2.0.14 - Your session timed out while posting. Please go back and try again.

Started by psi0, May 16, 2017, 02:53:26 AM

Previous topic - Next topic

psi0

Hi guys I did upgrade from 2.13 to 2.14 and once I did I received the following error:

" Your session timed out while posting. Please go back and try again."

This in index page.

If i try to login by .. forum/index.php?action=profile;u=7144 it works.

Any idea?



Steve

A simple search for 'session timed out' would have yielded a boatload of threads about this in the last couple of days ...
DO NOT pm me for support!


DebbieManning

Quote from: Illori on May 17, 2017, 04:44:01 PM
Quote from: DebbieManning on May 17, 2017, 04:37:45 PM
I'm also getting this

you have a topic already on this. please stick to that topic. https://www.simplemachines.org/community/index.php?topic=553957.0

It isn't the same problem this user is getting tho mine is mod related this is sign in related but I have been made aware of this fault by my members which I didn't know about

Illori

either way this topic belongs to someone else and you have a topic open. so post about your issue in that topic so we can help you resolve the issue.

Kiriakos GR

Some people read this topic by thinking that there is a problem... some others like me,  I am reading it as indication about getting alerted or not.
Installation of 2.0.14 this when smoothly in my case.

And my advice to people reporting such problems this is that they should be more specific.
Reply message -  session timeout, this is adjustable by the Admin.

Therefore here there is only one Good question and this is:  Does time-out occurs despite the timing this be adjusted by the Administrator?  (SMF settings)   

ceylankral

i fixed this problem

find and check Sources/LogInOut.php file, must be exatcly like below. if there is any code between them, like session , delete that line.

// Are you guessing with a script?
   
spamProtection('login');

Steve

Quote from: ceylankral on July 04, 2017, 06:39:19 AMif there is any code between them, like session , delete that line.

Do not do that. At most, comment out the session line temporarily.
DO NOT pm me for support!

Sir Osis of Liver

Removing that line disables the session check that was added to 2.0.14.  It fixes the login problem, but may bork upcoming 2.0.15 if the line is missing when patch is installed.  Depends on whether the devs make any changes that edit that block of code.  You'd either have to remember to restore the code, or revert to 2.0.13, then upgrade .13 -> .14 -> .15. 
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Kindred

Removing that line of code disables SECURITY that was added to 2.0.14...   so, removing that line does a lot more than affect your possible 2.0.15 upgrade...  it also affects your site security

It should not be done.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Sunchaser

Quote from: ceylankral on July 04, 2017, 06:39:19 AM
i fixed this problem

find and check Sources/LogInOut.php file, must be exatcly like below. if there is any code between them, like session , delete that line.

// Are you guessing with a script?
   
spamProtection('login');


Up, any news on this problem? I had to comment this line too to make my members login.

Illori

are you using a custom theme? did you apply the fix to your theme if you are?

Sir Osis of Liver

This problem has been reported on several forums that are running Curve with the correct updated login code.  I worked on one, and had the glitch in a clean 2.0.14 install running in php 7.1.  Only way to correct it is to remove session check in LogInOut.php.  Was not able to determine the cause, but it may be related to unusual host config.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

garfmaj

I am also having this issue. One of my members has been unable to log in for over a week so I don't think it's based on a timeout. I logged out (usually kept logged in all the time) and tried to log back in and also got the error.

Removing security checks is obviously not great, but I'm not quite sure what else we can do here. I'm not sure what good a secure forum is if no one can log in.

Someone suggested it could be a hosts file. What would I look for if so?

garfmaj

I poked at the code a bit. It seems that it's not sending it over post ($_POST['sc'] or $_POST[$_SESSION['session_var']]). I tried setting it to the 'request' mode as well which allows it over get and that fails as well. Assuming that's since it's supposed to be a post request, so makes sense. Is anyone familiar with these?

I am going to disable the check but hopefully someone has some insight here..

Illori

please open a separate topic for your issue, this topic belongs to someone else.

Sir Osis of Liver

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Hexxer

Hi,

i figure it out but i dont no how to fix it. Im on anecdota.

If you use that Login-Part (at anecdota) on the upper right site my login fails for everyone.
But iy you use the login from the normal standard login like url..../index.php?action=login everything is fine.

But i have no idea why that smal port to login dosent work. I have not the biggest experience in coding

Hexxer

Hmmm. Anecdota links in the index.template.php to "login2"

(Linenumbers in frot)

216                 <script language="JavaScript" type="text/javascript" src="', $settings['default_theme_url'], '/scripts/sha1.js"></script>
217                         <form action="', $scripturl, '?action=login2" method="post" accept-charset="', $context['character_set'], '" style="margin: 4px 0;"', empty($context['    disable_login_hashing']) ? ' onsubmit="hashLoginPassword(this, \'' . $context['session_id'] . '\');"' : '', '>


If i change that to "login" it redirects my to my login-page (thats a workaround. My members must type twice, but the login at the second time are working)

Advertisement: