Installing a mod resets my session

Started by Tosfera, July 29, 2015, 07:20:19 AM

Previous topic - Next topic

Tosfera

I'm running a SMF forum and it doesn't matter what mod I'm trying to install, it keeps logging me out.  I can upload it and that's all good, but while pressing the [ INSTALL MOD ] link, it just logs my user out and when I'm logging back in, it doesn't redirect me back to the installation page.

I'm not running on the latest version due to some core edits I've made. I am however running on v2.0.9.

Jade Elizabeth

That doesn't sound good at all!!

When did you notice this started happening? Did you change anything or install a mod?

Can you also check your error log for me and let me know what's there? Best to clear it, try to install a mod, and then check it again :).

You should also look at upgrading to 2.0.10 because of the security patches. You can remake the edits if they're not too big...or perhaps just see if the patch installs over them fine :).
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

Tosfera

All I'm getting are some template related errors, errors like;

Use of undefined constant forum_name - assumed 'forum_name'

Let me give it a try to see if I get errors on the default template, installation on the default template doesn't work by the way. Been checking that before and the edits I've made in the core are spread around the entire core since my host didn't like a few things so had to rewrite a few parts. The upgrades overwrite all of these..

edit; without a custom template, it doesn't give me any errors nor installs the mod.

Kindred

What are your server settings in SMF admin?

Specifically database driven sessions and/or local cookies?
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Tosfera

cookie name, pretty default, SMFCookie488.
Default login cookies length; 60
enable local storage of cookies ( off )
use subdomain independent cookies ( off )
Force cookies to be secure ( off )
use database driven session ( on )
allow browsers to go back to cached pages ( on )
seconds before an unused session timeout; 2880

That's what you were searching for?

Kindred

try changing local cookies to ON
if that doesn't work
set local cookies to OFF and set subdomain cookies to ON


if that doesn't work
try settings database sessions to OFF
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Tosfera

Testing.  :)

edit; no luck.. everything keeps logging me out. Even when I just try to [ list files ]. Not just from the admin part, but entirely logged out. Like my session is being reset.

Kindred

ok...    I had this sort of issue for a bit with one site..


Here's how I THINK things should be set:

Database session ON
Local cookies OFF
Subdomain cookies ON


now, go into your settings.php file and change the cookie name setting (just change the number part)

then go into your LOCAL browser and delete the cookies.

if that STILL doesn't work - try from a different browser or different device....
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Tosfera

I've done those steps, relogged because it logged me out by removing the cookies of course, and still got logged out. Even tried it on another device, went to my dedicated server and tried it there, but the problem still comes back. I'm not sure how this is possible since I haven't touched the deleting of cookies myself, nor clearing sessions.

By testing the thing on the server it did the same mistake so it can't be device related. Can it be related to Google Chrome?

Kindred

it should not be....   as I said, I encountered a similar error a while back, but it was clearly a specific device/browser issue at that time...

Check with your host -- are they running mod_security?
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Tosfera

#10
I got my website running at PcExtreme but I can't find anything related to that so.. I can't say.  :-X

edit; just found out something strange. It just redirects me to the login screen but if I go back to the main page, I'm still logged in.

edit2; I'll dig into my modified core and see what's going on. :)

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Tosfera

Already sent an email towards their headquarters haha.

Jade Elizabeth

Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

Illori

Quote from: Jade Elizabeth on July 29, 2015, 10:16:18 AM
Could this be related to this issue?
http://www.simplemachines.org/community/index.php?topic=530729.0

nope as that is related to a completely different issue not related to the package manager at all.

Kindred

to be more clear.... no - that is not related, as far as we can tell right now -- that incident with mod_security just causes the system to bounce you back to the main page/index when you try to do something (usually something specific, with a specific term in the URL) - not to log you out

This incident, per the description that the OP is giving, COULD be a mod_security issue, but a different mis-configuration of mod_security which is causing the session rejection. MOST of the time, this sort of issue is related to corrupt data somehow in the browser/cookies...   and a different machine or a different browser often "works around" the problem

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Illori

Quote from: Kindred on July 29, 2015, 10:45:15 AM
to be more clear.... no - that is not related, as far as we can tell right now -- that incident with mod_security just causes the system to bounce you back to the main page/index when you try to do something (usually something specific, with a specific term in the URL) - not to log you out

that patch is for not being able to edit categories due to something in the URL tripping up mod_security, it is not just anywhere that it shows up, just that one place.

margarett

Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

Jade Elizabeth

Quote from: Kindred on July 29, 2015, 10:45:15 AM
to be more clear.... no - that is not related, as far as we can tell right now -- that incident with mod_security just causes the system to bounce you back to the main page/index when you try to do something (usually something specific, with a specific term in the URL) - not to log you out

Yes but this guy says he is logged in, he's just being told to log in again....

So I thought perhaps it is somehow related because it does look similar :).

Quote from: Tosfera on July 29, 2015, 09:03:43 AM
edit; just found out something strange. It just redirects me to the login screen but if I go back to the main page, I'm still logged in.
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

Tosfera

#19
Quote from: margarett on July 29, 2015, 12:40:47 PM
Can we get a phpinfo, please?
What is a phpinfo() file?

Can be found at hxxp:mta.advanced-gaming.org/tmpInfo.php [nonactive]. :)

edit1; Host replied, they are not using the mod_security but they are using 'suhosin'.

Advertisement: