Session Verification Error - What worked for me (SMF 2.0.2)

Started by BillF1987, April 22, 2012, 06:23:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

BillF1987

April 22, 2012, 06:23:11 PM
I was having an insane amount of problems with Session Verification Errors on a freshly installed forum, which was on a subdomain of my main site (e.g. hxxp:forum.mysite.info [nonactive]).  I tried many different things, but the configuration that I have now, appears to have fixed it for me...finally.

Cookies and Sessions
Enable Local Storage Of Cookies - Unchecked
Use Subdomain Independent Cookies - Checked
Force Cookies to Be Secure - Unchecked (disabled, because not https)
Use Database Driven Sessions - Unchecked
Allow browsers to go back to cached pages - checked

It worked for me, hopefully it will work for you.

MrMike

#1
June 27, 2012, 12:11:25 PM
Thank you for this...I'd played with the settings and hadn't managed to solve it, but this did.

Thanks again.

Arantor

#2
June 27, 2012, 12:13:48 PM
That might not actually solve the problem on a consistent basis either.

There is actually an issue with the session verification internally, where certain (newer) PHP configurations actually use extra characters in the internal session ID that aren't part of the regexp.

Look around here for hash_bits_per_character.
Holder of controversial views, all of which my own.

MrMike

#3
June 27, 2012, 04:26:04 PM
I made the changes specified in this post, then re-enabled database sessions and the problem reappeared.  :(

I'm running SMF 2.02 on Debian GNU/Linux 5.0.8 (lenny) Release:  5.0.8 (lenny).
The php version is:

PHP 5.2.6-1+lenny9 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug  4 2010 03:25:57)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
    with the ionCube PHP Loader v3.3.7, Copyright (c) 2002-2009, by ionCube Ltd., and
    with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies




It would be no problem to for me change the hashtag value in my php.ini, if that's a legit fix.


Quote from: Arantor on June 27, 2012, 12:13:48 PM
That might not actually solve the problem on a consistent basis either.

There is actually an issue with the session verification internally, where certain (newer) PHP configurations actually use extra characters in the internal session ID that aren't part of the regexp.

Look around here for hash_bits_per_character.

Arantor

#4
June 27, 2012, 06:43:46 PM
Hrm, that's the fix I was thinking of, and I've never seen any problems after that code change was applied.
Holder of controversial views, all of which my own.

MrMike

#5
June 28, 2012, 03:04:38 PM
I was hoping that would be it as well. :(


Quote from: Arantor on June 27, 2012, 06:43:46 PM
Hrm, that's the fix I was thinking of, and I've never seen any problems after that code change was applied.

MrMike

#7
June 28, 2012, 03:26:02 PM
Quote from: K@ on June 28, 2012, 03:11:48 PMCan we have that, here, please? ;)

I'm sorry, I don't understand what it is you're asking. Have what here?

kat

#8
June 28, 2012, 03:30:18 PM
That fix on this forum.

I get those errors, here, all the damned time. :(
Print
Go Up Pages1
User actions
Advertisement: