News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Session verification failure, can't get in as admin

Started by MensaMod, January 10, 2018, 12:14:37 PM

Previous topic - Next topic

MensaMod

Last night I was feeling good about how well the 2.0.12-to-2.0.15 upgrade went on my sandbox system, then this morning I got pinged by a user who couldn't logon there.  Now neither can I.  Here's what I've done...

  • Brought us up from PHP 5.3 to 5.6 a week ago, everything still ran fine.
  • Restored a copy of our live database over the sandbox database
  • Logged onto the sandbox system.  Had to use my current password instead of the old one, which confirmed that the restore had worked.
  • Upgraded the sandbox from 2.0.12 to 2.0.13, to 2.0.14, to 2.0.15

    • Successful install for 2.0.13
    • At the 2.0.14 upload, the test review indicated failure for three Themes: Sunset, Graystyle and Splat
    • I went to the Themes Settings page and deleted those three Themes
    • Went back to the Patch Install page and made sure I'd UNchecked to install for those themes but TO install for the others
    • Got successful installs for 2.0.14 and 2.0.15
  • Logged off and logged back on again to confirm the Admin page said 2.0.15, look at old msgs, write a new one, etc.  Everything looked fine so I logged off.
  • Got pinged this morning, like I said, and sure enough I can't logon there, either.
  • Tried clearing browser cache, no joy.
  • Ran repair_settings.php with all recommendations

    • changed the cookie name from SMFCookie12 to SMFCookie446
    • turned off Queryless URLs
    • set SMF Default Theme as global default
  • Cleared the browser cache again, still no joy.
  • Same result when I try logging in there from Safari on my iPad
I noticed that the three Themes I'd deleted still reside in the file system.

I've seen several posts here relating to fixing up custom Themes, but all the ones we have are vanilla downloads from the SMF site.

Not being able to logon as Admin means I can't check or fix anything from inside SMF, and I'm basically PHP-illiterate.  What can I do to address this from what cPanel utilities will allow me to do?  Would deleting the "not there" subdirectories from the Themes directory clear the problem?

Thanks.

aegersz

does clearing the cookies in the browser at least help for the initial login ?
The configuration of my Linux VPS (SMF 2.0 with 160+ mods & some assorted manual tweaks) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum). My (House) music DJ dedication page is here

MensaMod



Just cleared cookies in Edge, no change.  I don't see either the old nor the new sandbox cookie in FireFox's cookie stack, and my iPad had never seen that site before.  So that doesn't seem to be where the problem is.


Arantor

So, you can log in to the forum generally but not into the admin area?

MensaMod



Sorry, no, can't log in anywhere.  No can anyone else.


Arantor



Arantor

Hmm, the obvious symptom is not showing up. What if you turned off JavaScript before trying to log in?

MensaMod

Can't find a way to turn it off in Edge.  In FireFox I set NoScript to mark agm2m.org as non-trusted -- no change in behavior.

Explicitly turned off JavaScript in Chrome -- still the same.

Sir Osis of Liver

Removing a theme in theme settings does not delete the files, they're ignored and not causing your problem.  You were able to login after upgrade, so upgrade was successful.  Looks like a clean install, have you tried uploading 2.0.15 upgrade package to replace all files with clean package?
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

drewactual

can we see the contents of your htaccess (alongside main SMF if it isn't the root directory) posted here?

MensaMod

Quote from: drewactual on January 10, 2018, 11:35:36 PM
can we see the contents of your htaccess (alongside main SMF if it isn't the root directory) posted here?

I don't see "htaccess" in cPanel's File Manager display, probably because as a dot-file it's "hidden" and I don't know how to show those.  Sorry.

Quote from: Sir Osis of Liver on January 10, 2018, 09:40:51 PM
Removing a theme in theme settings does not delete the files, they're ignored and not causing your problem.  You were able to login after upgrade, so upgrade was successful.  Looks like a clean install, have you tried uploading 2.0.15 upgrade package to replace all files with clean package?

You're talking the big-file complete replacement package?  That would be my next step if nothing less drastic presents itself.  Does that lay down on top of what I've got or would I need to create a new directory tree?

shawnb61

Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

aegersz

if it were a cookie issue then would disabling cookie support in your browser help ?

or copy cookie data from a functioning environment to your sandbox ?

or if you run auto-approve then you could register a new user and try to login.

it could be something else so yeah, get all the error info that you have.

as you can tell, this is not my area of expertise but i'm really curious about this problem.
The configuration of my Linux VPS (SMF 2.0 with 160+ mods & some assorted manual tweaks) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum). My (House) music DJ dedication page is here

MensaMod


drewactual

ask your host to set the sessions path to file... i wager apache is set up to use memcached and clients to store the sessions.  IF memcached is available on whatever build they implemented as a 'stock' build, then it is likely set in php.ini to actually use it. 

i use memcached as opposed to files, though practicing through using 'files' seems quicker on a smaller forum (like mine), but the settings have to be absolutely right to use them.  the big ones are:

sessions_save_handler: files (IF memcahed is available, the value is memcached instead of files)
sessions_save_path: (link to file on server sessions are saved; IF memcached is available, the value is 10.1.1.1:11211)
session_name: PHPSESSID < you gotta have that set with this value, we're talking sessions for the server, NOT for SMF, and it's teh same if you use memcached too...

even if this isn't your issue, it's a good plan to have your host comb through your php.ini with you and set things to cater best to your function/purpose.

MensaMod

Interesting info to follow up on, but keep in mind that our failing system is the sandbox we use to check out new stuff.  The live system, operating out of the same virtual machine, has been and is running just fine <sound of fingers crossing>.

drewactual

Quote from: MensaMod on January 11, 2018, 10:45:11 AM
Interesting info to follow up on, but keep in mind that our failing system is the sandbox we use to check out new stuff.  The live system, operating out of the same virtual machine, has been and is running just fine <sound of fingers crossing>.

then take a peek at your php.ini or <virtualmachine> tags in both sites... make sure they match?  make sure they match in every aspect EXCEPT where they store sessions (if using files). 

edited to add: it's a very good idea to have the two instances using different cookie names, too... SMF named cookies, NOT the phpsessions that all users set when they approach.

MensaMod

Where do I find them?  (Damn, I wish cPanel offered a filename search function.)

drewactual

your php.ini should be in your http (public facing) folder...

and i wager we're on to something here with your server config... if you don't have a php.ini in that directory, it's falling back to the global php.ini or httpd config, which means if it implicitly set a cookie name or session file location, both forums are trying to use the same names/directories for the same phpsession cookie...

MAKE a file in your root directory of the sandbox named php.ini... in that file type in:

session.auto_start = 1


that by itself may remedy your situation... if not, we may have to go back and enter session parameters for it such as what i offered previously..

Advertisement: