Session ID problem and fix
- timdebuurman
- Power Poster
- Posts: 891
- Joined: Sun Nov 06, 2011 8:15 pm
- Location: Deventer, Netherlands
Session ID problem and fix
Hi,
I came across the (already few times mentioned) problem with Filemanager pop-up from Microtiny, loggin me out en showing the Loginscreen instead of the Files.
After research, I noticed the problem only occured after logout and login again.
Found out that at logout a cookie was still present and therefore not renewed.
In my case it was a cookie with the name CMSSESSIDfa53c6742e1d
If I removed the cookie myself, the problem was gone.
I believe this can be a bug in the core to be fixed.
Made a quickfix myself in the file /admin/login.php for now, that removes all cookies there, but this fix is not for permanent, because sometimes some cookies must remain.
Please make contact if there is some questions about reproducing this.
thx
I came across the (already few times mentioned) problem with Filemanager pop-up from Microtiny, loggin me out en showing the Loginscreen instead of the Files.
After research, I noticed the problem only occured after logout and login again.
Found out that at logout a cookie was still present and therefore not renewed.
In my case it was a cookie with the name CMSSESSIDfa53c6742e1d
If I removed the cookie myself, the problem was gone.
I believe this can be a bug in the core to be fixed.
Made a quickfix myself in the file /admin/login.php for now, that removes all cookies there, but this fix is not for permanent, because sometimes some cookies must remain.
Please make contact if there is some questions about reproducing this.
thx
NextDoorMedia - Online Marketing Partner
https://www.nextdoormedia.nl
https://www.nextdoormedia.nl
-
- Forum Members
- Posts: 211
- Joined: Mon Nov 26, 2018 3:09 pm
Re: Session ID problem and fix
I've just come to the boards to raise a very similar question!
I actually also raised the question last year on these boards but couldn't find a resolution - if its a bug its been around for a while. I have customers who keep complaining about it. Is there an easy fix for this because I cant really be asking non-tech minded people to go looking for cookies to delete
The version I've just had a report of this happening on is 2.2.7, its also happened on older 2.x versions for me too
Help ..!
I actually also raised the question last year on these boards but couldn't find a resolution - if its a bug its been around for a while. I have customers who keep complaining about it. Is there an easy fix for this because I cant really be asking non-tech minded people to go looking for cookies to delete
The version I've just had a report of this happening on is 2.2.7, its also happened on older 2.x versions for me too
Help ..!
Re: Session ID problem and fix
I had a similar problem a while ago but I'm pretty sure it was caused by mod_security. Can you both confirm that you don't have mod_security on the server in question?
If you don't, please try to provide specific steps in order to recreate it. It may be somewhat obscure - particular browser version, account type, what admin page was visited prior, etc.
If you don't, please try to provide specific steps in order to recreate it. It may be somewhat obscure - particular browser version, account type, what admin page was visited prior, etc.
Not getting the answer you need? CMSMS support options
-
- Forum Members
- Posts: 211
- Joined: Mon Nov 26, 2018 3:09 pm
Re: Session ID problem and fix
Last report from client was when trying to access the file manager
How do we check re mod_security - isn't listed in 'System Information'
How do we check re mod_security - isn't listed in 'System Information'
Re: Session ID problem and fix
You'd need to check with your host. Sometimes you can disable it in cPanel but it depends on your host's settings. There's not a reliable way for PHP to detect it so CMSMS can't tell.
Not getting the answer you need? CMSMS support options
-
- Forum Members
- Posts: 211
- Joined: Mon Nov 26, 2018 3:09 pm
Re: Session ID problem and fix
Will double check -been using this host for years with CMSMS sites so I think its ok but will make sure!
- timdebuurman
- Power Poster
- Posts: 891
- Joined: Sun Nov 06, 2011 8:15 pm
- Location: Deventer, Netherlands
Re: Session ID problem and fix
Hi,
(The mod_security question will be checked.)
EDIT: Out server does not have the mod_security modul installed/active, so that can not be the couse
Meanwile, let me get to the reproducing.
I can reproduce this, by logging in the admin, logging out again en log in with a different account.
That way the cookie of the first user, which was not deleted, will cause the problem with the new user.
Further testing will be the opening of the WYSIWYG-editor in Microtiny en try to open the Filemanager.
As said, checking the cookies and manually deleting the cookie named CMSSESSIDfa53c6742e1d (seems like a session cookie, because the 'SESSID' in the name) fixed it for me.
gr Tim
(The mod_security question will be checked.)
EDIT: Out server does not have the mod_security modul installed/active, so that can not be the couse
Meanwile, let me get to the reproducing.
I can reproduce this, by logging in the admin, logging out again en log in with a different account.
That way the cookie of the first user, which was not deleted, will cause the problem with the new user.
Further testing will be the opening of the WYSIWYG-editor in Microtiny en try to open the Filemanager.
As said, checking the cookies and manually deleting the cookie named CMSSESSIDfa53c6742e1d (seems like a session cookie, because the 'SESSID' in the name) fixed it for me.
gr Tim
NextDoorMedia - Online Marketing Partner
https://www.nextdoormedia.nl
https://www.nextdoormedia.nl
-
- Forum Members
- Posts: 211
- Joined: Mon Nov 26, 2018 3:09 pm
Re: Session ID problem and fix
This is the report direct from my client:
Have been trying to update the website today.
After initial login, it will ask me to log in again when trying to access the file manager. Following this when clicking submit on the content editor it will kick me out, ask me to log in again without saving any of the changes made.
-
- Forum Members
- Posts: 211
- Joined: Mon Nov 26, 2018 3:09 pm
Re: Session ID problem and fix
Anyone got any further thoughts on this - got clients complaining at me!
timdebuurman has confirmed its not mod_security
timdebuurman has confirmed its not mod_security
Re: Session ID problem and fix
Are you running 2.2.8? I saw in an early post you mentioned 2.2.7.
Not getting the answer you need? CMSMS support options
- timdebuurman
- Power Poster
- Posts: 891
- Joined: Sun Nov 06, 2011 8:15 pm
- Location: Deventer, Netherlands
Re: Session ID problem and fix
It's 2.2.8
NextDoorMedia - Online Marketing Partner
https://www.nextdoormedia.nl
https://www.nextdoormedia.nl
Re: Session ID problem and fix
I can recreate it, legit bug. There was a similar issue that I think is already fixed for 2.3 but I'll verify then file a BR if necessary.
Not getting the answer you need? CMSMS support options
Re: Session ID problem and fix
For a temporary workaround, suggest to your client they use a separate browser session (incognito mode is the easiest) for each username, rather than logging in and out.
Not getting the answer you need? CMSMS support options
Re: Session ID problem and fix
Bug report filed: http://dev.cmsmadesimple.org/bug/view/11933
Not getting the answer you need? CMSMS support options
-
- Forum Members
- Posts: 211
- Joined: Mon Nov 26, 2018 3:09 pm
Re: Session ID problem and fix
Thanks DIGI3