Advertisement:

Author Topic: Session Verification failures after specific post actions  (Read 31231 times)

Offline koops

  • Semi-Newbie
  • *
  • Posts: 15
Session Verification failures after specific post actions
« on: May 24, 2010, 08:44:49 PM »
I'm not sure which forum this should actually be under but this support one should probably be the best to start off with I hope.

I have looked for the past day through many many threads and tried many things without resolve.

I have a forum that had been working perfectly fine for the past few years.

It uses :

smf 1.1.11
Joomla 1.0.12
smf to joomla bridge 1.1.6

I have since just moved it to another webhost.
I did the standard file copy and database backup.
Modified configuration.php (joomla) and used repair_settings.php (smf) to make sure all paths were correct.
Changed the forum local path in the bridge options.

Have checked inside smf that "Enable compressed output" is turned OFF and "Use database driven sessions" are turned on.

As far as I can tell everything works in the forums apart from clicking on "quote","modify" or the quick "inline" modify button on posts.

failing session url example : http://mysite.net/index.php?option=com_smf&Itemid=32&action=post;msg=68784;topic=4302.0;sesc=f97febcd19f8c8657e763243304882a4 [nofollow]

working session url example : http://mysite.net/smf/index.php?action=post;msg=68846;topic=4295.15;sesc=b32952dc7b12af659ee2508c4b615443 [nofollow]

When users and myself have seen is the following.

When a "session verification failure" occurs you can click logout and then login again (using forever option). You can then sucessfully click on one of the 3 bottons mentioned above.
However, if you then goto another thread and try and do it the same error comes up again.

Using httpfox (firefox) and also Inspect Element (Chrome) I have watched the cookie contents to see if it changes between clicks.
All session information inside the cookies remains the same.

I have checked in the smf_sessions database table and I can see my PHPSESSIONID listed with the same value as my cookie of the same name.

I "think" that it's some sort of bridge interaction that is breaking it as if I use direct links to the forums ie. http://www.mysite.com/smf/index.php [nofollow] its fine.

Any clues?

« Last Edit: May 24, 2010, 09:01:55 PM by koops »
SMF 2.0RC5, Simple portal 2.3.3, Aeva Media    1.4c

Offline Allusion

  • Jr. Member
  • **
  • Posts: 386
Re: Session Verification failures after specific post actions
« Reply #1 on: May 24, 2010, 10:08:05 PM »
smf to joomla bridge 1.1.6

Where did you get that bridge?

Offline koops

  • Semi-Newbie
  • *
  • Posts: 15
Re: Session Verification failures after specific post actions
« Reply #2 on: May 24, 2010, 11:11:31 PM »
I have no idea. It came from a previous admin circa early 2005.

I do realise that there havn't been updates to the bridge in quite some time but my issue is that it was working (still actually works as the old site is still available).
« Last Edit: May 24, 2010, 11:17:32 PM by koops »
SMF 2.0RC5, Simple portal 2.3.3, Aeva Media    1.4c

Offline Allusion

  • Jr. Member
  • **
  • Posts: 386
Re: Session Verification failures after specific post actions
« Reply #3 on: May 25, 2010, 11:59:32 AM »
This topic should be moved to Joomla Bridge Support. I just reported the original post to the moderators. Perhaps Orstio or Kindred will help you with the issue.

Orstio

  • Guest
Re: Session Verification failures after specific post actions
« Reply #4 on: May 25, 2010, 06:21:29 PM »
Do you have the SMF_Header_include mambot published?

Offline koops

  • Semi-Newbie
  • *
  • Posts: 15
Re: Session Verification failures after specific post actions
« Reply #5 on: May 25, 2010, 06:48:41 PM »
Do you have the SMF_Header_include mambot published?

I just double checked that and yes I do.

