Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-27032

Memcached: the listen setting "must" be open to all the necessary servers




      Following EZP-26972, the system is updated to the latest version of PHP 7 and memcached and, when the user is unable to login.

      A message similar to the one below can be seen in the log files:

      [Fri Feb 10 10:44:05.351933 2017] [:error] [pid 12447] [client] PHP Warning: SessionHandler::read(): Failed to write session lock: CONNECTION FAILURE in /var/www/html/ezplatform/app/cache/prod/classes.php on line 416, referer: http://ezdfs1.ezp/ez

      Such behavior happens because memcached is bind to the localhost address, preventing network accesses.

      To confirm it, check the /etc/memcached.conf file and confirm the excerpt below is present

      # Specify which IP address to listen on. The default is to listen on all IP addresses
      # This parameter is one of the only security measures that memcached has, so make sure
      # it's listening on a firewalled interface.

      For development environments, a simple tweak is to change the address to


      For production environments, a more secure approach should be take as explained in the man file:

      -l <addr>
      Listen on <addr>; default to INADDR_ANY. <addr> may be specified as host:port. If you don't specify a port number, the value you specified with -p or -U is used. You may specify multiple addresses separated by comma or by using -l multiple times.

      This is an important option to consider as there is no other way to secure the installation. Binding to an internal or firewalled network interface is suggested.

      That said, it's important to add a warning in the memcached configuration pages to remember the user that memcached must not be bind to the local address if clusters are in use, of the user logins will fail.




            • Assignee:
              eduardo.fernandes-obsolete@ez.no Eduardo Fernandes (Inactive)
            • Votes:
              0 Vote for this issue
              3 Start watching this issue


              • Created: