I have an major problem with xenForo Logins on nginx and tried everything foundable out.
The xenForo is not the problem it workes fine on an other apache server but I need to move it to nginx.
I'm using the newest nginx and php7.1, php-fpm and all requested sources for xenForo are installed. Other Sites (like Roundcube) works fine. I use the default site config for all sites with - so far - no problems.
Now, for the problem. When I logi to my xenForo ACP the login works fine but I get immediately logged out. Some times I get logged out a few minutes later, when I change the site. On the user site the login works pretty fine als long as I stay on the forums pages (as the forum, member page, profiles) and get logged out when I use a 3rd party site programmed by me (worked fine on apache without problems).
The xenForo Filesystem is owned by www-data:www-data and chmod permissions are set correctly.
In the php.ini file I set the correct path for the sessions to /var/lib/php/sessions and with an external simple script I proved that the sessions are saved correctly with no problems.
No errors displayed.
As long as I can say, everything works fine just the Login makes real trouble and I get out of ideas.
Maybe someone here can help me and find something I didn't see.
Kind Regards,
//Edit:
I found out that this Problem Not appears on the user site if the "Keep me logged in" button is ticket. Ob ACP there is no such button.
//Edit:
I found out, that the Cookie didn't get dropped, it's still there.
//Edit:
The timezones are correct.
Related
Background:
I have a WordPress website that lives in a Google Cloud-based load balanced environment, and as I work through getting CI/CD setup I elected to isolate one of the servers so that my team could properly run through isolated testing. Since the website is on a regular domain (www.mybusiness.com), I created a duplicate database from our production DB and pointed the isolated server at this new test database. From there, I updated both the 'siteurl' and 'home' values with the isolated server's IP address in my wp_options table, and from there I can access my isolated WordPress site by simply using the URL. However, this is where things get frustrating: the login page simply refreshes after a successful login attempt, while blatantly incorrect login attempts with invalid credentials properly return user login error messages.
After countless hours searching the Internet, Stack, and elsewhere, I've found that the most common solutions are either:
Clear your browser's cookies / cache.
Try logging in with completely different devices (other cell phones, laptops) to confirm it's not a device or local browser-cache issue.
Deactivate and test each plugin,
Confirm your 'siteurl' and 'home' values are correct.
Test your .htaccess file to confirm that's not the problem.
Clear your user's WordPress 'session_tokens' meta_key value.
Revert back to an older / default WordPress theme to confirm if it's a theme problem
Run WordPress's built-in DB repair tool.
Create new WordPress salts and swap them in inside the wp-config.php file.
Enable the 'WP_DEBUG' constant to see if anything in the error logs pops up.
Test non-HTTPS versions of 'siteurl' and 'home'.
After trying all of the above, nothing seems to work: reverting to an older theme (twentynineteen) still presents the same login page refresh issue, and I've gone through every plugin on the server to see if deactivating one or all of them creates a solution - none seem to be the root cause. Error, mysql, and auth logs are also maddeningly clean.
Interestingly, if I add a trailing slash to my IP address-based 'home' and 'siteurl' value, from 'https://11.11.11.11' to 'https://11.11.11.11/' I do successfully get to the correct internal landing page (https://11.11.11.11/landing-page/) - however it just displays a 404 with the basic white screen.
Current WordPress version: 5.4.7
This leaves me with a few questions:
Is this a file permissions issue somewhere? Are there any key WordPress files in which permissions could create this effect?
Would Apache or anything VPC be in play here? I checked out our Apache .conf files, but those don't seem to be the suspect.
Should we look into a WordPress upgrade knowing we're a bit behind with 5.4.7?
Thank you in advance for the help!
I have this script that works well on other servers but the session part fails on a particular host. I have pointed to another server but would really like to figure out what could be the problem. I have observed that :
It takes 5-15 mins for changes on code to reflect(e.g changing
text on index page).The server seems to cache pages especially index
(BTW i cleared my browsers cache e.t.c)
When i logout and login as another user the server still retains
the session of the last user on the index page (the other pages seem
OK)
I can open index.php (without logging any user) and what i
believe is the last logged in users details display
I tried swapping my code for some authentication systems on github (just to be sure) even PHPAuth which uses cookies (not sessions) fails the same way. But the same code works flawlessly on localhost as well as other servers.
