Topic: Session verification failed. Please try logging out and back in again, and then

[Chris@houseofgreybook]

Been using 2.0RC1 for many months now. Just today, site starting acting funny.  Members can post, add comments, etc. but they cannot logout. I as the admin cannot access the admin area or logout. Each time SMF asks for my admin password into the Admin area i get the following:

Session verification failed. Please try logging out and back in again, and then try again.

I've tried the following actions, all without success.

• login/logout(except logout does not work)
• cleared cookies/ accessed forum on different machines, different browsers
• uploaded a SMF backup SQL (backup date 5/5/09 before this issue started) to my dev site after deleting and reinstalling 2.0RC1. Before I added the backup file, the dev forum was working fine. After, it was having the same problems as the prod forum

I uploaded phpinfo.php to both my prod site http://houseofgreybook.com/forum/phpinfo.php [nofollow] and my dev site http://dev.houseofgreybook.com/forum/phpinfo.php [nofollow]

So not sure what to do now. Any guidance would be most appreciated.

[CapadY]

When this appears spontaniously I start thinking of a hack, there is a very active one at the moment.

There are also several threads about it here on the forum, next is one of them:

http://www.simplemachines.org/community/index.php?topic=310644.0

I think you'll first check if this user is on your site too.

[Chris@houseofgreybook]

OK so more weird stuff. The forum started working around 4am last night and worked through today, but now is back to having session errors. I still cant login as an admin and no one can logout. I can't post anything as the error says my session has timed out. Is there any way to replace the files that control session or repair the sessions tables?

Edit: Ok so the Wordpress blog that is hosted on the same server is having issues with sessions as well. Could this be a host related problem? The articles I was researching for the WP issue talked about the host cache folder being full and not being emptied. I was wondering if the WP and SMF could be related.

[JBlaze]

Hello, just going through some old support topics. Do you still require assistance with this issue?

Most likely this is a host-related issue. Contact your host and see what they have to say.

[Chris@houseofgreybook]

Sorry for not updating. I sent a mail to the host and asked them to clear their tmp file. Got no reply but ever since then it hasn't had a hiccup.

[JimM]

Chris@houseofgreybook are you still having issues with the session verification error?  Did you ever hear back from your host?  If this is solved please mark it solved by clicking the Mark Topic Solved link at the bottom left of the page.

[mortymoose]

I'm also using Rc 1 , As admin I have no problems, but one of my users complained that he is having the same problem that is mentioned here.... I also have the Nano Shoutbox mod onboard... this user can use the shoutbox, but cannot logout of the forum..... but cannot post on the either as if gives him a session verification notice as displayed above....   No other user has reported this problem, and I know all 707 of my members, so no hacker....

[LissaD]

I am having this exact same problem.  I have contacted my host (wiredtree) and they have responded that they don't see any reason on their end that it should be happening.

I've tried DB sessions... and non DB sessions and it doesn't solve it.

Some additional information.  It seems to work fine on Firefox.. but Safari is causing the problem.  Can anyone else confirm browsers?

[mortymoose]

Ok.... I am still fairly new to this, but what is a DB driven session? I thought the whole thing was always DB driven? I also thought it might be from a browser, he is using explorer, perhaps I should get him to switch to firefox....

[pkrpkr]

I
Some additional information.  It seems to work fine on Firefox.. but Safari is causing the problem.  Can anyone else confirm browsers?

More info (SMF 2.0 RC1.2).
*Firefox: /server settings/cookies and sessions/enable local storage of cookies [unchecked] -> FF won't allow logout. However after trying to enter an admin area after clicking the logout button, a password is asked for. So the SMF system apparently registers a logout but the web page is displayed as if there is still logged in.
*Firefox: /server settings/cookies and sessions/enable local storage of cookies [checked] -> logout OK.
* IE7: logout gives session verification error all the time (regardless of being logged in as member or admin), but refreshing the browser window and then logging out works.
* The session ID after refresh stays the same in IE7, while the session ID in FF changes after reload of the browser window (hover over the logout button to see this).