Jump to:

23454 Posts in 18904 Topics by 2877 members

General Questions

SilverStripe Forums » General Questions » Session being lost in Secured Pages

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 438 Views
  • landyman
    Avatar
    Community Member
    11 Posts

    Session being lost in Secured Pages Link to this post

    Hello -
    Last week, my site started having some severe problems when logging in. After quite a bit of debugging, I figured out that after I login, my session is being destroyed if I visit a page that is requires you to be logged in. A print_r on the session just shows an empty array. But, if I do it on the homepage; I get all of my session info, but it still acts as if I'm not logged in; where I get this in the session:

    [Security] => Array
    (
    [Message] => Array
    (
    [message] => Please choose an authentication method and enter your credentials to access the CMS.
    [type] => warning
    )

    )

    This does not happen in the admin, however. The admin still works perfectly fine. I have made no code changes in the past month, and this just started happening last week. My host did upgrade some PHP stuff on August 20th, but claim that they didn't change any other settings.

    Has anybody run into this before or have any ideas?

    Thanks.

  • landyman
    Avatar
    Community Member
    11 Posts

    Re: Session being lost in Secured Pages Link to this post

    Hello again -
    I'll be a little more specific too if that helps -- in case it's not the Session.

    Member::currentUser(); is not working on any of the pages that require a login, even though I'm logged in (no info is returned from the function).
    If I go to /admin/, it still loads like I'm logged in. If I go to a non-secured page on the site, it works, but anything that requires a login; it's not working.

    Thanks,
    -Aaron

  • squared99
    Avatar
    Community Member
    12 Posts

    Re: Session being lost in Secured Pages Link to this post

    Don't have a solution this but have noticed some similarly odd behavior with setting session variables, logged in members and redirecting.

    When the user is returned back from an external site, All session data set before the redirect appears to be lost, but only if there is a currently logged in member, ie Member::currentUser().

    If no user is logged in, session data works as expected, but if Member::currentUser() returns a value the previously set session data is wiped.

    It might have something to do with this method checking/setting cookies for the session as well, and overwriting previously set variables...

    This behavior did not happen prior to my latest update of Silverstripe.

    Did you find any other clues for your issue?

  • landyman
    Avatar
    Community Member
    11 Posts

    Re: Session being lost in Secured Pages Link to this post

    Yes, I found lots of clues, and an answer yesterday... hopefully these will help some people out if they have the same issues.

    In my case, the "http" version of my site was reading a different php.ini file than the "https" version of the site. So, when someone logged in and got redirected; the secure site did not have the same info as the http version; and therefore there was no session information. The host had recently upgraded some packages for PHP and didn't restore all of the settings correctly.

    Some other things to check:
    1. If you have Suhosin installed, check to make sure that the cookie encryption is off. Apparently, suhosin uses the URL as part of it's encryption, and http://... is not the same as https://...
    2. Check to make sure the cookie domain name is correct in your PHP settings.

    438 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.