Session Verification failures after specific post actions

Started by koops, May 24, 2010, 08:44:49 PM

Previous topic - Next topic

koops

I'm not sure which forum this should actually be under but this support one should probably be the best to start off with I hope.

I have looked for the past day through many many threads and tried many things without resolve.

I have a forum that had been working perfectly fine for the past few years.

It uses :

smf 1.1.11
Joomla 1.0.12
smf to joomla bridge 1.1.6

I have since just moved it to another webhost.
I did the standard file copy and database backup.
Modified configuration.php (joomla) and used repair_settings.php (smf) to make sure all paths were correct.
Changed the forum local path in the bridge options.

Have checked inside smf that "Enable compressed output" is turned OFF and "Use database driven sessions" are turned on.

As far as I can tell everything works in the forums apart from clicking on "quote","modify" or the quick "inline" modify button on posts.

failing session url example : http://mysite.net/index.php?option=com_smf&Itemid=32&action=post;msg=68784;topic=4302.0;sesc=f97febcd19f8c8657e763243304882a4 [nofollow]

working session url example : http://mysite.net/smf/index.php?action=post;msg=68846;topic=4295.15;sesc=b32952dc7b12af659ee2508c4b615443 [nofollow]

When users and myself have seen is the following.

When a "session verification failure" occurs you can click logout and then login again (using forever option). You can then sucessfully click on one of the 3 bottons mentioned above.
However, if you then goto another thread and try and do it the same error comes up again.

Using httpfox (firefox) and also Inspect Element (Chrome) I have watched the cookie contents to see if it changes between clicks.
All session information inside the cookies remains the same.

I have checked in the smf_sessions database table and I can see my PHPSESSIONID listed with the same value as my cookie of the same name.

I "think" that it's some sort of bridge interaction that is breaking it as if I use direct links to the forums ie. http://www.mysite.com/smf/index.php [nofollow] its fine.

Any clues?

SMF 2.0RC5, Simple portal 2.3.3, Aeva Media    1.4c


koops

I have no idea. It came from a previous admin circa early 2005.

I do realise that there havn't been updates to the bridge in quite some time but my issue is that it was working (still actually works as the old site is still available).
SMF 2.0RC5, Simple portal 2.3.3, Aeva Media    1.4c

Allusion

This topic should be moved to Joomla Bridge Support. I just reported the original post to the moderators. Perhaps Orstio or Kindred will help you with the issue.

Orstio

Do you have the SMF_Header_include mambot published?

koops

Quote from: Orstio on May 25, 2010, 06:21:29 PM
Do you have the SMF_Header_include mambot published?

I just double checked that and yes I do.

Also tried turning it off to see what it would do. No Change.
SMF 2.0RC5, Simple portal 2.3.3, Aeva Media    1.4c

koops

I've also just noticed that all new "unread" posts which first show up after clicking "Show unread posts since last visit." is cleared out after reading just ONE of the threads it finds!!!

This is a significant pain in the behind now :(
SMF 2.0RC5, Simple portal 2.3.3, Aeva Media    1.4c


koops

http://www.ozforces.net [nofollow]

i have changed the forum link on the top menu to goto the unwrapped site.

To see the error you'll have to follow the joomla style url

ie. xxxxxxxxxxxxxxxxxxxxxxx
SMF 2.0RC5, Simple portal 2.3.3, Aeva Media    1.4c

Orstio

Yep.  Your problem is the obsolete bridge.  Bridge 1.1.7 would work.

After bridge 1.1.6, SMF fixed a session-fixation issue.  That fix changes the session id on certain post events to prevent script-kiddies from being able to run scripts to automate guessing of the session id (makes it a moving target).  Bridge 1.1.6 did not consider that, bridge 1.1.7 did.

Due to the GPL issues, you're now SOL.

Allusion

Orstio, can you just post the code differences between the 1.1.6 and 1.1.7 versions of the bridge, if they're not too many?

The OP seems to have a copy of 1.1.6 already, they just need to patch it to 1.1.7.

Orstio

I don't even still have a copy of bridge 1.1.7 anywhere to compare. 

koops

Thanks anyway guys.

I have a dev site that i've been trialing the upgrade to smf 2.0 rc3 + simple portal procedure.

I've found that joomla was overly complex and ungamely for what we would use it for.

SMF 2.0RC5, Simple portal 2.3.3, Aeva Media    1.4c

koops

Quote from: Orstio on May 30, 2010, 11:37:03 AM
I don't even still have a copy of bridge 1.1.7 anywhere to compare.

I've had a look around and I think i have an archive of it that a previous admin had not installed.

edit: i've fixed the issue by using the 1.1.7 files.
edit #2 : nope not fixed at all. EXACTLY the same even using 1.1.7 :(
SMF 2.0RC5, Simple portal 2.3.3, Aeva Media    1.4c

Kindred

well, I killed the joomla bridge and switched to EZPortal and other internal mods on my site...

I have articles, links, affiliates, blogs, gallery, a front page, and extra pages... and most of all, a portal-style layout
Слова
Украина

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Advertisement: