Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Session being lost in Secured Pages


Reply


4 Posts   483 Views

Avatar
landyman

Community Member, 11 Posts

18 September 2012 at 10:05am

Hello -
Last week, my site started having some severe problems when logging in. After quite a bit of debugging, I figured out that after I login, my session is being destroyed if I visit a page that is requires you to be logged in. A print_r on the session just shows an empty array. But, if I do it on the homepage; I get all of my session info, but it still acts as if I'm not logged in; where I get this in the session:

[Security] => Array
(
[Message] => Array
(
[message] => Please choose an authentication method and enter your credentials to access the CMS.
[type] => warning
)

)

This does not happen in the admin, however. The admin still works perfectly fine. I have made no code changes in the past month, and this just started happening last week. My host did upgrade some PHP stuff on August 20th, but claim that they didn't change any other settings.

Has anybody run into this before or have any ideas?

Thanks.

Avatar
landyman

Community Member, 11 Posts

18 September 2012 at 10:59am

Hello again -
I'll be a little more specific too if that helps -- in case it's not the Session.

Member::currentUser(); is not working on any of the pages that require a login, even though I'm logged in (no info is returned from the function).
If I go to /admin/, it still loads like I'm logged in. If I go to a non-secured page on the site, it works, but anything that requires a login; it's not working.

Thanks,
-Aaron

Avatar
squared99

Community Member, 12 Posts

21 September 2012 at 8:01am

Don't have a solution this but have noticed some similarly odd behavior with setting session variables, logged in members and redirecting.

When the user is returned back from an external site, All session data set before the redirect appears to be lost, but only if there is a currently logged in member, ie Member::currentUser().

If no user is logged in, session data works as expected, but if Member::currentUser() returns a value the previously set session data is wiped.

It might have something to do with this method checking/setting cookies for the session as well, and overwriting previously set variables...

This behavior did not happen prior to my latest update of Silverstripe.

Did you find any other clues for your issue?

Avatar
landyman

Community Member, 11 Posts

21 September 2012 at 8:41am

Yes, I found lots of clues, and an answer yesterday... hopefully these will help some people out if they have the same issues.

In my case, the "http" version of my site was reading a different php.ini file than the "https" version of the site. So, when someone logged in and got redirected; the secure site did not have the same info as the http version; and therefore there was no session information. The host had recently upgraded some packages for PHP and didn't restore all of the settings correctly.

Some other things to check:
1. If you have Suhosin installed, check to make sure that the cookie encryption is off. Apparently, suhosin uses the URL as part of it's encryption, and http://... is not the same as https://...
2. Check to make sure the cookie domain name is correct in your PHP settings.