Session verification failed. Please try logging out and back in again

david101 · December 18, 2011, 09:49:47 AM

I using SMF 2.0.1 and while logging as Admin i am getting an error "Session verification failed. Please try logging out and back in again, and then try again." and i am not able to access the admin section. I cleared all the cookies and tried again but still showing the same error. I also tried internet explore but still not working. can anybody help in this regard.

kat · December 18, 2011, 12:27:31 PM

Could be a screwed cookie.

Try going to Admin>Server settings and renaming the cookie.

You'll be logged-out, of course. But, once you're back in, you could be lucky.

david101 · December 18, 2011, 08:00:18 PM

I cleared all the cookies and I also tried through a different computer but still not able to access the admin. When I tired to logging as admin and tried to click on admin option it throws an error "Session verification failed. Please try logging out and back in again, and then try again." I really cannot get a solution to it.

kat · December 19, 2011, 07:33:32 AM

Did you try what I suggested?

RENAME the cookie.

orpheus82 · December 20, 2011, 10:38:55 PM

I'm having the exact same issue with the whole session verification. I don't mean to hijack thread, but it sounds like if one of us can fix this issue it will help all of us. I was finally able to get into the admin section after days of trying and I just changed the cookie name. I'm keeping my fingers crossed and I will report back after a few days.

The site we're running is www.82ndair.com [nofollow]

We've been having this issue ever since updating to 2.0.1

orpheus82 · December 21, 2011, 08:10:07 PM

Changing the cookie name didn't help. I'm not the only one having this issue. Everyone else using our site is having problems with it, too.

Sir Osis of Liver · December 21, 2011, 10:04:01 PM

This becomes more interesting. Would help to see your error log. If you can't get into admin, use phpmyadmin to export smf_log_errors as pdf, and attach it here.

orpheus82 · December 22, 2011, 11:07:36 PM

I'm getting a ton of password incorrect errors, which is odd since all of us are definitely entering our passwords correctly. The problem is we can't log out, not that we can't log in. This and the fact that most times we get the session verification error when trying to access the admin panel.

orpheus82 · December 22, 2011, 11:11:44 PM

Here's part of the error log. Is it showing each user as a guest and then showing their name and the fact that the password is incorrect?

QuoteGuest
86.144.180.70
    December 22, 2011, 11:32:58 AM
1cdc2ab3ddd9f1111e8737ddcfd884e2
Type of error: User
http://www.82ndair.com/index.php?action=login2Password [nofollow] incorrect - podge
    Guest
74.76.14.104
    December 22, 2011, 07:20:08 AM
9b1246519650d838eaeff63a734c8ab0
Type of error: User
http://www.82ndair.com/index.php?action=login2Password [nofollow] incorrect - 82montypython
    Guest
74.76.14.104
    December 22, 2011, 07:19:58 AM
d18fef11b884eef3da7bd0d135c1e543
Type of error: User
http://www.82ndair.com/index.php?action=login2Password [nofollow] incorrect - 82montypython
    Guest
74.76.14.104
    December 22, 2011, 07:19:48 AM
94727dd1ab099d0e2791a6d6b167af6f
Type of error: User
http://www.82ndair.com/index.php?PHPSESSID=7KtBwZdsRRPEKxAJ,S5nf2&action=login2Password [nofollow] incorrect - 82montypython
    Guest
69.14.172.163
    December 21, 2011, 09:58:41 PM
1adaef1bef1f00375096ba10e016c17c
Type of error: User
http://www.82ndair.com/index.php?PHPSESSID=X9821Ll,vWAAind6Oyw4A0&action=login2Password [nofollow] incorrect - [82nd]Hitokiri
    Guest
67.149.33.204
    December 21, 2011, 07:44:46 PM
b651f7e91f5fee6f01981eb1f38d04af
Type of error: User
http://www.82ndair.com/index.php?action=login2Password [nofollow] incorrect - 82gijoe
    Guest
67.149.33.204
    December 21, 2011, 07:44:38 PM
e137052240cd68df41fa3d14dfed32ac
Type of error: User
http://www.82ndair.com/index.php?action=login2Password [nofollow] incorrect - 82gijoe
    Guest
67.149.33.204
    December 21, 2011, 07:44:14 PM
4b78347c860c32edba1bff168f5feafe
Type of error: User
http://www.82ndair.com/index.php?action=login2Password [nofollow] incorrect - 82gijoe
    Guest
67.149.33.204
    December 21, 2011, 07:43:33 PM
c973e8e170f590e0869d5b5228eb8344
Type of error: User
http://www.82ndair.com/index.php?action=login2Password [nofollow] incorrect - 82gijoe
    Guest
205.222.248.92
    December 21, 2011, 02:45:58 PM
beb0a2dd769afc399a738b6de89bb12d
Type of error: User
http://www.82ndair.com/index.php?action=login2Password [nofollow] incorrect - orpheus
    Guest
74.76.14.104
    December 21, 2011, 07:19:10 AM
20084bc9d733fd2eb5441d6d30dd575f
Type of error: User
http://www.82ndair.com/index.php?action=login2Password [nofollow] incorrect - 82montypython
    Guest
74.76.14.104
    December 21, 2011, 07:19:01 AM
0098c436ca4be16818e818108ac03544
Type of error: User
http://www.82ndair.com/index.php?action=login2Password [nofollow] incorrect - 82montypython
    Guest
74.76.14.104
    December 21, 2011, 07:18:34 AM
7d5b4690741b439ccf5f80e9dfb6ca7b
Type of error: User
http://www.82ndair.com/index.php?action=login2Password [nofollow] incorrect - 82montypython
    Guest
74.76.14.104
    December 21, 2011, 07:17:00 AM
a36ff33fa6742a3813801675f883f596
Type of error: User
http://www.82ndair.com/index.php?action=login2Password [nofollow] incorrect - 82montypython

Sir Osis of Liver · December 23, 2011, 10:07:08 PM

It's showing you the correct username (accepted), but passwords are being rejected.

Just registered - activate me.

orpheus82 · December 23, 2011, 11:34:26 PM

Done!

Thanks for taking the time to check this out. It's been driving us nuts.

Sir Osis of Liver · December 24, 2011, 03:37:09 PM

Just took a quick look, now I have to toddle off into the realworld, but something is screwing the cookies.

- It takes two attempts to login (not always), first one throws password error - that's what you're seeing in the error log.

- I can login once with FF, but can't logout - session verification error.

- In IE8, with cookies blocked and session cookies allowed, I can login/logout no problem. If I accept cookies, I can login/logout once, then login a second time and can't logout - session verification error. Have to clear cache/cookies to logout.

Won't get back to this until tomorrow. Meanwhile, would be helpful if someone could try duplicating this problem and come up with an idea wtf is going on.

orpheus82 · December 24, 2011, 05:29:00 PM

Thanks Krash!

That's exactly what's been happening to everyone trying to use the site. So strange.

Skhilled · December 25, 2011, 06:01:13 AM

This sounds like the hacking attempt from earlier this year resurfacing again. A few other people told me they had the same problems just recently. Around this time of year something always happens but it has been pretty quiet this year...so far.

Sir Osis of Liver · December 25, 2011, 02:09:05 PM

Orpheus, would help if I had temporary admin access so I can see the error log while I try different things. Will have some time tonight to tinker with it.

orpheus82 · December 26, 2011, 10:58:22 AM

Krash,

I'll set you up as admin as soon as I can get back into admin panel.

orpheus82 · December 26, 2011, 11:06:44 AM

OK,

The site is playing nice now. I was able to grant you admin privileges.

Sir Osis of Liver · December 26, 2011, 09:43:29 PM

Ok, the 2.0.2 update hasn't changed anything - still seeing the same problem.

A few things:

- The session verification error is not posted to the error log.

- When I try to clear cookies in FF (running default settings), I get two QuickTime errors ("failed to initialize") before cookies will clear. Then I'm able to logout.

- The only thing I see that's loading from another server is the image for the gameservers link. Don't know if it's significant, but the file has a header with several urls in it.

Couple things you can try:

- Comment out the gameservers links.

- Uninstall Aeva Media.

orpheus82 · December 26, 2011, 09:55:11 PM

Thank you so much Krash. I'll do that as soon as I can get back into admin.

orpheus82 · December 27, 2011, 10:48:24 AM

OK,

I removed the Aeva completely and took the gameservers link off. I'm still having the same issues.

Sir Osis of Liver · December 27, 2011, 01:56:48 PM

Had it working correctly in FF for a while with cookies blocked, but now it's erratic. The gaming thing in the right portal block (82nd/PK) is running a script and dropping a third party cookie from view.light-speed.com. Take that out and see what happens.

orpheus82 · December 27, 2011, 10:28:00 PM

Interesting. I just disabled the Ventrilo page and was able to log out and back in 7-8 times and access admin and the tinyportal admin page. Nice to see if this keeps up.

orpheus82 · December 28, 2011, 10:30:35 AM

I'm doing everything I can to try and bring back the session verification and logging in and out problems and so far, nothing I do seems to create the error we've been plagued with all this time. Looking good!

Sir Osis of Liver · December 28, 2011, 12:31:09 PM

Put the Ventrilo page back in and see if the problem returns.

orpheus82 · December 31, 2011, 11:26:22 AM

Things have been running smoothly ever since. I didn't put up the old vent panel, but I did create a new one a few days ago and re-added it to the site with no ill effects. Thanks so much for helping us troubleshoot this problem!

davegior · December 31, 2011, 07:25:43 PM

Can I post here with the same server settings error or do I need a new thread? Don't want to hi Jack this thread.

Illori · December 31, 2011, 07:39:20 PM

this thread is marked solved and started by someone else, so please start your own thread.

airtetdotin · September 23, 2012, 11:46:24 AM

i am getting same problem on http://forum.airtet.in

userquote · October 27, 2012, 10:21:35 PM

Hi, I am running to the exact problem as you did. Cannot post anything to the forum. Cannot login as Admin (error message: Session verification failed. Please try logging out and back in again, and then try again.) Could you share what you did to correct the error? Thanks a lot.

My site address is at www.userquote.com/forum [nofollow]

Quote from: orpheus82 on December 26, 2011, 11:06:44 AM
OK,

The site is playing nice now. I was able to grant you admin privileges.

MultiformeIngegno · January 23, 2014, 12:38:03 PM

Same problem. I can't even reset my password (if I type my username in ?action=reminder I get again a "Session verification failed. Please try logging out and back in again".

MultiformeIngegno · January 23, 2014, 01:55:59 PM

If can be of any help:
Ubuntu 13.10
PHP 5.5.8
nginx-1.5.9
mysql Ver 14.14 Distrib 5.5.35, for debian-linux-gnu (x86_64) using readline 6.2

I tried changing all the settings available on repair_settings (database driven sessions, changing cookie name, etc). No luck.

Mine is not a forum really active anymore, so I don't know precisely when this happened. I think it was with some PHP upgrade though. I have no MODs installed.

dmp1ce · March 07, 2014, 02:56:20 PM

I don't know if it is the same issue, but turning Database driven sessions to ON helped me login and logout without errors. Otherwise I could only login after the second attempt and I couldn't logout unless I deleted my cookies.

sshanky · November 13, 2014, 01:41:51 AM

OK...here is the way to fix this problem. Found this at maxi-pedia dot com.

THANK YOU TO WHOMEVER POSTED THIS...IT WORKED AND WAS THE ONLY THING I COULD FIND. I ONLY DID STEP A (BOLDED BELOW)

= = = = =

Hello,

I do not know exactly what triggers this message on your end, but the principle is that SMF works with sessions in many ways. It seems to pass them in _GET, _POST, from DATABASE, from COOKIES, etc. If it runs into a situation where your sessiondata in one source is not the same like from the other source, it returns the message. This can happen for example when your hosting provider cleans the sessions temp folder with you logged in. In this case, you would be able to log back in after sessiondata elsewhere expires.

To fix the "Session verification failed. Please try logging out and back in again, and then try again." message:

a) Sessions are stored in your database in the Sessions table (if you have dbase sessions enabled). You can dump this table without problems. In case you decide to manually dump this table, make sure you also delete records from log_online and log_errors. These two tables seem to hold session related data as well (i.e. data related to sessions on your Sessions table).

b) I had some files related to sessions in my temporary folder where I store temp files from my web server. Find out where your server stores temp files and clean that up.
c) Clean up your cookies. Those can store some data related to this.
d) If you are worried about deleting the content of the Sessions table, you can force all sessions to expire by setting the databaseSession_lifetime variable on the Settings table to one.
e) In case you have bad luck, and you can't even log into your admin interface to disable database sessions, you can hack that settings by setting the databaseSession_enable variable to zero in your Settings database table.
f) If nothing helps, you can edit your Security.php file and disable checks related to checking sessions. Find the checkSession() function and uncomment all the stuff that checks for sessions validity.

e) and f) will not fix your problem, but it will at least get you into the system to do more research.

Arantor · November 13, 2014, 04:26:54 AM

Steps d, e and especially f are seriously not recommended.

News:

Session verification failed. Please try logging out and back in again

kat

kat