Advertisement:

Author Topic: Nonstop "Session verification failed. Please try logging out and back in again"  (Read 1046 times)

Offline TheSnake

  • Semi-Newbie
  • *
  • Posts: 73
  • Gender: Male
    • The Better Alternative
Suddenly error messages like "Session verification failed. Please try logging out and back in again, and then try again." and "Your session timed out while posting. Please go back and try again." started to show up anytime when someone (admin, mod or user) trying to log in or log out.

We've got this
Code: [Select]
<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />, so... what else can be the reason?

Offline drewactual

  • Full Member
  • ***
  • Posts: 606
    • College Football Fan Site CFB51
what are you using for handling sessions?  are you writing to files? if so, check the location and the permissions on that file as your host may have altered it....

if you're using memcached for sessions, check that memcached is operational/working. 

also, make sure every login is using the sessions variable addition/fix. 

Offline TheSnake

  • Semi-Newbie
  • *
  • Posts: 73
  • Gender: Male
    • The Better Alternative
It's SMF 2.0.15 as it is. We didn't change anything related to sessions, so I suppose it's the SMF 2.0.15 original session handling, which I have no idea what's exactly and how's it working. :-\

Offline Sir Osis of Liver

  • SMF Hero
  • ******
  • Posts: 8,931
Sounds like your host changed something.  You can try disabling database driven sessions in Admin -> Server Settings, but might be best to contact host support.

Offline drewactual

  • Full Member
  • ***
  • Posts: 606
    • College Football Fan Site CFB51
create a new file on your server... name it whatever, but most often folks name it phpinfo.php ... paste the following in the file:

Code: [Select]
<?php

phpinfo
();

?>

save it and close it... navigate to it... scroll down to area called 'sessions' and tell us what's in it. 

did you upgrade to 2.0.15 or was it installed as 2.0.15?  again, scour every login script on your page and see if the sessions fix is present. 

Offline drewactual

  • Full Member
  • ***
  • Posts: 606
    • College Football Fan Site CFB51
by the way, I notice you use the social login by smfpacks, and... the sessions patch isn't in that script... ask me how I know.  iirc it's a file named 'sociallogin.php' in your default theme.  add the sessions variable to it, or.... abandon that mod as it is too quirky to rely on anyway. 

Offline TheSnake

  • Semi-Newbie
  • *
  • Posts: 73
  • Gender: Male
    • The Better Alternative
Thanks a lot for your helping! :) :) :)

1) It was upgraded to 2.0.15.

2) The phpinfo.php's sessions info:   
Quote
session

Session Support    enabled
Registered save handlers    files user
Registered serializer handlers    php_serialize php php_binary wddx

Directive    Local Value   Master Value

session.auto_start   Off   Off
session.cache_expire   180   180
session.cache_limiter   nocache   nocache
session.cookie_domain   no value   no value
session.cookie_httponly   Off   Off
session.cookie_lifetime   0   0
session.cookie_path   /   /
session.cookie_secure   Off   Off
session.entropy_file   /dev/urandom   /dev/urandom
session.entropy_length   32   32
session.gc_divisor   0   0
session.gc_maxlifetime   1440   1440
session.gc_probability   0   0
session.hash_bits_per_character   5   5
session.hash_function   0   0
session.name   PHPSESSID   PHPSESSID
session.referer_check   no value   no value
session.save_handler   files   files
session.save_path   /var/cpanel/php/sessions/ea-php56   /var/cpanel/php/sessions/ea-php56
session.serialize_handler   php   php
session.upload_progress.cleanup   On   On
session.upload_progress.enabled   On   On
session.upload_progress.freq   1%   1%
session.upload_progress.min_freq   1   1
session.upload_progress.name   PHP_SESSION_UPLOAD_PROGRESS   PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix   upload_progress_   upload_progress_
session.use_cookies   On   On
session.use_only_cookies   On   On
session.use_strict_mode   Off   Off
session.use_trans_sid   0   0

Offline drewactual

  • Full Member
  • ***
  • Posts: 606
    • College Football Fan Site CFB51
you're using files... and... you upgraded.  this issue goes back to prior versions where a sessions variable was added- themes not built with this change will behave as you describe.

the happenstance of it just starting is most likely due to a cache expiring... for instance if you have a year set on cache expiration in your htaccess or ini file, it perhaps just expired and checked back in for changes- finding the lack of sessions variable check... and... you get what you got.

