Getting logged out in admin, Sessions bug?

[kharri1073]

I am having problems clicking on any link in the admin interface. It logs me out whenever i try clicking on any admin page.

I just upgraded from 1.0.4 to the new 1.1 version. The sessions were not a problem yesterday, i logged in yesterday to view the statistics. Could it be that the upgrade may have changed something?

It is my dedicated windows server, with php 5.1.6 and it is using mysqli.

http://www.e85safety.com/php.php

[garvinhicking]

Hi!

This usually only happens if either your server does not support PHP sessions or if your browser is rejecting PHP session cookies?

Serendipity 1.1 changed the auto-login cookie, so you might need to purge your cookies on the s9y page and re-login...?

Best regards,
Garvin

[kharri1073]

I cleared all my private data, including cookies, and still no good.

According to the php.php it looks like php sessions are enabled, no?

It just concerns me that it worked fine in 1.0.4 but the upgrade killed the admin panel session.

[garvinhicking]

Hi!

Hm, you are right, it seems your PHP settings are in order.

When you login, do you check the "Remember me" button, or don't you?

Did you try to user a different browser to test if it works there?

HTH,
Garvin

[kharri1073]

I have tried logging in with checking remember me and i have tried without checking it, both with the same result.

I've tried with firefox 2.0.0.1, opera 9.10 and ie 7.

[garvinhicking]

Hi!

Hm, that's really odd. So you are not even able to create me a test-author account so that I could try to login?

I could then inspect the sent hTTP headers and see if something could be wrong.

When you upgraded, are you sure that all files were properly uploaded? You are the only one currently having that problem with going from 1.0.4 to 1.1...so maybe this is because some files did not get updated?

Regards,
Garvin

[kharri1073]

Ill pm you my account username and password. I downloaded the zip file directly to the server and unzipped all the files directly on the server. I didn't upload anything.

[Jorick]

Hello everyone,

I've got the same problem. Updated from 1.1 Beta 3 (I tought ) to 1.1 Stable. Unpacked all files to my HD and then uploaded it to the server. First, I tought it was a file that wasn't uploaded properley, but after I uploaded it for the second time (forced upload, everything should be overwritten), it still won't work. Tryed to login with the remember me button checked and unchecked.

Also, yesterday (the day when I updated) it gave an error, something with a HTTPS thing. Then I hadn't the time to check it. So I went to my backend today to check the error again, the error was gone (?) and everything wasn't clickable Very strange, 'cause I didn't do anything before!

I know some things of PHP, but I'm affraid when I'll start changing things, I'll mess it up...

[Edit] When the files where overwritten on my server, in the backend the Update Manager appeared. And he told me the update was succesfull...

[garvinhicking]

Hi Jorick!

So you can't log into to your backend at all, or what happens? Does it tell you that the username is invalid?

Which browser are you using?

Regards,
Garvin

[Jorick]

Hi Garvin,

I can login, but when I click at any link (it doesn't matter wich one) he's going back to the login panel.

I don't have a back-up (shame, shame, stupid me... ), so I can't try it again... Is there an option, to delete al files from my server, upload a new version, install that one, using the information that's in the database allready?

Because that won't be a problem for me...

[garvinhicking]

Hi!

This problem should not be a problem of uploaded files, so reinstalling 1.1 should IMHO not make a difference.

More likely, the new cookie routine in 1.1 might be bausing problems for you. If you check the "Remember me" checkbox when logging in, does that make a change for you?

If possible, could you make your browser to clear all cookies related to your blog and then re-login? Maybe your browser does not correctly take the new cookie?

Best regards,
Garvin

[Jorick]

Hi Garvin,

All the things you've suggested I've tryed allready... All Cookies removed, trying to login with the "Remember me" checked and unchecked, but it makes no difference... I'm using Firefox 2.0, but also in IE (v6) it won't work. No error message appears, it's just putting me back to the login panel...

But wait... I've cleared all my cookies, now I'm trying to login. Login works, clicking a link, back to the login panel. OK, lets check te cookie S9Y has set: Aha! I think I see the problem:

Name: Serendipity[old_session]
Contents: dcb21fc1e119f93ef62b1962eb1f995a
Domain: .www.jorickdelange.nl

Is it normal he set a dot for the domain? Because, if he sets a wrong cookie, and the pages who're checking the cookies request a normal www adress, it won't work. He'll think you're not logged in, and also unaible to do anything...

Maybe this will solve the problem?

Ciao,

Jorick

(it's time to set my signature... )

[garvinhicking]

Hi!

Very good bughunting! Indeed the extra "." is invalid there.

Serendipity uses the value of the $_SERVER['HTTP_HOST'] variable there, which comes from Apache. Does that variable hold the extra dot as well? If so, it's a provider misconfiguration and maybe your provider can check his apache vhost config?

Best regards,
Garvin

[Shadowin]

I am having the same problem. If it helps, I'm running IIS and not Apache.

$_SERVER['HTTP_HOST'] is returning www.shadowin.com, no dot at the beginning. The cookie has the domain set as .www.shadowin.com.

[Shadowin]

Line 566 of functions_config.inc.php:

Code: Select all

$secure = !empty($_SERVER['HTTPS']) ? true : false;

$_SERVER['HTTPS'] returns "off" on my server.


I changed it to:

Code: Select all

$secure = ($_SERVER['HTTPS']=="on");

I then changed line 12 of serendipity_config.inc.php to:

Code: Select all

    if ($_SERVER['HTTPS']=="on") {

This fixed the problem.

EDIT: better to check for "on" rather than not "off".