• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 21 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: Session ID problem and fix
PostPosted: Mon Feb 11, 2019 7:06 pm 
Offline
Power Poster
Power Poster
User avatar

Joined: Sun Nov 06, 2011 8:15 pm
Posts: 871
Location: Deventer, Netherlands
Hey,

Got a installation in 2.2.9 and logt out and in with another account for testen my clients account and a similar problem occurred.

In TinyMCE editor when opening the Filemanager the text 'Access denied' appeared.

Another test in an incognito browser and it works again.

Seems that the problem is not fixed yet.

gr Tim

_________________
NextDoorMedia - Online Marketing Partner
https://www.nextdoormedia.nl


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Session ID problem and fix
PostPosted: Tue Feb 12, 2019 9:29 am 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Apr 23, 2008 7:53 am
Posts: 7699
Location: The Netherlands
Please also test using 2.2.9.1. Thx.

_________________
$1

Did my post help you solving a problem at your (customers) website and it saved you many hours of work? Great!! Consider buying me a cup of coffee in return!



Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Session ID problem and fix
PostPosted: Mon Mar 25, 2019 5:10 pm 
Offline
Forum Members
Forum Members
User avatar

Joined: Sat Jul 05, 2008 8:25 pm
Posts: 88
Location: Norfolk, UK
I seem to have a problem with session cookies that looks as though it may be related to the original report.

It occurs when adding a {CMSMS_selflink} tag in TinyMCE, using the toolbar button. Trying to save or cancel crashes out to the login screen.

Clearing the session cookie ("CMSSESSIDxxxxx") fixes the problem for the next login. If I log out and then back in (either the same or a different user) without clearing the cookie, the problem recurs.

According to cPanel, ModSecurity is turned off.

I haven't tested for this bug, which is referenced above and was supposed to be fixed in 2.2.9.

I'm using CMSMS 2.2.10. Latest versions of Safari and Firefox on a Mac, in case it's somehow related to the browser.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Session ID problem and fix
PostPosted: Mon Mar 25, 2019 8:21 pm 
Offline
Power Poster
Power Poster

Joined: Sun Apr 19, 2009 9:33 am
Posts: 1377
Although running https:// CMSMS does not set the 'secure' flag on the CMSSESSIDxxxxxx cookie. (@session stuff in ./misc.functions.php).

It helped me to modify php.ini.
Or if your host allows it you can add the following lines to config.php, hope it helps.

\$1:
@ini_set('session.cookie_httponly', 1);
@ini_set('session.cookie_secure', 1);

_________________
The CMSMS Builder is a tool to help you develop and optimize CMS Made Simple >= 2.2.3 themes, it is made by a developer for developers.

I you like an automated file based work-flow this project might be for you. It is usable to kick-start a new CMSMS project or it can be applied to existing ones.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Session ID problem and fix
PostPosted: Mon Mar 25, 2019 9:15 pm 
Offline
Forum Members
Forum Members
User avatar

Joined: Sat Jul 05, 2008 8:25 pm
Posts: 88
Location: Norfolk, UK
Thank you arnoud. I tried adding this to config.php but no success so far.

Can I look at the CMSSESS… cookie to tell whether it's working? At the moment its value stays the same, even when I close the window and reopen it. I'm guessing that since it is a session cookie I should be able to watch it changing? This would be simpler than crashing out of TinyMCE.

I have been able to modify config.php to set error reporting, memory limit and so on, so I hoped your fix would work – but apparently not.

What are the corresponding commands for php.ini?

I'm assuming it makes no difference that I have a rewrite rule for http >> https.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Session ID problem and fix
PostPosted: Tue Mar 26, 2019 9:31 am 
Offline
Forum Members
Forum Members
User avatar

Joined: Sat Jul 05, 2008 8:25 pm
Posts: 88
Location: Norfolk, UK
Just to confirm, I now have those settings in place (and confirmed via 'ini_get') but the problem of crashing out of TinyMCE persists. The CMSSESSIDxxxx cookie remains the same; deleting it fixes the problem till next time.

The other session key (the much longer one) is cleared properly when I sign out. I assume the same should happen for CMSSESSIDxxxx, but it doesn't.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 21 posts ]  Go to page Previous  1, 2

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting