Topic: Session timed out, Session verification and Incorrect password errors

[RCmod]

Hello

We have a SMF forum setup at the following URL



All our users are having Session timed out, Session verification and Incorrect password errors including the Admins/Moderators.

Our SMF version 1.1.11 with the following mods installed.

1.Googlebot & Spiders Mod
2.AjaxChat Integration    
3.Custom Who.template.php
4.Yarex 2 smiley set    
5.Repeating Events for Calendar   1.1    
6.YouTube BBCode 2.6    
7.Ellow yellow christmas edition smiley set


Here are some screen captures of the error messages.



Here is a run down of what we are observing. After a successful first login with out the "incorrect password" error, you will be able to use the forum as normal. But at some point I'm assuming that something in the sessions table of the sql database goes haywire and it and the cookie assigned to you no longer match up. This is when you get the "session errors". The error message suggests that you log out and back in again to fix this but you cant, you continue to get the "session errors". So I cleared my cache and cookies closed my browser and directed Firefox to with out loging in. I then scroll down to the bottom of the page and see that the forum still has me logged in when I'm not. So at this point I go to the login page which is at this URL



At this point this is when I start seeing the "password incorrect" errors...



Also notice that at this point you are on a different login URL...



At this login2 URL I can then successful login, however anything I try to do I get the "session errors"

Now our forum is set to monitor the last users in the past 30 minutes. I did all the above again, but this time when I got to the "password incorrect" error screen instead of login in at the login2 URL I simply waited for the forum to time out my session. I did this by refreshing the page until I no longer saw my user ID under the "whos online" section at the bottom of the screen.

Once the forum timed out my session, I then closed FF and ran CCleaner to clear my cache and cookies. I then opened FF and went to the login URL and this time I successfully logged in without getting the "incorrect password" error.

At this point I was able to post. But I have also noticed that after a successful login without errors if you don't post right away you will get a session error soon and have to go through this all over again.

My login is stored in FF so I know I'm not entering it incorrectly. Also when I view the forums error log I see ALL our users suffering from incorrect login errors where before there was very few if any.

We are seeing these errors on Firefox, IE, and Chrome so its not browser specific. I have done much research into this error and I have come across many similar posts with no definitive solution. The few solutions that I can do (I have no access to the back-end of the host, just admin privileges) such as renaming the cookie and setting the session time out higher and using the default core theme and many others have not helped. I did read that truncating the sessions table might help and or Dumping it. I have suggested our tech guru to look into that which I dont think he has yet. I have also noticed that this error has spanned many versions of SMF including the most resent 2.X versions. So this is not a new bug to SMF and strange that no good solution has been found.

The users and I have been discussing this issue on our own forum located at this link



Any help with this would be very appreciated.

[Yigal]

Hi RCmod, welcome to SMF.

I know how you feel!  Those errors are very frustrating.  But have you considered upgrading to the latest version of SMF?  You're currently running 1.1.11, please upgrade to 1.1.12.  Upgrading SMF
Another solution - It's probably a bad connection between the user and the host.

Contact your host and ask them to check the logs for errors, it could be they have changed something on the server that has caused the delay in communication.

You may find the information provided by PHPinfo useful

What is phpinfo.php?

[RCmod]

Thank you for the reply Yigal!

We have had the forum up for about a year now without any issues. So I don't think its an issue with the version. We are aware of the new version but concerned that upgrading the forum before this issue is resolved might just bring more problems to this already annoying issue. We would like to have a working forum before we upgrade is what I'm saying I guess. Unless you are saying that by upgrading we might get our issues resolved?

[Yigal]

Yes, I'm saying upgrade will probably resolve the issue

[RCmod]

Yes, I'm saying upgrade will probably resolve the issue

Well we upgraded to version 1.1.12 and this didn't help.

Any other suggestions..... anyone? This is getting very annoying

[Yigal]

Are you running on IE? 

[modestorc]

So as RCmod said, we upgraded , applied the patch to 1.1.12.

The following is part of the issue i raised with DreamHost
our host:

There was no altering of the backend SMF source code other than selecting a theme. But this
forum has ran well for months on end without issue.

Recently I did switch to PHP 5.3 in the DreamHost panel as was suggested by the DH email.

It seems this issue is apparent in both Chrome and FireFox browsers. In Chrome, if I clear the
cache and cookies I can log in, but it seems to require entering the password twice as it always
seems to report the password wrong the first time; as is the case lately with logging into the
DreamHost panel.

So after clearing browser cache and cookies, log in is successful and I can get to the admin
panel. If I log out, fine. I try to log back in and the second login works, but I can't access the
admin panel as it asks for the password again. Then it says there was a session error, logout
and try again. But then when I try to logout, the same session error occurs as if stuck in some
recursive loop or something. So then I can't logout at all.

Since I have to log into the DreamHost panel twice, I thought there may be something in the
logs that point to the error(s) I can fix or report to SMF.

We were using SMF 1.1.11, but a reply at the SMF website forum suggested using the sercurity
mod patch fix that upgraded to 1.1.12. We did such with no errors, but the session issue still
looms dark and somewhat mysterious:

[modestorc]

This session and cookie log in issue regards all log ins, all for SMF,
not just chat. In fact, more importantly, logging in to post
or as an admin.

SMF has become an integral part of MRC for it's users and staff.

We really need to resolve this issue.

I'm also wander if the browsers' asking to save the passwords
and such is help blocking the db and cookie checks, but that
shouldn't be an issue if it is.

[Illori]

this has been hitting many forums, smf has no known solution at this time. there are spammers trying to hack into accounts which is causing users to be logged out. if you search the forum you will find several posts on this issue.

[modestorc]

Well, the only thing that changed for us was to upgrade to PHP 5.3
at DreamHost at their suggestion; and that's apparently was when
things with sessions and cookies started conflicting.

And then the log in password problem even happens
at DreamHost's log in panel.

So I switched back to PHP 5.2 and the session, log in,
and log out errors have no stopped.

SO PHP 5.3 is affecting, in my opinion, more than just SMF.
The session and cookie handling of PHP 5.3 then may have
to be accounted for in code.

[busterone]

And then the log in password problem even happens
at DreamHost's log in panel.

There is your answer. It is a host issue, not SMF.

[Yigal]

And then the log in password problem even happens
at DreamHost's log in panel.

There is your answer. It is a host issue, not SMF.

This problem occurs on almost every SMF forum, it may be the server but it could still be SMF at the same time.

[RCmod]

I'm going to mark this as solved but only in our case. Our problem was directly related to upgrading from PHP 5.2 to PHP 5.3. Down-grading to PHP 5.2 resolved our issue. However this isn't a acceptable fix. We should be able to upgrade without these errors. Weather this is server side or SMF has yet to be determined, but the good thing is we have a working forum again.

Thanks for all your input SMF community!

@Illori you had me thinking our forum was hacked for a short time LOL glad this wasn't the case.

[Yigal]

Glad you got it solved.  Always backup before upgrading

[ApplianceJunk]

I'm having this same problem and will contact my host to see what they say, thanks.