So i would like to figure out exactly what goes on on that host. It is a shared hosting package.
Got a reply from the host. Seems the problem was with the hosts session variable path. They fixed it.Thanks
I have the Kunstmaan CMS bundles (Symfony 2.4 version) installed on a project that had been working fine until a system update a couple days ago; now, when attempting to log into the admin panel (/en/admin; /en/login) I get redirected to the homepage as an anonymous user, unless I explicitly check the "Remember Me" option in the login form.
This same issue arose simultaneously across all projects using these bundles, including ones that hadn't been modified in weeks.
The admin user last_login is being modified in the database, so it is getting as far as successfully validating the login credentials, but the user session is not being updated.
I'm running CentOS 6.5 on a VM, and the following packages are all the ones that were updated that seem to have anything to do with the web hosting environment:
httpd 2.2.15-31.el6.centos.x86_64
nodejs 0.10.29-1.el6.x86_64
nodejs-devel 0.10.29-1.el6.x86_64
nodejs-packaging 7-1.el6.noarch
php54w-5.4.30-1.w6.x86_64
php54w-cli-5.4.30-1.w6.x86_64
php54w-common-5.4.30-1.w6.x86_64
php54w-gd-5.4.30-1.w6.x86_64
php54w-intl-5.4.30-1.w6.x86_64
php54w-mbstring-5.4.30-1.w6.x86_64
php54w-mysql-5.4.30-1.w6.x86_64
php54w-pdo-5.4.30-1.w6.x86_64
php54w-process-5.4.30-1.w6.x86_64
php54w-tidy-5.4.30-1.w6.x86_64
php54w-xml-5.4.30-1.w6.x86_64
The problem happens in all browsers.
I've been pulling my hair out over this for hours, so if anyone has any thoughts it would be appreciated.
Thanks.
Found the problem.
My project was saving the sessions to %kernel.cache_dir%/sessions. Because I'm hosting the project in a VM, but editing the files from my workstation proper, the permission structure in my projects dir is a bit odd; Apache is running as apache:apache while the ownership on sessions dir was 1000:1000, and the session files within are rw------- 1000:1000. Apache can't write to these files.
This had been working fine previously, so in my last system update something apparently either changed the permission structure somewhere, or started stricter enforcing of a messed up system that had no business working in the first place.
Rather than muck around with the permissions in that dir, I just changed the symfony framework config:
framework:
session:
save_path: /tmp/myprojectname
Problem solved, and I can log in normally.
You should fix your /path/to/app
E.g. http://127.0.0.1:8888/web/app_dev.php/en/admin/login
If you are still having issues: I have recorded my notes here.
I've got a Magento store that refuses to keep session information on the front end. Strangly the admin works fine. PHP independent of Magento is able to write sessions. Magentos var/ directory is writable by the webserver. I can even see files being written to var/session.
This site is running on ec2 under nginx. I wasn't having these problems previously under Apache and as far as I can tell the configuration of Magento itself is the same.
Yes this was it. I wasn't able to see this in the Firefox console, but in Chrome I could see the domain was wrong ( although it looked ok in the admin, but maybe I was confused ) updated all cookie_domain fields in core_config_data table and its working. Thanks #datasage
Using symfony framework 1.4 I have created a website. I'm using sfguard for authentication.
Now, this is working great on WAMP (windows). I can login to several accounts on different browsers and use the website.
I have ubuntu server 9.10 running apache (everything up to date and default configuration). On my server, when I login to the website in one browser it works great. When I on my other computer login with another user account on the public website, the login is successful. But when I refresh/go to another page the first user is shown as logged in instead!
Also, when I press logout, It's not showing that I'm logged out after page load. When I press f5 again I'm logged out.
As mentioned, all this works as expected on my local installation. I'm thinking there something wrong with my PHP session configuration on my ubuntu server, but I've never touched it..
Please help me. This is a school project and I'm presenting it today :(
It's unlikely to be the session handler (certainly not the problem if you are using the default handler). Top of my list of things to check is whether you are sending out the right caching information in the authenticated pages (i.e. either no-cache or Varies: cookie).
C.