Serendipity Forums

Yesterday I searched this forum up and down, because it's not possible for unregistred users to comment when captcha is activated.

The log always displays this message:
Captcha not valid (Eingegeben: 2CHMY, Erwartet: )

Then for some reason I enabled capture use for registred users as well,
and it works!
HuH?!?!?

A had a closer look at the cookies:

For the registered users 2 cookies are set:
Name serendipity[old_session]
Value fdc72513a7715dbc6294f83ff4158dc4
Host .div-blog.burgsommerspiele.de
Path /
Secure No
Expires At End Of Session

Name PHPSESSID
Value fdc72513a7715dbc6294f83ff4158dc4
Host div-blog.burgsommerspiele.de
Path /
Secure No
Expires At End Of Session

For unregistered users the cookies are always different:
Value c78c5e3b48f4e361518b5b3a4fe5872c
Host .div-blog.burgsommerspiele.de
Path /
Secure No
Expires Mittwoch, 25. April 2007 16:33:37

Name PHPSESSID
Value db7649d65eca1d56f7d2933d7bae02ee
Host div-blog.burgsommerspiele.de
Path /
Secure No
Expires At End Of Session

So what is going wrong?
Any ideas welcome!

I'm using serendipity 1.1.2 und PHP 4.3.10-2
with Spam Protector from
Autor: Garvin Hicking, Sebastian Nohn; version: 1.61

Hi!

This sounds as if your PHP sessions server-side are strangely configured.

When you check the phpinfo() what settings did you set for the "session.*" values?

Logged-in authors do have different cookies containing a permanent author registration routine, so that's okay. WHen cookie/session setup is the problem, try to log in to your s9y WITHOUT checking the option "remember me", does it then still work?

Regards,
Garvin

Hi Garvin!

whole site is in german, so I switched to english, but can't find this "remember me". Don't have a login-box in the sidebar configured in the frontend yet. Always came from the backend.
Is it the same as the "Save information"-checkbox from the admin-login?
I never used it.

Here is what phpinfo() tells about sessions:
Session Support enabled
Registered save handlers files user

Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php4 /var/lib/php4
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off Off

Best regards
Christiane

Hi!

Can you tell me the URL to your blog? I'd like to check the cookies there. To me it sounds as if everytime a new session is started, instead of using the old one.

Best regards,
Garvin

Hi,

okay had to configure some changes, but now its open:
div-blog.burgsommerspiele.de

I'm curios about what you might find out...

Best regards
Christiane

Hi!

Hm, I just commented (without being logged in) successfully.

Can you try to reproduce the situation in which it doesn't work? Because I also saw no captchas...

Regards,
Garvin

Hmmmmmhh,:oops:

its working - but I don't know why.

Before you had to authenticate for the host (apache).
I checked the installation, forgot the .htaccess and replaced it.

Could one of this has caused the error?

Hi!

Ah. The HTTP authentication tries to authenticate a s9y user based on what you entered for the browser. That might have mismatched, and thus a new session was created everytime because the user was invalid.

If you protect a s9y directory with .htaccess, you must edit serendipity_config.inc.php and disable the "useHTTP-AuthenticatioN" option.

Best regards,
Garvin

Thanks a lot for all your help, Garvin.

I will try this.

Best regards
Christiane

With Authentification - still working perfect!

Thanks again
Christiane