Nonstop "Session verification failed. Please try logging out and back in again"

Started by TheSnake, June 11, 2019, 04:59:29 AM

Previous topic - Next topic

TheSnake

Suddenly error messages like "Session verification failed. Please try logging out and back in again, and then try again." and "Your session timed out while posting. Please go back and try again." started to show up anytime when someone (admin, mod or user) trying to log in or log out.

We've got this <input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />, so... what else can be the reason?

drewactual

what are you using for handling sessions?  are you writing to files? if so, check the location and the permissions on that file as your host may have altered it....

if you're using memcached for sessions, check that memcached is operational/working. 

also, make sure every login is using the sessions variable addition/fix. 

TheSnake

It's SMF 2.0.15 as it is. We didn't change anything related to sessions, so I suppose it's the SMF 2.0.15 original session handling, which I have no idea what's exactly and how's it working. :-\

Sir Osis of Liver

Sounds like your host changed something.  You can try disabling database driven sessions in Admin -> Server Settings, but might be best to contact host support.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

drewactual

create a new file on your server... name it whatever, but most often folks name it phpinfo.php ... paste the following in the file:

<?php

phpinfo
();

?>


save it and close it... navigate to it... scroll down to area called 'sessions' and tell us what's in it. 

did you upgrade to 2.0.15 or was it installed as 2.0.15?  again, scour every login script on your page and see if the sessions fix is present. 

drewactual

by the way, I notice you use the social login by smfpacks, and... the sessions patch isn't in that script... ask me how I know.  iirc it's a file named 'sociallogin.php' in your default theme.  add the sessions variable to it, or.... abandon that mod as it is too quirky to rely on anyway. 

TheSnake

Thanks a lot for your helping! :) :) :)

1) It was upgraded to 2.0.15.

2) The phpinfo.php's sessions info:   
Quotesession

Session Support    enabled
Registered save handlers    files user
Registered serializer handlers    php_serialize php php_binary wddx

Directive    Local Value   Master Value

session.auto_start   Off   Off
session.cache_expire   180   180
session.cache_limiter   nocache   nocache
session.cookie_domain   no value   no value
session.cookie_httponly   Off   Off
session.cookie_lifetime   0   0
session.cookie_path   /   /
session.cookie_secure   Off   Off
session.entropy_file   /dev/urandom   /dev/urandom
session.entropy_length   32   32
session.gc_divisor   0   0
session.gc_maxlifetime   1440   1440
session.gc_probability   0   0
session.hash_bits_per_character   5   5
session.hash_function   0   0
session.name   PHPSESSID   PHPSESSID
session.referer_check   no value   no value
session.save_handler   files   files
session.save_path   /var/cpanel/php/sessions/ea-php56   /var/cpanel/php/sessions/ea-php56
session.serialize_handler   php   php
session.upload_progress.cleanup   On   On
session.upload_progress.enabled   On   On
session.upload_progress.freq   1%   1%
session.upload_progress.min_freq   1   1
session.upload_progress.name   PHP_SESSION_UPLOAD_PROGRESS   PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix   upload_progress_   upload_progress_
session.use_cookies   On   On
session.use_only_cookies   On   On
session.use_strict_mode   Off   Off
session.use_trans_sid   0   0

drewactual

you're using files... and... you upgraded.  this issue goes back to prior versions where a sessions variable was added- themes not built with this change will behave as you describe.

the happenstance of it just starting is most likely due to a cache expiring... for instance if you have a year set on cache expiration in your htaccess or ini file, it perhaps just expired and checked back in for changes- finding the lack of sessions variable check... and... you get what you got.

so...

in your theme's index.template.php, you should have:
echo '
               <input type="hidden" name="hash_passwrd" value="" />
            </form>';


replace it with:

echo '
               <input type="hidden" name="hash_passwrd" value="" />
<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
            </form>';


depending on what modifications you have, you're going to want to find where there are login forms... the script change is going to be the same as above for each of them.  as a for instance, that social login has it's script in a file (again IIRC) sociallogin.php...  all of the login scripts need that sessions check added to them, which is generally contained to themes that you ported from versions prior to 2.0.14...

there is also a mod that USED to exist written by Arantor that did this for you to save you the effort of changing code.  I have it, but i hesitate sharing it because he took it down for some reason i'm not privy to... if you want it and after i clear it with him i'll hang it somewhere you can pick it up..


TheSnake

Quote from: Sir Osis of Liver on June 11, 2019, 07:36:49 PM
Sounds like your host changed something.  You can try disabling database driven sessions in Admin -> Server Settings, but might be best to contact host support.

Thanks for the idea, but the big problem is nobody (nor users, not admins) is able to login in the forum anymore. :(

Illori


Sir Osis of Liver

Quote from: Illori on June 12, 2019, 11:28:03 AM
can you log in if you switch to the curve theme?

/index.php?theme=1

May not work.  If not, you can change it in database.  Set theme_default to 1 in smf_settings.  You can also disable database driven sessions by changing databaseSession_enable to 0 in same table, but don't think that will help.

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

TheSnake

@drewactual, I really have it already, but it's not helpful: . Maybe I should add it to the core theme and to default them too?

Illori


Sir Osis of Liver

Per your first post, you have the session check in Curve theme.  It has to be added to Core, but wouldn't be causing a problem unless you're using Core theme (are you?).  In any event, it wouldn't just stop working unless you upgraded from earlier version to 2.0.14 or .15.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

TheSnake

Quote from: Sir Osis of Liver on June 12, 2019, 11:34:25 AM
Quote from: Illori on June 12, 2019, 11:28:03 AM
can you log in if you switch to the curve theme?

/index.php?theme=1

May not work.  If not, you can change it in database.  Set theme_default to 1 in smf_settings.  You can also disable database driven sessions by changing databaseSession_enable to 0 in same table, but don't think that will help.

Tried already and the result is: yes, formally the Admin is logged in, but when trying to edit, post, etc. again this: "An Error Has Occurred!
Session verification failed. Please try logging out and back in again, and then try again.
", so practically no admin. :o

Kindred

sounds like host-side/corrupted session problems....

using repair_settings.php, change your cookie name and maybe try changing the database driven sessions (either turn it on or off, which ever it is currently not)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

drewactual

I'm telling you the issue is with the social login... disable it.  it will have to be unhooked.

TheSnake

Well, this repair_settings.php I did it already. Once again I tried now, because I'd like to respect every idea you're giving me and to prove it's done: . Sad, but seems it doesn't affect the problem in anyway. Again "An Error Has Occurred!
Your session timed out while posting. Please go back and try again.
"

TheSnake

Quote from: drewactual on June 12, 2019, 01:08:54 PM
I'm telling you the issue is with the social login... disable it.  it will have to be unhooked.

I remember it and I want to remove it. As soon as I can get the Admin access. Btw, I don't know, is there some way to remove it from the cpanel?

drewactual

do you use OPCache?  you will need to reset it if you do in order to witness changes... you'll also need to clear your local (your computers) cached files for your site to witness the changes depending on how extensively you leverage caches.

Advertisement: