CMS Made Simple Forums
https://forum.cmsmadesimple.org/

CMSMS 1.10 Beta4: Login required after each shortcut click
https://forum.cmsmadesimple.org/viewtopic.php?f=74&t=57217
Page 1 of 1

Author:  fredp [ Tue Oct 11, 2011 8:05 pm ]
Post subject:  CMSMS 1.10 Beta4: Login required after each shortcut click

Hi,

I upgraded my "SSL admin" testing site from CMSMS 1.10-beta3 to 'beta4. The upgrade was fine, but I tried something new and noticed something odd...

I successfully created a new shortcut (to Site Admin ยป Global Settings), but each time I click the new shortcut link, I'm required to log in again. It appears that the session ID is not getting passed along by the shortcut.

System Information is attached. Additional config info:
Code:
$config['admin_url'] = 'https://example.com/4admin';
$config['root_url']   = 'http://example.com';
$config['ssl_url']   = 'https://example.com';

Note: suPHP is used, so PHP scripts are executed with the permissions of their owners.

Attachments:
File comment: System Information from 1.10-beta4 test site.
beta4_sysinfo.txt [1.41 KiB]
Downloaded 9155 times

Author:  calguy1000 [ Tue Oct 11, 2011 10:57 pm ]
Post subject:  Re: CMSMS 1.10 Beta4: Login required after each shortcut cli

Works fine here.

Author:  fredp [ Wed Oct 12, 2011 7:08 am ]
Post subject:  Re: CMSMS 1.10 Beta4: Login required after each shortcut cli

calguy1000 wrote:
Works fine here.

Okay, I did more investigating. It seems the problem is "intermittent", but I haven't figured out what triggers it.

To clarify further: I create the shortcuts by browsing to the page I want to bookmark and then selecting the "1. Add Shortcut" link from the navt_bookmarks "Shortcuts" div, on the right of the admin console. I am not entering the URLs manually under "Manage Shortcuts".

I just tried again on a second beta4 site that was exhibiting this behavior last night. I successfully created a new shortcut. This one works normally, yet the older (failing) shortcut still does not.

So, I looked in the cms_admin_bookmarks table and noticed that the url column for the failing shortcut is missing the trailing '[SECURITYTAG]' that appears in the other (working) shortcuts. For example:
Code:
https://secureXXXX.hostgator.com/~example/admin/siteprefs.php

Not sure what may have caused this condition.

Page 1 of 1 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/