Session ID problem and fix

For questions and problems with the CMS core. This board is NOT for any 3rd party modules, addons, PHP scripts or anything NOT distributed with the CMS made simple package itself.
User avatar
timdebuurman
Power Poster
Power Poster
Posts: 884
Joined: Sun Nov 06, 2011 8:15 pm
Location: Deventer, Netherlands

Session ID problem and fix

Post by timdebuurman »

Hi,

I came across the (already few times mentioned) problem with Filemanager pop-up from Microtiny, loggin me out en showing the Loginscreen instead of the Files.

After research, I noticed the problem only occured after logout and login again.

Found out that at logout a cookie was still present and therefore not renewed.

In my case it was a cookie with the name CMSSESSIDfa53c6742e1d

If I removed the cookie myself, the problem was gone.

I believe this can be a bug in the core to be fixed.

Made a quickfix myself in the file /admin/login.php for now, that removes all cookies there, but this fix is not for permanent, because sometimes some cookies must remain.

Please make contact if there is some questions about reproducing this.

thx
NextDoorMedia - Online Marketing Partner
https://www.nextdoormedia.nl
johnboyuk1
Forum Members
Forum Members
Posts: 103
Joined: Mon Nov 26, 2018 3:09 pm

Re: Session ID problem and fix

Post by johnboyuk1 »

I've just come to the boards to raise a very similar question!

I actually also raised the question last year on these boards but couldn't find a resolution - if its a bug its been around for a while. I have customers who keep complaining about it. Is there an easy fix for this because I cant really be asking non-tech minded people to go looking for cookies to delete

The version I've just had a report of this happening on is 2.2.7, its also happened on older 2.x versions for me too

Help ..!
User avatar
DIGI3
Dev Team Member
Dev Team Member
Posts: 1058
Joined: Wed Feb 25, 2009 4:25 am
Location: Victoria, BC

Re: Session ID problem and fix

Post by DIGI3 »

I had a similar problem a while ago but I'm pretty sure it was caused by mod_security. Can you both confirm that you don't have mod_security on the server in question?

If you don't, please try to provide specific steps in order to recreate it. It may be somewhat obscure - particular browser version, account type, what admin page was visited prior, etc.
Not getting the answer you need? CMSMS support options
johnboyuk1
Forum Members
Forum Members
Posts: 103
Joined: Mon Nov 26, 2018 3:09 pm

Re: Session ID problem and fix

Post by johnboyuk1 »

Last report from client was when trying to access the file manager

How do we check re mod_security - isn't listed in 'System Information'
User avatar
DIGI3
Dev Team Member
Dev Team Member
Posts: 1058
Joined: Wed Feb 25, 2009 4:25 am
Location: Victoria, BC

Re: Session ID problem and fix

Post by DIGI3 »

You'd need to check with your host. Sometimes you can disable it in cPanel but it depends on your host's settings. There's not a reliable way for PHP to detect it so CMSMS can't tell.
Not getting the answer you need? CMSMS support options
johnboyuk1
Forum Members
Forum Members
Posts: 103
Joined: Mon Nov 26, 2018 3:09 pm

Re: Session ID problem and fix

Post by johnboyuk1 »

Will double check -been using this host for years with CMSMS sites so I think its ok but will make sure!
User avatar
timdebuurman
Power Poster
Power Poster
Posts: 884
Joined: Sun Nov 06, 2011 8:15 pm
Location: Deventer, Netherlands

Re: Session ID problem and fix

Post by timdebuurman »

Hi,

(The mod_security question will be checked.)
EDIT: Out server does not have the mod_security modul installed/active, so that can not be the couse

Meanwile, let me get to the reproducing.

I can reproduce this, by logging in the admin, logging out again en log in with a different account.

That way the cookie of the first user, which was not deleted, will cause the problem with the new user.

Further testing will be the opening of the WYSIWYG-editor in Microtiny en try to open the Filemanager.
As said, checking the cookies and manually deleting the cookie named CMSSESSIDfa53c6742e1d (seems like a session cookie, because the 'SESSID' in the name) fixed it for me.


gr Tim
NextDoorMedia - Online Marketing Partner
https://www.nextdoormedia.nl
johnboyuk1
Forum Members
Forum Members
Posts: 103
Joined: Mon Nov 26, 2018 3:09 pm

Re: Session ID problem and fix

Post by johnboyuk1 »

This is the report direct from my client:
Have been trying to update the website today.
After initial login, it will ask me to log in again when trying to access the file manager. Following this when clicking submit on the content editor it will kick me out, ask me to log in again without saving any of the changes made.
johnboyuk1
Forum Members
Forum Members
Posts: 103
Joined: Mon Nov 26, 2018 3:09 pm

Re: Session ID problem and fix

Post by johnboyuk1 »

Anyone got any further thoughts on this - got clients complaining at me!

timdebuurman has confirmed its not mod_security
User avatar
DIGI3
Dev Team Member
Dev Team Member
Posts: 1058
Joined: Wed Feb 25, 2009 4:25 am
Location: Victoria, BC

Re: Session ID problem and fix

Post by DIGI3 »

Are you running 2.2.8? I saw in an early post you mentioned 2.2.7.
Not getting the answer you need? CMSMS support options
User avatar
timdebuurman
Power Poster
Power Poster
Posts: 884
Joined: Sun Nov 06, 2011 8:15 pm
Location: Deventer, Netherlands

Re: Session ID problem and fix

Post by timdebuurman »

It's 2.2.8
NextDoorMedia - Online Marketing Partner
https://www.nextdoormedia.nl
User avatar
DIGI3
Dev Team Member
Dev Team Member
Posts: 1058
Joined: Wed Feb 25, 2009 4:25 am
Location: Victoria, BC

Re: Session ID problem and fix

Post by DIGI3 »

I can recreate it, legit bug. There was a similar issue that I think is already fixed for 2.3 but I'll verify then file a BR if necessary.
Not getting the answer you need? CMSMS support options
User avatar
DIGI3
Dev Team Member
Dev Team Member
Posts: 1058
Joined: Wed Feb 25, 2009 4:25 am
Location: Victoria, BC

Re: Session ID problem and fix

Post by DIGI3 »

For a temporary workaround, suggest to your client they use a separate browser session (incognito mode is the easiest) for each username, rather than logging in and out.
Not getting the answer you need? CMSMS support options
User avatar
DIGI3
Dev Team Member
Dev Team Member
Posts: 1058
Joined: Wed Feb 25, 2009 4:25 am
Location: Victoria, BC

Re: Session ID problem and fix

Post by DIGI3 »

Not getting the answer you need? CMSMS support options
johnboyuk1
Forum Members
Forum Members
Posts: 103
Joined: Mon Nov 26, 2018 3:09 pm

Re: Session ID problem and fix

Post by johnboyuk1 »

Thanks DIGI3
Post Reply

Return to “CMSMS Core”