News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

SMF not remembering user login status after last update

Started by pudding4brains, January 06, 2020, 12:27:27 PM

Previous topic - Next topic

pudding4brains

Hi all,

pretty much exactly around the last two updates users on our forum (me as well) have started experiencing trouble with their login status expiring, having to log in again at every visit to the forum.

To add insult to injury, this also results in loosing the text for longer posts as one tends to get tossed out while editing resulting in an error message after pressing "Send". Sometimes this may be recovered with the browser's "back button" - picking up the text on the clipboard, logging in and starting the post from scratch while pasting the stored text. Feels like being thrown back in time about two decades or so, when that sort of problem was way more frequent on the web.

There are no other SMF-users here complaining about this, so I suppose it probably has nothing to do with the updates, but then again it was very coincidentally around the exact same time that this started on our forum ( link not allowed )

I'm not the site maintainer but a frequent user and it's annoying and has been going on for a week or so now with no fix in sight and our site maintainer probably hoping it will be solved on your end,  but for that to happen you would first need to know ... so, there it is ;)

Thanks in advance for any thoughts to help find a remedy!

m4z

Was the forum moved to a new location or were settings changed regarding subdomain-independent cookies?
"Faith is what you have in things that don't exist."
--Homer Simpson

Es gibt hier im Forum ein deutsches Support-Board!

Illori

I bet the OP cannot answer most questions as they are just a user on the forum with the issue.

we need the admin to reach out to us so that we can troubleshoot with them.

SpacePhoenix

Down the bottom of the screen where the copyright line is, what version of SMF is listed there?

pudding4brains

Hi all,

and thanks for your responses.

The SMF version is 2.0.17 and was updated pretty much immediately after v16 and v17 appeared (around new year).

There has been talk about the servers being migrated to a different location within the same organization, but I think this probably applied only to the database servers only, that the forum has a support function for and I doubt this was effectuated around the same time (if at all yet). But I will check.

On the (our) forum it was suggested by another user that there may have been a setting in php.ini that got overwritten with a ridiculous default value by the recent update(s), which seems to happen frequently with other software. Is that something you deem possible, or do you not touch that file while updating?

I will alert our admin to the fact that I have started prying here and see what he says.

u43hvs

see the first post about this problem https://www.simplemachines.org/community/index.php?topic=571114.0 with several attached screendumps
until 2.0.17 a user was always logged in.
changing smf cookie/session settings has no effect. I have tried all options.
The server running 2.0.17 is the same as we used for the prior version
With kind greetings from the Netherlands, Hisko de Vries

hduijn

As the server admin I can answer some questions and would ofcourse like to see the issue solved..

- The update was done by downloading smf_patch_2.0.16.tar.gz and  smf_patch_2.0.17.tar.gz. These files were put into the Packages directory and installed using the package manager. No errors occured. Current php - - version is  PHP 7.0.33-0ubuntu0.16.04.7
- webserver nginx 1.12.1 configured with php-fpm
- The php.ini hasn't been changed since original install
- There was no change in (sub)domain / certificates or anything other that might be related to the sessions / cookies
- All directory permissions seems ok ( "green" in the admin panel, writable where needed)
- No errors appear in php-fpm.log

Currently i'm trying to tail the nginx logging to gather more information, since the forum is used very often and always under attack errors are constant available but don't really help much in troubleshooting at this moment...



pudding4brains

Quote from: u43hvs on January 07, 2020, 06:02:05 AM
see the first post about this problem https://www.simplemachines.org/community/index.php?topic=571114.0 with several attached screendumps
until 2.0.17 a user was always logged in.
Whoops, totally missed that one ... sorry for cross posting the same issue twice!

(Feel free to merge the topics, of course)

shawnb61

Is this still an issue?

If this is ongoing, the two things I would try are:
- Renaming the cookie
- Truncating the sessions table

This would require folks to log back on again.  Again.  But if the problem stays, it would help narrow down the issue a bit.  At the very least, it would prove that the issue had nothing to do with the pre-existing cookies/sessions.
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

u43hvs

Changing the cookie name , i tried that, but does not solve the issue
truncating the session table could be a good suggestion. as soon as i set 'use database sessions' to true, i cannot login anymore without deleting cookies first
With kind greetings from the Netherlands, Hisko de Vries

shawnb61

One more thing to try...

Try adding this to Settings.php:
$cookie_no_auth_secret = true;

Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

u43hvs

the session table is truncated
the suggestion from https://www.simplemachines.org/community/index.php?topic=566274.msg4012375#msg4012375 to add a line "<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />" to index.template.php is also commited.
The problem still persists.
With kind greetings from the Netherlands, Hisko de Vries

u43hvs

Quote from: shawnb61 on January 08, 2020, 08:46:41 AM
One more thing to try...

Try adding this to Settings.php:
$cookie_no_auth_secret = true;


i can not find a settings.php only template.settings.php
With kind greetings from the Netherlands, Hisko de Vries

Illori

it should be in the root or main folder of your SMF install. without that file your SMF will not work at all, so the file has to exist.

u43hvs

With kind greetings from the Netherlands, Hisko de Vries

pudding4brains

Howdy,

I don't know what changed, but our login status is persistent again, so I thought I'd let that know.

Maybe someone can elaborate on what the culprit was, for broader understanding and/or for other site maintainers having the same trouble and reading this?

Cheers!

pudding4brains

Rumor has it that the problem was solved by a clean install on a different server, so no clear indication of what caused it ...

Aleksi "Lex" Kilpinen

Quote from: pudding4brains on January 14, 2020, 10:16:09 PM
Rumor has it that the problem was solved by a clean install on a different server, so no clear indication of what caused it ...
If I had to guess, it was simply because .16 forces everyone out, and requires everyone to log in again.
This much is said in the release topic: "All users, including the admin, will need to log in again after 2.0.16 has been installed. "

I know from experience, that changes like this one easily lead to people forgetting to make sure they stay logged in forever when they do log in again - and so, we have a cycle at our hands.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

pudding4brains

Hi Lex,

Thanks for presenting your thoughts ...
Quote from: Aleksi "Lex" Kilpinen on January 14, 2020, 11:56:17 PM
... changes like this one easily lead to people forgetting to make sure they stay logged in forever when they do log in again - and so, we have a cycle at our hands.
... but no, we can safely exclude that option. We have many users, including myself, that have all tried that (erasing cookies, setting the tick for "remember" etc etc.

Aleksi "Lex" Kilpinen

Okay, well that's what it was really, just a thought. 
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Advertisement: