Jump to:

1976 Posts in 1306 Topics by 607 members

Form Questions

SilverStripe Forums » Form Questions » Strange Login Troubles

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1769 Views
  • cabby
    Avatar
    Community Member
    15 Posts

    Strange Login Troubles Link to this post

    Hi there!

    We have a site running for our customer that runs well. But there exists one problem with the SS Login Form:
    Sometimes Login fails in Internet Explorer (any Version). I can proof that login attempts fail just in this browser from time to time.
    It drives me crazy, 'cause all users as well as the admin account have this problem.

    One time it works without trouble.... then if you try it minutes later, you cannot login again. At first I thought that maybe there would be a proxy or router problem, but that seems to be not the case. Apache Logfiles don't bring important things to my eyes. So there seems to be a problem inside the SS cms. I hope to get help here, for I don't want to write another external login form.

    Has anyone seen similar problems with random success with login forms in SS / IE (5-8) ?

    Thanks in advance!
    cabby

  • cabby
    Avatar
    Community Member
    15 Posts

    Re: Strange Login Troubles Link to this post

    I think that now I tackled this problem down to its roots.
    Silverstripe somehow creates more than one PHPSESSID that seems to confuse just IE Browsers.

    So I think it may be PHP that's to blame.
    I will later post on this topic when I can be sure that the above is fact.

    greetings,
    cabby

  • cabby
    Avatar
    Community Member
    15 Posts

    Re: Strange Login Troubles Link to this post

    All the trouble comes in fact from multiple PHPSESSID.

    Is there a way to ensure that only the newest PHPSESSID is used?
    Can we destroy the old PHPSESSID? Or the cookie?

    Why do we need session_regenerate_id inside the core? (security/Member.php) It seems to cause all the trouble.

    greetings,
    cabby

  • cabby
    Avatar
    Community Member
    15 Posts

    Re: Strange Login Troubles Link to this post

    Maybe I can answer my own question. (Pretty common here ;-) )

    It seems pretty obvious that it should care about the "hijacking PHPSESSID - Problem".

  • cabby
    Avatar
    Community Member
    15 Posts

    Re: Strange Login Troubles Link to this post

    Ok, it seems that the problem with multiple PHPSESSIDs is now solved and Login from every IE Browser is now guaranteed.

    I just commented out line 113 in sapphire/security/Member.php.

    112   static function session_regenerate_id() {
    113      //session_regenerate_id(true);
    114   }

    The root of all evil has been cut through, I hope. ;-)

    greetings,
    cabby

  • Ingo
    Avatar
    Forum Moderator
    801 Posts

    Re: Strange Login Troubles Link to this post

    Commenting out session_regenerate_id() causes just as much evil as it solves: http://shiflett.org/articles/session-fixation

    1769 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.