Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-40344

Leaving a page open past session expiry fills the logs on the master with "Found invalid crumb" warnings

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • None

      I noticed that I had thousands of WARNING messages in my master logs this morning because some users are leaving Jenkins home pages open past the user's session expiry.

      I understand that part of the problem here is the busy-wait looping on /ajaxBuildQueue, but finding an entire log file filled with this garbage seems like a bug

      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:05:46 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxBuildQueue. Returning 403.
      Dec 09, 2016 4:05:46 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:05:46 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxExecutors. Returning 403.
      Dec 09, 2016 4:05:51 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:05:51 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxBuildQueue. Returning 403.
      Dec 09, 2016 4:05:51 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:05:51 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxExecutors. Returning 403.
      Dec 09, 2016 4:05:56 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:05:56 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxBuildQueue. Returning 403.
      Dec 09, 2016 4:05:56 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:05:56 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxExecutors. Returning 403.
      Dec 09, 2016 4:06:01 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:06:01 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxBuildQueue. Returning 403.
      Dec 09, 2016 4:06:01 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:06:01 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxExecutors. Returning 403.
      Dec 09, 2016 4:06:06 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:06:06 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxBuildQueue. Returning 403.
      Dec 09, 2016 4:06:06 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:06:06 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxExecutors. Returning 403.
      Dec 09, 2016 4:06:11 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:06:11 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxBuildQueue. Returning 403.
      Dec 09, 2016 4:06:11 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:06:11 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxExecutors. Returning 403.
      Dec 09, 2016 4:06:16 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:06:16 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxBuildQueue. Returning 403.
      Dec 09, 2016 4:06:16 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:06:16 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxExecutors. Returning 403.
      Dec 09, 2016 4:06:21 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:06:21 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxBuildQueue. Returning 403.
      Dec 09, 2016 4:06:21 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:06:21 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxExecutors. Returning 403.
      Dec 09, 2016 4:06:26 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:06:26 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxBuildQueue. Returning 403.
      Dec 09, 2016 4:06:26 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:06:26 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxExecutors. Returning 403.
      Dec 09, 2016 4:06:31 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:06:31 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxBuildQueue. Returning 403.
      Dec 09, 2016 4:06:31 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
      Dec 09, 2016 4:06:31 PM hudson.security.csrf.CrumbFilter doFilter
      WARNING: No valid crumb was included in request for /ajaxExecutors. Returning 403.
      

          [JENKINS-40344] Leaving a page open past session expiry fills the logs on the master with "Found invalid crumb" warnings

          R. Tyler Croy created issue -

          Oleg Nenashev added a comment -

          I agree. Ideally the widget should show the session expiration warning (or the entire page)

          Oleg Nenashev added a comment - I agree. Ideally the widget should show the session expiration warning (or the entire page)
          Daniel Beck made changes -
          Link New: This issue is duplicated by JENKINS-40380 [ JENKINS-40380 ]

          and the widget should stop to do that requests ....

          Note that each invalid request is generating 2 warning lines :

          WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753.  Will check remaining parameters for a valid one...
          Dec 09, 2016 4:05:46 PM hudson.security.csrf.CrumbFilter doFilter
          WARNING: No valid crumb was included in request for /ajaxBuildQueue. Returning 403.
          Dec 09, 2016 4:05:46 PM hudson.security.csrf.CrumbFilter doFilter
          

          For me we should have a protection like for exceptions to avoid to fill logs with the same error repeated again and again

          This bug makes these warning useless and for now the only workaround is to configure the logger "hudson.security.csrf.CrumbFilter" to the level "severe" and thus to discard that messages

          cc oleg_nenashev dbell

          Arnaud Héritier added a comment - and the widget should stop to do that requests .... Note that each invalid request is generating 2 warning lines : WARNING: Found invalid crumb 2c7b06359e83df2535c0520c1ae79753. Will check remaining parameters for a valid one... Dec 09, 2016 4:05:46 PM hudson.security.csrf.CrumbFilter doFilter WARNING: No valid crumb was included in request for /ajaxBuildQueue. Returning 403. Dec 09, 2016 4:05:46 PM hudson.security.csrf.CrumbFilter doFilter For me we should have a protection like for exceptions to avoid to fill logs with the same error repeated again and again This bug makes these warning useless and for now the only workaround is to configure the logger "hudson.security.csrf.CrumbFilter" to the level "severe" and thus to discard that messages cc oleg_nenashev dbell
          Oleg Nenashev made changes -
          Link New: This issue is related to JENKINS-40817 [ JENKINS-40817 ]
          Daniel Beck made changes -
          Assignee New: Daniel Beck [ danielbeck ]
          Daniel Beck made changes -
          Remote Link New: This issue links to "PR 3049 (Web Link)" [ 17783 ]
          Daniel Beck made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Daniel Beck made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]

          Monique Maker added a comment -

          I hit this issue after an upgrade from Jenkins 2.80 to 2.81. The downgrade to 2.80 solved the problem.

          Monique Maker added a comment - I hit this issue after an upgrade from Jenkins 2.80 to 2.81. The downgrade to 2.80 solved the problem.

            danielbeck Daniel Beck
            rtyler R. Tyler Croy
            Votes:
            4 Vote for this issue
            Watchers:
            15 Start watching this issue

              Created:
              Updated:
              Resolved: