23355 Posts in 17744 Topics by 2862 members
|Go to End|
18 September 2012 at 10:05am
Last week, my site started having some severe problems when logging in. After quite a bit of debugging, I figured out that after I login, my session is being destroyed if I visit a page that is requires you to be logged in. A print_r on the session just shows an empty array. But, if I do it on the homepage; I get all of my session info, but it still acts as if I'm not logged in; where I get this in the session:
[Security] => Array
[Message] => Array
[message] => Please choose an authentication method and enter your credentials to access the CMS.
[type] => warning
This does not happen in the admin, however. The admin still works perfectly fine. I have made no code changes in the past month, and this just started happening last week. My host did upgrade some PHP stuff on August 20th, but claim that they didn't change any other settings.
Has anybody run into this before or have any ideas?
18 September 2012 at 10:59am
Hello again -
I'll be a little more specific too if that helps -- in case it's not the Session.
Member::currentUser(); is not working on any of the pages that require a login, even though I'm logged in (no info is returned from the function).
If I go to /admin/, it still loads like I'm logged in. If I go to a non-secured page on the site, it works, but anything that requires a login; it's not working.
21 September 2012 at 8:01am
Don't have a solution this but have noticed some similarly odd behavior with setting session variables, logged in members and redirecting.
When the user is returned back from an external site, All session data set before the redirect appears to be lost, but only if there is a currently logged in member, ie Member::currentUser().
If no user is logged in, session data works as expected, but if Member::currentUser() returns a value the previously set session data is wiped.
It might have something to do with this method checking/setting cookies for the session as well, and overwriting previously set variables...
This behavior did not happen prior to my latest update of Silverstripe.
Did you find any other clues for your issue?
21 September 2012 at 8:41am
Yes, I found lots of clues, and an answer yesterday... hopefully these will help some people out if they have the same issues.
In my case, the "http" version of my site was reading a different php.ini file than the "https" version of the site. So, when someone logged in and got redirected; the secure site did not have the same info as the http version; and therefore there was no session information. The host had recently upgraded some packages for PHP and didn't restore all of the settings correctly.
Some other things to check:
1. If you have Suhosin installed, check to make sure that the cookie encryption is off. Apparently, suhosin uses the URL as part of it's encryption, and http://... is not the same as https://...
2. Check to make sure the cookie domain name is correct in your PHP settings.
|Go to Top|