Could not find a valid session in index for SID

abuising · July 7, 2021, 3:32pm

ELK 7.12.1
ROR 1.31.0 Enterprise

Since upgrading a one node cluster we are getting the following error in the logs:

[warning][plugins][ReadonlyREST][esIndexClient] Could not find a valid session in index for SID bf71b35d-f1a4-4aaf-99bf-ee0b837d502b (probably the cookiePass or internal format changed?)

Do you have any idea what could cause this?

sscarduzio · July 7, 2021, 3:53pm

have you got a readonlyrest_kbn.cookiePass set in kibana.yml? If it’s not set, it will create a random one every time you reboot kibana.

abuising · July 7, 2021, 3:56pm

Hi, we have this property set, as we had before the upgrade. It hasn’t changed. It looks like the stored sessions aren’t compatible anymore.

sscarduzio · July 7, 2021, 4:20pm

I had a look at the code, it could be a bug with session recovery. Will add some tests, I have a suspect.

sscarduzio · July 9, 2021, 2:30pm

@Dzuming is assigned to this task right now

Dzuming · July 15, 2021, 3:55am

Hello @abuising,
I’m trying to reproduce this issue, do you know what was the previous version of the ROR plugin on the upgraded node. Also is it possible to provide kibana and es logs?

abuising · July 15, 2021, 6:57am

Hi @Dzuming,

The previous version was 1.30.1 on ELK 7.11.2, and before that, it was 1.25.0 on ELK 7.6.1

Dzuming · July 25, 2021, 5:17am

Hello @abuising , sorry for the long response, Looks like this warning occurred because there is no backward compatibility with a session identity metadata between a plugin version 1.28.0 or higher and earlier versions of the plugin. This warning occurs when for some reason (in this case internal format changed) we are not able to decrypt the session, then we clean this session.