Also tried turning it off to see what it would do. No Change.
SMF 2.0RC5, Simple portal 2.3.3, Aeva Media    1.4c

Offline koops

  • Semi-Newbie
  • *
  • Posts: 15
Re: Session Verification failures after specific post actions
« Reply #6 on: May 26, 2010, 03:38:08 AM »
I've also just noticed that all new "unread" posts which first show up after clicking "Show unread posts since last visit." is cleared out after reading just ONE of the threads it finds!!!

This is a significant pain in the behind now :(
SMF 2.0RC5, Simple portal 2.3.3, Aeva Media    1.4c

Orstio

  • Guest
Re: Session Verification failures after specific post actions
« Reply #7 on: May 27, 2010, 01:09:11 AM »
Do you have a URL?

Offline koops

  • Semi-Newbie
  • *
  • Posts: 15
Re: Session Verification failures after specific post actions
« Reply #8 on: May 27, 2010, 01:15:18 AM »
http://www.ozforces.net [nofollow]

i have changed the forum link on the top menu to goto the unwrapped site.

To see the error you'll have to follow the joomla style url

ie. xxxxxxxxxxxxxxxxxxxxxxx
« Last Edit: May 30, 2010, 11:52:57 PM by koops »
SMF 2.0RC5, Simple portal 2.3.3, Aeva Media    1.4c

Orstio

  • Guest
Re: Session Verification failures after specific post actions
« Reply #9 on: May 28, 2010, 10:22:18 PM »
Yep.  Your problem is the obsolete bridge.  Bridge 1.1.7 would work.

After bridge 1.1.6, SMF fixed a session-fixation issue.  That fix changes the session id on certain post events to prevent script-kiddies from being able to run scripts to automate guessing of the session id (makes it a moving target).  Bridge 1.1.6 did not consider that, bridge 1.1.7 did.

Due to the GPL issues, you're now SOL.

Offline Allusion

  • Jr. Member
  • **
  • Posts: 386
Re: Session Verification failures after specific post actions
« Reply #10 on: May 29, 2010, 06:37:45 PM »
Orstio, can you just post the code differences between the 1.1.6 and 1.1.7 versions of the bridge, if they're not too many?

The OP seems to have a copy of 1.1.6 already, they just need to patch it to 1.1.7.

Orstio

  • Guest
Re: Session Verification failures after specific post actions
« Reply #11 on: May 30, 2010, 11:37:03 AM »
I don't even still have a copy of bridge 1.1.7 anywhere to compare. 

Offline koops

  • Semi-Newbie
  • *
  • Posts: 15
Re: Session Verification failures after specific post actions
« Reply #12 on: May 30, 2010, 07:25:12 PM »
Thanks anyway guys.

I have a dev site that i've been trialing the upgrade to smf 2.0 rc3 + simple portal procedure.

I've found that joomla was overly complex and ungamely for what we would use it for.

SMF 2.0RC5, Simple portal 2.3.3, Aeva Media    1.4c

Offline koops

  • Semi-Newbie
  • *
  • Posts: 15
Re: Session Verification failures after specific post actions
« Reply #13 on: May 30, 2010, 08:29:40 PM »
I don't even still have a copy of bridge 1.1.7 anywhere to compare.

I've had a look around and I think i have an archive of it that a previous admin had not installed.

edit: i've fixed the issue by using the 1.1.7 files.
edit #2 : nope not fixed at all. EXACTLY the same even using 1.1.7 :(
« Last Edit: May 31, 2010, 04:10:23 AM by koops »
SMF 2.0RC5, Simple portal 2.3.3, Aeva Media    1.4c

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,565
  • Gender: Male
    • Kindred-999 on GitHub
Re: Session Verification failures after specific post actions
« Reply #14 on: May 31, 2010, 01:22:47 PM »
well, I killed the joomla bridge and switched to EZPortal and other internal mods on my site...

I have articles, links, affiliates, blogs, gallery, a front page, and extra pages... and most of all, a portal-style layout
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.