Too many attempts! You must wait xxx seconds before trying again

After I input the wrong password many times, ‘too many attempts! You must wait xxx seconds before trying again’. I tried to wait xxx seconds, but I still couldn’t log in. It will continue to prompt ‘too many attempts! You must wait xxx seconds before trying again’.The waiting time is getting longer.
How long should I wait? It indicates that the waiting time is obviously not accurate

Hi @rayn
Which version of Metabase? Please post “Diagnostic Info” from Admin > Troubleshooting.
Are you using a reverse-proxy in front of Metabase?

I’m sorry to have taken so long to reply

Version 0.32.9,I can’t find diagnostic info.

Im using a reverse-proxy.During this period, users often say that their password is wrong and they can’t log in after changing the password.
I’m sure it didn’t happen before, but it has happened frequently in the last two months.

@rayn This was fixed in 0.33.2 - latest release is 0.34.3
https://github.com/metabase/metabase/pull/10593

tanks!

I now upgrade metabase to v0.33.7.3

Encountered a problem, I changed the password and the password in the metabase db has also changed, but I can’t use the modified password when I log in

But I can log in with the password when I first enter metabase, that is to say, no matter how I change the password, it will not take effect. Instead of verifying with the ‘core_user’ table, it always uses the old password

Diagnostic Info

{
“browser-info”: {
“language”: “zh-CN”,
“platform”: “Win32”,
“userAgent”: “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36”,
“vendor”: “Google Inc.”
},
“system-info”: {
“java.runtime.name”: “Java™ SE Runtime Environment”,
“java.runtime.version”: “1.8.0_45-b14”,
“java.vendor”: “Oracle Corporation”,
“java.vendor.url”: “http://java.oracle.com/”,
“java.version”: “1.8.0_45”,
“java.vm.name”: “Java HotSpot™ 64-Bit Server VM”,
“java.vm.version”: “25.45-b02”,
“os.name”: “Linux”,
“os.version”: “3.10.0-957.el7.x86_64”,
“user.language”: “en”,
“user.timezone”: “Asia/Shanghai”
},
“metabase-info”: {
“databases”: [
“h2”,
“mysql”,
“sparksql”,
“presto”
],
“hosting-env”: “unknown”,
“application-database”: “mysql”,
“run-mode”: “prod”,
“version”: {
“tag”: “v0.33.7.3”,
“date”: “2019-12-16”,
“branch”: “release-0.33.x”,
“hash”: “7ee7193”
},
“settings”: {
“report-timezone”: “Asia/Hong_Kong”
}
}
}Preformatted texth

@rayn Try the latest release 0.34.3 - many of the forms were updated, so it should notify more clearly if anything goes wrong.
Check the log (Admin > Troubleshooting > Logs) and browser developer console for any errors, while saving the password.
And upgrade your Java, that’s really old - or use the Docker version instead.

I’ll try your advice

I want to know if metabase has cached the user and password in one place. I did a test. When I changed the password, I couldn’t log in with the new password, but the old password was OK. I modified the email in the user management, and then I could log in with the new email and the previously modified password

I think there is a place to cache the old password. I don’t know if there is such a mechanism. If so, how can I clear it? I restarted metabase, but I can’t

@rayn Metabase does not cache the credentials. I think it has something to do with your setup, but it’s difficult to troubleshoot that without having much more information and exact steps-to-reproduce.