Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Installing SilverStripe

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Random CMS Forbidden error


Reply

40 Posts   7719 Views

Avatar
one2gamble

23 June 2009 at 12:40pm (Last edited: 23 June 2009 12:41pm), Community Member, 30 Posts

I moved it to the root, same crap different location. This is with a clean install of rc4. Also of note the page itself only loads maybe 3 out of every 5 times. The other two times I either get a blank page or I get a page with no style sheet loaded.

Avatar
Briohny

23 June 2009 at 6:40pm Community Member, 199 Posts

Yep... welcome to my world! I wish a SS developer would find this post and take a look. There's obviously a problem with loading SS onto a sub directory... this really needs to be fixed.

Avatar
Sam

23 June 2009 at 7:31pm Administrator, 685 Posts

Hi Briohny and everyone else who has been having this error. Sorry about not getting on this sooner; I just came across this thread now.

My suspicion is that, for some reason, you're triggering an error that is logging you out - this can happen if you try and access something that you don't have the rights to access. I expect that some part of the CMS is trying to access are locked-off resource and that's the underlying problem here.

Are you logged in as a user with full ADMIN rights, or just with CMS_ACCESS_CMSMain sites or something? What right does the logged-in user have?

Could you try opening up sapphire/security/Security.php, and finding the permissionFailure() method:

   static function permissionFailure($controller = null, $messageSet = null) {
      if(Director::is_ajax()) {
         $response = ($controller) ? $controller->getResponse() : new HTTPResponse();
         $response->setStatusCode(403);
         $response->setBody('NOTLOGGEDIN:');

Then add a debugging statement to email you some details when this method gets called:

   static function permissionFailure($controller = null, $messageSet = null) {
      mail("youremail@example.com", "Secuity::permissionFailure debugging", self::get_rendered_backtrace(debug_backtrace(), true));
      if(Director::is_ajax()) {
         $response = ($controller) ? $controller->getResponse() : new HTTPResponse();
         $response->setStatusCode(403);
         $response->setBody('NOTLOGGEDIN:');

And then, if it emails you, post those emails to the list?

The other thing you could try is getting rid of the custom cookie parameters for the session cookie. Open sapphire/core/Session.php, and find the start method:

   public static function start() {
      self::load_config();
      
      if(!session_id() && !headers_sent()) {
         session_set_cookie_params(self::$timeout, Director::baseURL());
         session_start();
      }
   }

And comment out the session_set_cookie_params(). Restart your browser and log into the CMS, and see if that works.

Finally, are you using Director::setBaseURL()? What value are you giving it? And could you see what Director::baseURL() returns, for example, by adding this to your Page_Controller::init() and visiting a page on the site.

class Page_Controller {
static function init() {
echo Director::baseURL();
parent::init();
}
}

Avatar
Fuzz10

24 June 2009 at 9:16pm Community Member, 787 Posts

Hi Sam,

Thanks for that...

but self::get_rendered_backtrace(debug_backtrace()) produces an error....

Avatar
one2gamble

25 June 2009 at 2:23am Community Member, 30 Posts

Ive been a bit busy, I should be able to test that tonight

Avatar
Briohny

25 June 2009 at 8:04pm Community Member, 199 Posts

I haven't had a chance yet either. Hope to try tonight also. Let me know how you get on one2gamble.

Avatar
one2gamble

28 June 2009 at 5:19am Community Member, 30 Posts

I ran out of time with this particular project, it wasnt a big deal either way. I just set up wordpress for them and went from there. Ill try silverstripe again here pretty quick and try to see what is going on.

Avatar
Fuzz10

30 June 2009 at 7:05pm (Last edited: 30 June 2009 7:07pm), Community Member, 787 Posts

Sam :

- Default BaseURL : /

- No more custom cookie params

The problem still exists.

I added some debugging code in the permissionFailure method , but it does not get called.

I had a look at the PHP_INFO output , no weird values for session time-outs etc. The only thing I did not like was the PHP version : 5.1.6 , had some minor problems with that in the past , but since I have SS running on that version on a different machine , I don't think that is the problem.

The site works perfectly, but the client is getting very aggravated about not being able to use the CMS. Do you have any other thought or ideas we could try ?

Thanks !