CMS Made Simple Forums
https://forum.cmsmadesimple.org/

Session ID problem and fix
https://forum.cmsmadesimple.org/viewtopic.php?f=8&t=79398
Page 1 of 2

Author:  timdebuurman [ Fri Nov 16, 2018 10:37 am ]
Post subject:  Session ID problem and fix

Hi,

I came across the (already few times mentioned) problem with Filemanager pop-up from Microtiny, loggin me out en showing the Loginscreen instead of the Files.

After research, I noticed the problem only occured after logout and login again.

Found out that at logout a cookie was still present and therefore not renewed.

In my case it was a cookie with the name CMSSESSIDfa53c6742e1d

If I removed the cookie myself, the problem was gone.

I believe this can be a bug in the core to be fixed.

Made a quickfix myself in the file /admin/login.php for now, that removes all cookies there, but this fix is not for permanent, because sometimes some cookies must remain.

Please make contact if there is some questions about reproducing this.

thx

Author:  johnboyuk1 [ Mon Nov 26, 2018 3:15 pm ]
Post subject:  Re: Session ID problem and fix

I've just come to the boards to raise a very similar question!

I actually also raised the question last year on these boards but couldn't find a resolution - if its a bug its been around for a while. I have customers who keep complaining about it. Is there an easy fix for this because I cant really be asking non-tech minded people to go looking for cookies to delete

The version I've just had a report of this happening on is 2.2.7, its also happened on older 2.x versions for me too

Help ..!

Author:  DIGI3 [ Mon Nov 26, 2018 4:38 pm ]
Post subject:  Re: Session ID problem and fix

I had a similar problem a while ago but I'm pretty sure it was caused by mod_security. Can you both confirm that you don't have mod_security on the server in question?

If you don't, please try to provide specific steps in order to recreate it. It may be somewhat obscure - particular browser version, account type, what admin page was visited prior, etc.

Author:  johnboyuk1 [ Mon Nov 26, 2018 4:58 pm ]
Post subject:  Re: Session ID problem and fix

Last report from client was when trying to access the file manager

How do we check re mod_security - isn't listed in 'System Information'

Author:  DIGI3 [ Mon Nov 26, 2018 5:03 pm ]
Post subject:  Re: Session ID problem and fix

You'd need to check with your host. Sometimes you can disable it in cPanel but it depends on your host's settings. There's not a reliable way for PHP to detect it so CMSMS can't tell.

Author:  johnboyuk1 [ Mon Nov 26, 2018 5:09 pm ]
Post subject:  Re: Session ID problem and fix

Will double check -been using this host for years with CMSMS sites so I think its ok but will make sure!

Author:  timdebuurman [ Mon Nov 26, 2018 5:50 pm ]
Post subject:  Re: Session ID problem and fix

Hi,

(The mod_security question will be checked.)
EDIT: Out server does not have the mod_security modul installed/active, so that can not be the couse

Meanwile, let me get to the reproducing.

I can reproduce this, by logging in the admin, logging out again en log in with a different account.

That way the cookie of the first user, which was not deleted, will cause the problem with the new user.

Further testing will be the opening of the WYSIWYG-editor in Microtiny en try to open the Filemanager.
As said, checking the cookies and manually deleting the cookie named CMSSESSIDfa53c6742e1d (seems like a session cookie, because the 'SESSID' in the name) fixed it for me.


gr Tim

Author:  johnboyuk1 [ Tue Nov 27, 2018 9:28 am ]
Post subject:  Re: Session ID problem and fix

This is the report direct from my client:

\$1:
Have been trying to update the website today.
After initial login, it will ask me to log in again when trying to access the file manager. Following this when clicking submit on the content editor it will kick me out, ask me to log in again without saving any of the changes made.

Author:  johnboyuk1 [ Mon Dec 03, 2018 2:03 pm ]
Post subject:  Re: Session ID problem and fix

Anyone got any further thoughts on this - got clients complaining at me!

timdebuurman has confirmed its not mod_security

Author:  DIGI3 [ Mon Dec 03, 2018 4:11 pm ]
Post subject:  Re: Session ID problem and fix

Are you running 2.2.8? I saw in an early post you mentioned 2.2.7.

Author:  timdebuurman [ Mon Dec 03, 2018 4:49 pm ]
Post subject:  Re: Session ID problem and fix

It's 2.2.8

Author:  DIGI3 [ Tue Dec 04, 2018 12:46 am ]
Post subject:  Re: Session ID problem and fix

I can recreate it, legit bug. There was a similar issue that I think is already fixed for 2.3 but I'll verify then file a BR if necessary.

Author:  DIGI3 [ Tue Dec 04, 2018 12:49 am ]
Post subject:  Re: Session ID problem and fix

For a temporary workaround, suggest to your client they use a separate browser session (incognito mode is the easiest) for each username, rather than logging in and out.

Author:  DIGI3 [ Tue Dec 04, 2018 7:17 pm ]
Post subject:  Re: Session ID problem and fix

Bug report filed: http://dev.cmsmadesimple.org/bug/view/11933

Author:  johnboyuk1 [ Thu Dec 06, 2018 10:35 am ]
Post subject:  Re: Session ID problem and fix

Thanks DIGI3

Page 1 of 2 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/