that is causing this.
There will be an application or server sitting in between your Moodle site and your end users that is likely to be causing this problem.
The 2 main thing to check are:
1) An application installed on your web-hosts systems such as a caching tool/Cloudflare or something similar. You may need to consult with your hosting provider to ask if anything like this is in use.
2) A web proxy or caching tool installed on your users network - quite often universities/large organisations will use an internal web proxy and all internet traffic will be passed through this proxy before it hits the internet/your Moodle server. The internal IT team from the university/organisation should be able to help with this.
I don't think we can help much further here in the forums - I'm pretty sure this isn't a Moodle issue but is an issue with the architecture of your service provider or the internet service provider that your students are using (eg the university or possibly even the ISP that the university uses.)
You may need to engage a network engineer to help trace the source of the system that is generating the cache application that is causing this behaviour.
Hi Dan,
Thanks for reply
I will ask my server hosting provider about caching tool on server.
invalidsesskey with swapping comes when I use "database session", "redis session" or "I USE NO SESSION ALGORITHM". Means whether I use store or not it comes.
We create quiz and give access to students to attempt the quiz. They can attempt it from anywhere. It is not necessory they use our network.
Also moodle have this issue since Moodle 1.7 and they ask to hack code etc:
If you have been having issues with this same Moodle installation back as far as 1.7 - I would try to find the common architecture/situation. Have you been using the same web-host since then? - if so, you should stop using that Web host and see if that helps. If you have changed web host in that time but the same organisation has been having issues then it might be a web proxy in use by that organisation or something implemented by the organisations ISP that is causing this.
You could also contract an official Moodle partner to review your architecture and or move the hosting to a managed service who could help you resolve this.
Hi Dan,
Thanks for reply.
DAN I dont have same issue on Moodle 1.7, I just refer it to you that invalidsesskey issue during quiz attempt is not a new issue in moodle it exist since 1.7
I talked with my server provider he said they have IGINX installed in their server not any caching tool/Cloudflare.
Also we can handle things at server level not on user level.
Also one point is that users are swapped from different locations not from same location so this might be not problem of individual user networks/ISP because if it is then users who belong same network swapped but here any user of any network swapped.
There is something which is either not configured or miss-configured in Moodle or moodle.
There is one more disscussion about invalidsesskey on moodle: https://moodle.org/mod/forum/discuss.php?d=220489
Where they refresh and come in their session, in our case also we refresh and get back to our session but sometimes it took 9-10 try to get back in our session.
comparing your issue with old posts on old Moodle versions probably won't help you.
Nginx configuration could be the issue - you need to stop looking at "Moodle configuration" and look at the server architecture and networks being used to access your site. This issue you are having has something to do with the configuration of things outside Moodle's control.
Hi Dan,
Thanks for reply
I ask my server provider to disable Nginx and monitor.
Dan what Moodle can do to prevent problems generated via user network like web proxy.
Moodle can't really do anything - it's up to you (and your service provider) to configure your web servers and architecture correctly. If your service provider is unable to resolve this for you - you should look at moving your site to a certified Moodle Partner familiar with large sites.
Hi Dan,
After disabling NGINX, till now no one report "invalidsesskey" problem.
I feel NGINX was the culprit.
Although server response time become slow.
Thanks for the help.