After Upgrade - SSI login doesn't work for all

sight|i|picture · October 19, 2005, 12:12:11 PM

Upgraded from 1.0.5 to 1.1 RC1

I seems that I have some members of the board who can't use the SSI login from my main page of the site. http://www.lanpartynw.com
For new people who wish to create a forum account get 'Service Temporarily Unavailable'.

Some people had to delete their cookies to make it work others don't know how to do this. Then of course the new people who wish to create a forum account are having problems.

Any ideas on how/why this is occurring?

Main page login: http://www.lanpartynw.com
Forum location: http://www.lanpartynw.com/forumse/

Thanks!

Oldiesmann · October 19, 2005, 01:29:25 PM

The "Service Temporarily Unavailable" message is caused when servers append the PHPSESSID string to the URL and use a ; to seperate the arguments instead of an & (don't know why it happens, but I've seen it several times before). Try adding the following string to the beginning of SMF's index.php:

Code Select

ini_set('session.use_trans_sid', '0');

That will prevent PHP from appending the PHPSESSID to the URL, which should fix the issue (it's also more secure since the session ID isn't displayed).

MAVIC · October 19, 2005, 05:39:02 PM

I posted this for sight on his board, may also be useful for preventing this sort of thing.

What's happening is, the cookie for the forum (and any pages which use the forum DB) is for www.lanpartynw.com [nofollow]. If someone goes to http://lanpartynw.com/ [nofollow] and logs in, the forum is smart enough to notice that the domain is wrong, so it uses the URL variable rather than a cookie as it can't set a cookie for another domain.

So if you go to http://lanpartynw.com/index.shtml [nofollow] and login, you will get the error. I get ?PHPSESSID=05aa63a9996as4f6d4747016ds4f4d89c;action=login2 - you'll see the semicolon there that's mentioned in the SMF thread. Since the server has stayed the same, and the only thing that has changed is the software, there must have been a change in the software which is causing that character to change.

I think sight implemented the above fix, but the error still occurs.

Edit: While I was searching to see if a bug about not being able to preview had been reported, I see that it's worth noting PHP is run as CGI on the lanpartynw.com [nofollow] server. I think that can be disabled.

Oldiesmann · October 19, 2005, 08:10:16 PM

That could be what's causing it. PHP works best when it's run as an Apache server module, but some hosts feel that it's too insecure to do things that way (because they're not smart enough to figure out what open_basedir and phpSuExec are for

)

MAVIC · October 19, 2005, 11:48:52 PM

Quote from: Oldiesmann on October 19, 2005, 08:10:16 PM
That could be what's causing it. PHP works best when it's run as an Apache server module, but some hosts feel that it's too insecure to do things that way (because they're not smart enough to figure out what open_basedir and phpSuExec are for )

The host in question implemented it as CGI quite a few years ago. I can't comment on their ability, but I do know they offer a non-CGI version, but with a few features of PHP turned off.

The host also allows the user to configure their site to either strip www, add www or work with the domain either way. I think that will come in handy in this case.

sight|i|picture · October 20, 2005, 02:11:53 AM

I just cleared my cookies and then attempted to login and got the same error ("Service Temporarily Unavailable") with the ?PHPSESSID=

This is after I placed the code you mentioned into the index.php file within the SMF.

I did find that if I deleted the ?PHPSESSID= I was able to login.

Here is what MAVIC is talking about with the host options:

X Run PHP as CGI? (highly recommended)
_ PHP Version 5? (must run PHP as CGI)
X Extra Web Security? (highly recommended)
_ FastCGI Support? (advanced)

The "X" is what was selected by default.

Like MAVIC pointed out, the only change has been the upgrading of the SMF.

I did try the www. and non www. option. It is now set to append the http://lanpartynw.com to http://www.lanpartynw.com

I guess the question now is would selecting a different option for the PHP handling be something that might fix this?

sight|i|picture · October 21, 2005, 12:29:07 AM

I re-read your post and found that you suggested to run PHP as an Apache server module, so I then unchecked: The Run PHP as CGI

_ Run PHP as CGI? (highly recommended)
_ PHP Version 5? (must run PHP as CGI)
X Extra Web Security? (highly recommended)
_ FastCGI Support? (advanced)

I will report back if it worked. I guess this problem has now hit just about every active member of our board.

Edit: Ok, I made the change and it still didn't fix the session error.

If you were to create an account get your cookie, logout, delete your cookies, close your browser, goto the forums, and attempt to login you will get the same error. I have had other members do this. The quick fix is to go "back" after the error, hit "refresh" and then login again. Outcome... you will be logged in. It seems to work until you delete your cookies again.

I have even tried changing our cookie name for the forums.

I am open to any other suggestions.

Proenski · October 23, 2005, 11:04:13 AM

As I have the same problem, I'm interested in alternative sollutions too...

http://www.simplemachines.org/community/index.php?topic=53714.0

sight|i|picture · October 23, 2005, 06:32:47 PM

Quote from: Proenski on October 23, 2005, 11:04:13 AM
As I have the same problem, I'm interested in alternative sollutions too...

http://www.simplemachines.org/community/index.php?topic=53714.0

Maybe they need to re-open this thread http://www.simplemachines.org/community/index.php?topic=11671.0

There is something about a fix to come in future releases... beta 5?

Proenski · October 24, 2005, 05:08:10 PM

I agree, this seems not that easy to solve. As far as I can tell this is pretty serious and structural and needs more programming and testing from the SMF team...

No doubt they can fix this though, they after all made the best bulletin board available

sight|i|picture · October 24, 2005, 05:26:25 PM

Quote from: Proenski on October 24, 2005, 05:08:10 PM
No doubt they can fix this though, they after all made the best bulletin board available

you can say that again!

You know the funny thing is that it worked fine with 1.0.5 and only started doing this to my forums with 1.1 RC1

I have two forums on from the same hosting company.

One: http://www.openflame.com/forum/ (running 1.0.5) *No errors
Second: http://www.lanpartynw.com/forumse/ (running 1.1 RC1) *SESSION ID PHP errors

None of the above suggestions have fixed my errors. I am now wanting to roll back the 1.1 RC1 to 1.0.5 but I am not sure how I can do that at this point.

My second website uses the forum code to do registration for my LAN Parties. I normally fill them and I am only at 22 gamers. I have had 15 plus emails from gamers that can't log into the forums nor register for our next LAN Party event.

but, again I am the SMF gurus will figure this out.

JayBachatero · October 24, 2005, 09:51:12 PM

If you have 1.0.5 backups you can rollback to 1.0.5.

sight|i|picture · October 24, 2005, 11:04:54 PM

Quote from: JayBachatero on October 24, 2005, 09:51:12 PM
If you have 1.0.5 backups you can rollback to 1.0.5.

I saved the whole forum directory on my hard drive. But, what happens when I replace that directory with the new database entries? Will it still work with all the new posts since I made the update?

Edit: Or would it be better to reinstall the last version that worked... being 1.0.5 and running the repair_settings.php and link it to the current database?

JayBachatero · October 25, 2005, 09:20:36 AM

No you need the database backups also. The table structures for 1.0.5 and 1.1 are not the same.

News:

After Upgrade - SSI login doesn't work for all