I moved my WordPress install from a development server to a freshly installed CentOS Apache 2.2 PHP 5.3 server. Initially, everything was working well. Logging in wasn't a problem, but then I noticed after logging in as a WordPress user and loading a new page I would be logged out.
What PHP settings do I need to have enabled, or are there any other considerations, when using a fresh server for WordPress that would make users not able to stay logged in (almost like the session isn't saving them)?
edit
It seems like the server isn't logging people in, but is reading the $_POST variable, so why would WordPress not save logging in?
The answer was looking at output_buffer. When this was off, the wp functions couldn't save to the session because something was already writing to the header.
Related
Background:
I have a WordPress website that lives in a Google Cloud-based load balanced environment, and as I work through getting CI/CD setup I elected to isolate one of the servers so that my team could properly run through isolated testing. Since the website is on a regular domain (www.mybusiness.com), I created a duplicate database from our production DB and pointed the isolated server at this new test database. From there, I updated both the 'siteurl' and 'home' values with the isolated server's IP address in my wp_options table, and from there I can access my isolated WordPress site by simply using the URL. However, this is where things get frustrating: the login page simply refreshes after a successful login attempt, while blatantly incorrect login attempts with invalid credentials properly return user login error messages.
After countless hours searching the Internet, Stack, and elsewhere, I've found that the most common solutions are either:
Clear your browser's cookies / cache.
Try logging in with completely different devices (other cell phones, laptops) to confirm it's not a device or local browser-cache issue.
Deactivate and test each plugin,
Confirm your 'siteurl' and 'home' values are correct.
Test your .htaccess file to confirm that's not the problem.
Clear your user's WordPress 'session_tokens' meta_key value.
Revert back to an older / default WordPress theme to confirm if it's a theme problem
Run WordPress's built-in DB repair tool.
Create new WordPress salts and swap them in inside the wp-config.php file.
Enable the 'WP_DEBUG' constant to see if anything in the error logs pops up.
Test non-HTTPS versions of 'siteurl' and 'home'.
After trying all of the above, nothing seems to work: reverting to an older theme (twentynineteen) still presents the same login page refresh issue, and I've gone through every plugin on the server to see if deactivating one or all of them creates a solution - none seem to be the root cause. Error, mysql, and auth logs are also maddeningly clean.
Interestingly, if I add a trailing slash to my IP address-based 'home' and 'siteurl' value, from 'https://11.11.11.11' to 'https://11.11.11.11/' I do successfully get to the correct internal landing page (https://11.11.11.11/landing-page/) - however it just displays a 404 with the basic white screen.
Current WordPress version: 5.4.7
This leaves me with a few questions:
Is this a file permissions issue somewhere? Are there any key WordPress files in which permissions could create this effect?
Would Apache or anything VPC be in play here? I checked out our Apache .conf files, but those don't seem to be the suspect.
Should we look into a WordPress upgrade knowing we're a bit behind with 5.4.7?
Thank you in advance for the help!
I have an major problem with xenForo Logins on nginx and tried everything foundable out.
The xenForo is not the problem it workes fine on an other apache server but I need to move it to nginx.
I'm using the newest nginx and php7.1, php-fpm and all requested sources for xenForo are installed. Other Sites (like Roundcube) works fine. I use the default site config for all sites with - so far - no problems.
Now, for the problem. When I logi to my xenForo ACP the login works fine but I get immediately logged out. Some times I get logged out a few minutes later, when I change the site. On the user site the login works pretty fine als long as I stay on the forums pages (as the forum, member page, profiles) and get logged out when I use a 3rd party site programmed by me (worked fine on apache without problems).
The xenForo Filesystem is owned by www-data:www-data and chmod permissions are set correctly.
In the php.ini file I set the correct path for the sessions to /var/lib/php/sessions and with an external simple script I proved that the sessions are saved correctly with no problems.
No errors displayed.
As long as I can say, everything works fine just the Login makes real trouble and I get out of ideas.
Maybe someone here can help me and find something I didn't see.
Kind Regards,
//Edit:
I found out that this Problem Not appears on the user site if the "Keep me logged in" button is ticket. Ob ACP there is no such button.
//Edit:
I found out, that the Cookie didn't get dropped, it's still there.
//Edit:
The timezones are correct.
I have a drupal 7 site that I just moved to a new server. I'm logged in as admin, but when I click the logout button on the admin bar (I have admin module installed) or on the /user page, I get the following:
Page not found
The requested page "/user/logout" could not be found.
Looking in the apache logs reveals a 404 for /user/logout.
So, what's going on here? Flushing caches both locally and through the admin menu in drupal does nothing--I remain logged in, and the admin bar is still there, so I don't think it's a cache problem.
I'm fairly new to drupal, so please include extra detail in any responses. I won't necessarily know where to put php code if you just give me a block of it without context.
This turned out to be something fairly specific to my case. I had an module installed which used the CAS module. It allowed authentication through a particular ldap server. (This module was built for all users of that particular ldap server, and isn't home-made or available on the drupal site) We'll call it foo_cas for expedience. When I moved to the new server, foo_cas was no longer required--besides that, foo_cas broke and no longer allowed me to login to the ldap server. My new server did not have the php ldap plugin installed, and I suspect that that's why.
Anyway, after the move, I couldn't log in again to disable foo_cas (because of the above ldap problem), so I just deleted the folder sites/all/modules/foo_cas on the backend. This is what broke the logout url. I'm not sure what did it on the code level in foo_cas.
My solution in the end was to put the foo_cas folder back in the sites/all/modules directory, which made the module available again, but disabled. I then used the uninstall tab under modules in the UI to uninstall foo_cas.
I suspect foo_cas made a database change when it was installed that needed to be undone properly by uninstalling it. Now, /user/logout works again.
For some reason I can only see changes to my site when logged in to Wordpress. I've downloaded and modified some files/pages (style.css, content-post.php, etc) using Filezilla but the changes don't appear on any browser without me being logged in to Wordpress. I've tried clearing the cache but no luck. Any idea whats happening, perhaps something to do with temporary files?
Disable caching plugins if any installed.
Using symfony framework 1.4 I have created a website. I'm using sfguard for authentication.
Now, this is working great on WAMP (windows). I can login to several accounts on different browsers and use the website.
I have ubuntu server 9.10 running apache (everything up to date and default configuration). On my server, when I login to the website in one browser it works great. When I on my other computer login with another user account on the public website, the login is successful. But when I refresh/go to another page the first user is shown as logged in instead!
Also, when I press logout, It's not showing that I'm logged out after page load. When I press f5 again I'm logged out.
As mentioned, all this works as expected on my local installation. I'm thinking there something wrong with my PHP session configuration on my ubuntu server, but I've never touched it..
Please help me. This is a school project and I'm presenting it today :(
It's unlikely to be the session handler (certainly not the problem if you are using the default handler). Top of my list of things to check is whether you are sending out the right caching information in the authenticated pages (i.e. either no-cache or Varies: cookie).
C.