so...

in your theme's index.template.php, you should have:
Code: [Select]
echo '
               <input type="hidden" name="hash_passwrd" value="" />
            </form>';

replace it with:

Code: [Select]
echo '
               <input type="hidden" name="hash_passwrd" value="" />
<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
            </form>';

depending on what modifications you have, you're going to want to find where there are login forms... the script change is going to be the same as above for each of them.  as a for instance, that social login has it's script in a file (again IIRC) sociallogin.php...  all of the login scripts need that sessions check added to them, which is generally contained to themes that you ported from versions prior to 2.0.14...

there is also a mod that USED to exist written by Arantor that did this for you to save you the effort of changing code.  I have it, but i hesitate sharing it because he took it down for some reason i'm not privy to... if you want it and after i clear it with him i'll hang it somewhere you can pick it up..


Offline TheSnake

  • Semi-Newbie
  • *
  • Posts: 73
  • Gender: Male
    • The Better Alternative
Sounds like your host changed something.  You can try disabling database driven sessions in Admin -> Server Settings, but might be best to contact host support.

Thanks for the idea, but the big problem is nobody (nor users, not admins) is able to login in the forum anymore. :(

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 50,747
can you log in if you switch to the curve theme?

Offline Sir Osis of Liver

  • SMF Hero
  • ******
  • Posts: 8,931
can you log in if you switch to the curve theme?

 /index.php?theme=1

May not work.  If not, you can change it in database.  Set theme_default to 1 in smf_settings.  You can also disable database driven sessions by changing databaseSession_enable to 0 in same table, but don't think that will help.


Offline TheSnake

  • Semi-Newbie
  • *
  • Posts: 73
  • Gender: Male
    • The Better Alternative
@drewactual, I really have it already, but it's not helpful: . Maybe I should add it to the core theme and to default them too?

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 50,747
it should be present in the default theme already.

Offline Sir Osis of Liver

  • SMF Hero
  • ******
  • Posts: 8,931
Per your first post, you have the session check in Curve theme.  It has to be added to Core, but wouldn't be causing a problem unless you're using Core theme (are you?).  In any event, it wouldn't just stop working unless you upgraded from earlier version to 2.0.14 or .15.

Offline TheSnake

  • Semi-Newbie
  • *
  • Posts: 73
  • Gender: Male
    • The Better Alternative
can you log in if you switch to the curve theme?

 /index.php?theme=1

May not work.  If not, you can change it in database.  Set theme_default to 1 in smf_settings.  You can also disable database driven sessions by changing databaseSession_enable to 0 in same table, but don't think that will help.

Tried already and the result is: yes, formally the Admin is logged in, but when trying to edit, post, etc. again this: "An Error Has Occurred!
Session verification failed. Please try logging out and back in again, and then try again.
", so practically no admin. :o

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,162
  • Gender: Male
    • Kindred-999 on GitHub
sounds like host-side/corrupted session problems....

using repair_settings.php, change your cookie name and maybe try changing the database driven sessions (either turn it on or off, which ever it is currently not)
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline drewactual

  • Full Member
  • ***
  • Posts: 606
    • College Football Fan Site CFB51
I'm telling you the issue is with the social login... disable it.  it will have to be unhooked.

Offline TheSnake

  • Semi-Newbie
  • *
  • Posts: 73
  • Gender: Male
    • The Better Alternative
Well, this repair_settings.php I did it already. Once again I tried now, because I'd like to respect every idea you're giving me and to prove it's done: . Sad, but seems it doesn't affect the problem in anyway. Again "An Error Has Occurred!
Your session timed out while posting. Please go back and try again.
"

Offline TheSnake

  • Semi-Newbie
  • *
  • Posts: 73
  • Gender: Male
    • The Better Alternative
I'm telling you the issue is with the social login... disable it.  it will have to be unhooked.

I remember it and I want to remove it. As soon as I can get the Admin access. Btw, I don't know, is there some way to remove it from the cpanel?

Offline drewactual

  • Full Member
  • ***
  • Posts: 606
    • College Football Fan Site CFB51
do you use OPCache?  you will need to reset it if you do in order to witness changes... you'll also need to clear your local (your computers) cached files for your site to witness the changes depending on how extensively you leverage caches.