Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Can't stay Logged in to admin: Forbidden error: error saving page


Go to End


42 Posts   13553 Views

Avatar
Yulia

Community Member, 26 Posts

11 March 2009 at 8:53am

OK

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [no address given] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

i inserted it like:

### SILVERSTRIPE START ###
<Files *.ss>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Files>

<Location sessions>
Deny from all
</Location>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /silverstripe

RewriteCond %{REQUEST_URI} !(\.gif)|(\.jpg)|(\.png)|(\.css)|(\.js)|(\.php)$

RewriteCond %{REQUEST_URI} ^(.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L]
</IfModule>
### SILVERSTRIPE END ###

i created the sessions folder right outside my silverstripe site folder. i think it has something to do with defining the path?

Avatar
Yulia

Community Member, 26 Posts

11 March 2009 at 8:56am

when i delete

<Location sessions>
Deny from all
</Location>

everything works fine, but it seems like i better make it work for possible security issues...

Avatar
Double-A-Ron

Community Member, 607 Posts

11 March 2009 at 8:58am

Oh I see,

The sessions folder needs to be in the same directory as this .htaccess file (e.g. INSIDE your main SS directory along side /jsparty, /cms, /sapphire directories.

The <Location sessions> block in your .htaccess file is basically telling the server to never allow anyone to browse the directory called /sessions.

So try creating a writable folder called "sessions" in your main silverstripe directory. Make sure it is writable too.

Cheers
Aaron

Avatar
Yulia

Community Member, 26 Posts

11 March 2009 at 9:19am

Thank you,

i did what you said, but it is not willing to cooperate with me...

i tried so many different ways, out of ideas...

Avatar
Double-A-Ron

Community Member, 607 Posts

11 March 2009 at 9:28am

Are you on shared hosting? Do you have access to php.ini to change the default session save path? (See Web Architect's last post on page 2). Have you done the same thing he has?

I hoped he would have clarified this point to help cover the variations of hosting with this company.

If you don't have access to php.ini, try adding this line to your .htaccess too:

php_value session.save_path '/sessions'

Aaron

Avatar
Double-A-Ron

Community Member, 607 Posts

11 March 2009 at 9:30am

Note: That path might need to the full path to the directory. As in:

/home/mysite/www/sessions

Web Arcitect, can you help shed a little light on this since it worked for you please?

Aaron

Avatar
Yulia

Community Member, 26 Posts

11 March 2009 at 9:40am

yeah, i did exact same thing he did. i have the same hosting. And it is working great. Just when i add this line, it throws an error at me. I've tried deleting php_value session from php.ini and writing it in .htaccess but still no luck.

Avatar
Double-A-Ron

Community Member, 607 Posts

11 March 2009 at 9:46am

Edited: 11/03/2009 9:47am

OK.

Can you now change the lines in .htaccess to:

<Location sessions>
#Deny from all
</Location> 

Note the hash. This will comment out the command. I suspect that your setup doesn't allow this sort of override.

Aaron