Session verification failed. Please try logging out and back in again...

Started by Inchon, October 22, 2014, 02:21:39 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Inchon

October 22, 2014, 02:21:39 PM

Having an issue that seems to have appeared before, but I couldn't find any real note of a fix for it.

Just did the following (I'm attempting to move hosts):


  • Upgraded my forums from 2.0.8 to 2.0.9
  • Logged in, checked everything, looks good.
  • Backed up and copied code to new server
  • Backed up database
  • Inserted backup into new DB instance
  • Ran repair_settings.php on new host, correcting settings

On doing that everything generally seems to be working. There were some themes issues, but no big deal. But logging in to the system requires two attempts, first one fails, second seems to work.

But then attempting to log in to the Admin fails with the Session verification message.

Have tried deleting browser cookies, renaming cookie name in SMF settings.

No luck so far. Any ideas?

margarett

#1
October 22, 2014, 02:23:58 PM
Can you get us a phpinfo?
What is a phpinfo() file?
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

Inchon

#2
October 22, 2014, 02:26:25 PM
Interestingly setting databaseSession_enable to 0 seems to have fixed it...

Not my long term preference, but it is a start, I guess.

phpinfo here:
hxxp:gist.github.com/whoughton/760a70ff1af7ba7b8cb1 [nonactive]

margarett

#3
October 22, 2014, 02:47:47 PM
It was expected to ;) You are no longer using the database to store the sessions, so you are bypassing this:
Code Select
session.hash_function sha512 sha512

Quote from: Oldiesmann on October 21, 2013, 01:14:04 PM
After a bit of research, I figured out what your problem is.

Your PHP configuration uses sha256 for creating session IDs. This will result in session IDs being 64 characters long. The problem is, SMF currently doesn't support session IDs longer than 32 characters (2.1 will support 64-character session IDs). This results in the session ID getting cut off in the database, so when SMF goes to check the one from PHP with what's in the database, they won't match.

There are two options for fixing this, depending on your preferences.

Option 1: Edit your php.ini file to have "session.hash_function = 0" instead of "session.hash_function = sha256". This will cause PHP to use md5 for session IDs, which will result in a standard 32-character session ID.

Option 2: Run these queries in phpMyAdmin to allow SMF to support longer session IDs.

Code Select
ALTER TABLE smf_log_errors CHANGE session session char(64) NOT NULL;
ALTER TABLE smf_log_online CHANGE session session char(64) NOT NULL;
ALTER TABLE smf_sessions CHANGE session_id session_id char(64) NOT NULL;

Note that the 2nd option will only fix it for that specific install. If you plan on installing additional instances of SMF elsewhere on the server, you will have to run those queries each time you install SMF.
;)
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

Inchon

#4
October 22, 2014, 03:04:17 PM
While that response absolutely makes sense to me it does not seem to have fixed the issue. (I went with the method of changing columns to 64 chars)

I logged out, changed the DB columns, and then set databaseSession_enable = 1

While I can log in (in one try), I get the same issue when trying to log in to the admin panel.

And oddly I see no entries in the sessions table
Print
Go Up Pages1
User actions
Advertisement: