[1.1.11 update problem] Session verification failed. Please try logging out.....

Started by steve51184, December 05, 2009, 12:01:09 PM

Previous topic - Next topic

Norv

Could you please consider to uninstall pretty urls then try again?

Also, please try posting the errors in the error log.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

steve51184

Quote from: Norv on December 05, 2009, 10:27:33 PM
Could you please consider to uninstall pretty urls then try again?

Also, please try posting the errors in the error log.

i don't have the 'pretty urls' mod installed and there's no errors in my error log

Norv

Did you have any errors during update, like a "warning" that a test failed in one or more of your files? We still need to know how your files were modified, to try understanding how could they lead to this effect.
Also, please make sure you do ask people who have the problem to login, then check the error log.
Is there anything relating them? Are they many?

Also, please consider providing a test account, unless that is a problem for you, of course.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

steve51184

Quote from: Norv on December 05, 2009, 10:56:12 PM
Did you have any errors during update, like a "warning" that a test failed in one or more of your files? We still need to know how your files were modified, to try understanding how could they lead to this effect.
Also, please make sure you do ask people who have the problem to login, then check the error log.
Is there anything relating them? Are they many?

Also, please consider providing a test account, unless that is a problem for you, of course.

no warning during the install and no errors at all as it all went fine

terrycsa

I have been having the same problem with my forum both before and after updating. I haven't changed any mods or coding. It is happening with all members as well as admin.

The only thing I seem able to do is refresh after the error message, return to main forum, and refresh again. This seems to work. It isn't that you aren't being logged in, only that it is not showing as logged in until after I take the above steps.

It is frustrating more for my members. I just find it an inconvenience.  But would like to fix it.


Norv

Please tell if and what errors are in the error log, when the users or yourself experience the issue.
When exactly does the message happen, at login, or anything else?
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

steve51184

Quote from: terrycsa on December 06, 2009, 02:21:38 PM
I have been having the same problem with my forum both before and after updating. I haven't changed any mods or coding. It is happening with all members as well as admin.

The only thing I seem able to do is refresh after the error message, return to main forum, and refresh again. This seems to work. It isn't that you aren't being logged in, only that it is not showing as logged in until after I take the above steps.

It is frustrating more for my members. I just find it an inconvenience.  But would like to fix it.

please don't hijack my thread.. make your own please ;)

Quote from: Norv on December 06, 2009, 04:42:40 PM
Please tell if and what errors are in the error log, when the users or yourself experience the issue.
When exactly does the message happen, at login, or anything else?

there's nothing in the error log other then a few incorrect passwords etc

Norv

When exactly does the problem happen? The URL in the address bar, of the page that says "session verification failed" could be very useful.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

steve51184

i'll post a few quotes from my members:

QuoteI get these errors, I tried logging in again and it comes back after like 10 secs. I tried, different browser, different computer at a different house. Not quite sure whats causing this, I get like one more error of this it says something else might post it.

Quotehmm ..i had the same error too but that happened with google chorme beta version but than i changed to stable version and all set now ....

i'm asking them for the URL now won't be long

steve51184

right i got a reply about the URL and it's quite interesting

http://domain.com/forum/index.php?action=collapse;c=5;sa=collapse;#5

and he got this by going to http://domain.com/forum :-\

steve51184

wait i think i know the problem... my members are clicking a link in my top menu that links to:

http://domain.com/forum/index.php?action=collapse;c=5;sa=collapse;#5

and that has no session ID in the url like this:

http://domain.com/forum/index.php?action=collapse;c=5;sa=expand;sesc=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx#5

this has never been a problem before but an update to smf 1.1.11 must of done something... ideas?

Norv

That must definitely be it. The update to 1.1.11 has made among others, a series of tests of user's validity of sessions (for security reasons). But it should have (of course) added the right tokens to the links as well.
Is that link a SMF link as it seems? Is it from a custom theme? It looks to me like the link to expand/collapse categories.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

steve51184

Quote from: Norv on December 06, 2009, 06:01:28 PM
That must definitely be it. The update to 1.1.11 has made among others, a series of tests of user's validity of sessions (for security reasons). But it should have (of course) added the right tokens to the links as well.
Is that link a SMF link as it seems? Is it from a custom theme? It looks to me like the link to expand/collapse categories.

it's not a link from smf it's one from a custom theme that links to one of my categories i say links to and not expand/collapse as i have that turned off and it's been on the site for years but JUST stopped working :\

also i notice that smf 2.x doesn't have this?

p.s. how do i now link to a board?

Norv

That link is a link to expand/collapse categories. Apparently, it can be used to link to the category too, as the action to expand/collapse is forbidden on your forum, it just shows the category. I tested on my forum: it tries to expands/collapses categories. (and succeeds only if collapsing is enabled).

To link to a board: http://your_domain.com/index.php?board=1.0 (replace 1 with your board ID)
To link to a category, please try using instead: http://your_domain.com/index.php#c1 (replace 1 with your category ID). It should work if your forum is still set to show the all the categories and boards at http://your_domain.com/index.php.

If the link comes from a custom theme, you may want to report the problem to the theme author, because I suspect that themes creating their own link didn't have to include the token in links to the collapse action before 1.1.11, as you report, and have to do that now. Most of the themes should have no problem, because they probably use SMF's variable for this collapse action:
$context['categories'][$row_board['ID_CAT']['collapse_href']. Which already contains the necessary token, after 1.1.11.
Apparently your theme might have created the link itself, instead of using the above variable, or your variable value is not filled in BoardIndex.php. Posting the file where the link from the theme is (perhaps ./Themes/your_theme/BoardIndex.template.php) and the file where the variable to use for the link should be filled by SMF 1.1.11 (./Sources/BoardIndex.php), might help us see for sure which needs to be modified, to be working as it should.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

steve51184

Quote from: Norv on December 06, 2009, 06:44:24 PM
That link is a link to expand/collapse categories. Apparently, it can be used to link to the category too, as the action to expand/collapse is forbidden on your forum, it just shows the category. I tested on my forum: it tries to expands/collapses categories. (and succeeds only if collapsing is enabled).

To link to a board: http://your_domain.com/index.php?board=1.0 (replace 1 with your board ID)
To link to a category, please try using instead: http://your_domain.com/index.php#c1 (replace 1 with your category ID). It should work if your forum is still set to show the all the categories and boards at http://your_domain.com/index.php.

the links the the categories works now (it's index.php#1 and not index.php#c1) and it should solve the problem but we'll see :)

thank you...

Quote from: Norv on December 06, 2009, 06:44:24 PM
If the link comes from a custom theme, you may want to report the problem to the theme author, because I suspect that themes creating their own link didn't have to include the token in links to the collapse action before 1.1.11, as you report, and have to do that now. Most of the themes should have no problem, because they probably use SMF's variable for this collapse action:
$context['categories'][$row_board['ID_CAT']['collapse_href']. Which already contains the necessary token, after 1.1.11.
Apparently your theme might have created the link itself, instead of using the above variable, or your variable value is not filled in BoardIndex.php. Posting the file where the link from the theme is (perhaps ./Themes/your_theme/BoardIndex.template.php) and the file where the variable to use for the link should be filled by SMF 1.1.11 (./Sources/BoardIndex.php), might help us see for sure which needs to be modified, to be working as it should.

it's not a custom theme it's a theme/portal around smf from subdreamer cms :)

Norv

Quote from: ppbz on December 06, 2009, 06:56:21 PM
Quote from: Norv on December 06, 2009, 06:44:24 PM
If the link comes from a custom theme, you may want to report the problem to the theme author, because I suspect that themes creating their own link didn't have to include the token in links to the collapse action before 1.1.11, as you report, and have to do that now. Most of the themes should have no problem, because they probably use SMF's variable for this collapse action:
$context['categories'][$row_board['ID_CAT']['collapse_href']. Which already contains the necessary token, after 1.1.11.
Apparently your theme might have created the link itself, instead of using the above variable, or your variable value is not filled in BoardIndex.php. Posting the file where the link from the theme is (perhaps ./Themes/your_theme/BoardIndex.template.php) and the file where the variable to use for the link should be filled by SMF 1.1.11 (./Sources/BoardIndex.php), might help us see for sure which needs to be modified, to be working as it should.

it's not a custom theme it's a theme/portal around smf from subdreamer cms :)

Well, it's still custom. It might be helpful to them to notify them that that link doesn't work anymore after 1.1.11 and they need to add the session token to it now, (or use something else, like my example above), to be compatible with 1.1.11.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

steve51184

Quote from: Norv on December 06, 2009, 06:59:22 PM
Quote from: ppbz on December 06, 2009, 06:56:21 PM
Quote from: Norv on December 06, 2009, 06:44:24 PM
If the link comes from a custom theme, you may want to report the problem to the theme author, because I suspect that themes creating their own link didn't have to include the token in links to the collapse action before 1.1.11, as you report, and have to do that now. Most of the themes should have no problem, because they probably use SMF's variable for this collapse action:
$context['categories'][$row_board['ID_CAT']['collapse_href']. Which already contains the necessary token, after 1.1.11.
Apparently your theme might have created the link itself, instead of using the above variable, or your variable value is not filled in BoardIndex.php. Posting the file where the link from the theme is (perhaps ./Themes/your_theme/BoardIndex.template.php) and the file where the variable to use for the link should be filled by SMF 1.1.11 (./Sources/BoardIndex.php), might help us see for sure which needs to be modified, to be working as it should.

it's not a custom theme it's a theme/portal around smf from subdreamer cms :)

Well, it's still custom. It might be helpful to them to notify them that that link doesn't work anymore after 1.1.11 and they need to add the session token to it now, (or use something else, like my example above), to be compatible with 1.1.11.

it's a link i've added to the menu that was done before 1.1.11 so after the update it stopped working due to no token but i've fixed it now (if this was the problem to begin with)

Norv

Great then, good to see the problem solved!
I am marking this topic as solved, but please feel free to reopen it in case you may need more assistance on this matter. :)
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github


Advertisement: