I'm running a SMF forum and it doesn't matter what mod I'm trying to install, it keeps logging me out. I can upload it and that's all good, but while pressing the [ INSTALL MOD ] link, it just logs my user out and when I'm logging back in, it doesn't redirect me back to the installation page.
I'm not running on the latest version due to some core edits I've made. I am however running on v2.0.9.
That doesn't sound good at all!!
When did you notice this started happening? Did you change anything or install a mod?
Can you also check your error log for me and let me know what's there? Best to clear it, try to install a mod, and then check it again :).
You should also look at upgrading to 2.0.10 because of the security patches. You can remake the edits if they're not too big...or perhaps just see if the patch installs over them fine :).
All I'm getting are some template related errors, errors like;
Use of undefined constant forum_name - assumed 'forum_name'
Let me give it a try to see if I get errors on the default template, installation on the default template doesn't work by the way. Been checking that before and the edits I've made in the core are spread around the entire core since my host didn't like a few things so had to rewrite a few parts. The upgrades overwrite all of these..
edit; without a custom template, it doesn't give me any errors nor installs the mod.
What are your server settings in SMF admin?
Specifically database driven sessions and/or local cookies?
cookie name, pretty default, SMFCookie488.
Default login cookies length; 60
enable local storage of cookies ( off )
use subdomain independent cookies ( off )
Force cookies to be secure ( off )
use database driven session ( on )
allow browsers to go back to cached pages ( on )
seconds before an unused session timeout; 2880
That's what you were searching for?
try changing local cookies to ON
if that doesn't work
set local cookies to OFF and set subdomain cookies to ON
if that doesn't work
try settings database sessions to OFF
Testing. :)
edit; no luck.. everything keeps logging me out. Even when I just try to [ list files ]. Not just from the admin part, but entirely logged out. Like my session is being reset.
ok... I had this sort of issue for a bit with one site..
Here's how I THINK things should be set:
Database session ON
Local cookies OFF
Subdomain cookies ON
now, go into your settings.php file and change the cookie name setting (just change the number part)
then go into your LOCAL browser and delete the cookies.
if that STILL doesn't work - try from a different browser or different device....
I've done those steps, relogged because it logged me out by removing the cookies of course, and still got logged out. Even tried it on another device, went to my dedicated server and tried it there, but the problem still comes back. I'm not sure how this is possible since I haven't touched the deleting of cookies myself, nor clearing sessions.
By testing the thing on the server it did the same mistake so it can't be device related. Can it be related to Google Chrome?
it should not be.... as I said, I encountered a similar error a while back, but it was clearly a specific device/browser issue at that time...
Check with your host -- are they running mod_security?
I got my website running at PcExtreme but I can't find anything related to that so.. I can't say. :-X
edit; just found out something strange. It just redirects me to the login screen but if I go back to the main page, I'm still logged in.
edit2; I'll dig into my modified core and see what's going on. :)
ASK your host....
Already sent an email towards their headquarters haha.
Could this be related to this issue?
http://www.simplemachines.org/community/index.php?topic=530729.0
Quote from: Jade Elizabeth on July 29, 2015, 10:16:18 AM
Could this be related to this issue?
http://www.simplemachines.org/community/index.php?topic=530729.0
nope as that is related to a completely different issue not related to the package manager at all.
to be more clear.... no - that is not related, as far as we can tell right now -- that incident with mod_security just causes the system to bounce you back to the main page/index when you try to do something (usually something specific, with a specific term in the URL) - not to log you out
This incident, per the description that the OP is giving, COULD be a mod_security issue, but a different mis-configuration of mod_security which is causing the session rejection. MOST of the time, this sort of issue is related to corrupt data somehow in the browser/cookies... and a different machine or a different browser often "works around" the problem
Quote from: Kindred on July 29, 2015, 10:45:15 AM
to be more clear.... no - that is not related, as far as we can tell right now -- that incident with mod_security just causes the system to bounce you back to the main page/index when you try to do something (usually something specific, with a specific term in the URL) - not to log you out
that patch is for not being able to edit categories due to something in the URL tripping up mod_security, it is not just anywhere that it shows up, just that one place.
Can we get a phpinfo, please?
What is a phpinfo() file? (http://wiki.simplemachines.org/smf/What_is_a_phpinfo()_file)
Quote from: Kindred on July 29, 2015, 10:45:15 AM
to be more clear.... no - that is not related, as far as we can tell right now -- that incident with mod_security just causes the system to bounce you back to the main page/index when you try to do something (usually something specific, with a specific term in the URL) - not to log you out
Yes but this guy says he is logged in, he's just being told to log in again....
So I thought perhaps it is somehow related because it does look similar :).
Quote from: Tosfera on July 29, 2015, 09:03:43 AM
edit; just found out something strange. It just redirects me to the login screen but if I go back to the main page, I'm still logged in.
Quote from: margarett on July 29, 2015, 12:40:47 PM
Can we get a phpinfo, please?
What is a phpinfo() file? (http://wiki.simplemachines.org/smf/What_is_a_phpinfo()_file)
Can be found at this link (http://mta.advanced-gaming.org/tmpInfo.php). :)
edit1; Host replied, they are not using the mod_security but they are using 'suhosin'.
I bump this thread since I have a the exact same issue. Can it be resolved with a .htaccess file somehow?
probably not... most shared hosts won't let you disable something that they consider security....
Im not sure it's a host problem though. I remember having this exact issue many years ago when I started using SMF (moved away for payed software) and that got fixed. Don't remember how though. And it's only SMF that generates this issue and Only when installing mods.
The main problem I see is that SMF (allegedly) conflicts with some "security" plugins out there. We don't know why, code-wise it makes no sense it happens and no host was ever able to tell us why it happens or what triggers it (because they hold the logs, not we)
Assuming that nothing is SMF is mangled (eg, wrong settings or a weirdo MOD), your session is probably destroyed by something that the server considers wrong. I don't think we'll be able to guess what it might be :( (again, because your server holds the logs, not we)
At this point I can only suggest you to try to disable Suhosin (even if just temporary to debug)