Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Installing SilverStripe /

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Random CMS Forbidden error


Go to End


40 Posts   12825 Views

Avatar
one2gamble

Community Member, 30 Posts

23 June 2009 at 12:40pm

Edited: 23/06/2009 12:41pm

I moved it to the root, same crap different location. This is with a clean install of rc4. Also of note the page itself only loads maybe 3 out of every 5 times. The other two times I either get a blank page or I get a page with no style sheet loaded.

Avatar
Briohny

Community Member, 199 Posts

23 June 2009 at 6:40pm

Yep... welcome to my world! I wish a SS developer would find this post and take a look. There's obviously a problem with loading SS onto a sub directory... this really needs to be fixed.

Avatar
Sam

Administrator, 690 Posts

23 June 2009 at 7:31pm

Hi Briohny and everyone else who has been having this error. Sorry about not getting on this sooner; I just came across this thread now.

My suspicion is that, for some reason, you're triggering an error that is logging you out - this can happen if you try and access something that you don't have the rights to access. I expect that some part of the CMS is trying to access are locked-off resource and that's the underlying problem here.

Are you logged in as a user with full ADMIN rights, or just with CMS_ACCESS_CMSMain sites or something? What right does the logged-in user have?

Could you try opening up sapphire/security/Security.php, and finding the permissionFailure() method:

	static function permissionFailure($controller = null, $messageSet = null) {
		if(Director::is_ajax()) {
			$response = ($controller) ? $controller->getResponse() : new HTTPResponse();
			$response->setStatusCode(403);
			$response->setBody('NOTLOGGEDIN:');

Then add a debugging statement to email you some details when this method gets called:

	static function permissionFailure($controller = null, $messageSet = null) {
		mail("youremail@example.com", "Secuity::permissionFailure debugging", self::get_rendered_backtrace(debug_backtrace(), true));
		if(Director::is_ajax()) {
			$response = ($controller) ? $controller->getResponse() : new HTTPResponse();
			$response->setStatusCode(403);
			$response->setBody('NOTLOGGEDIN:');

And then, if it emails you, post those emails to the list?

The other thing you could try is getting rid of the custom cookie parameters for the session cookie. Open sapphire/core/Session.php, and find the start method:

	public static function start() {
		self::load_config();
		
		if(!session_id() && !headers_sent()) {
			session_set_cookie_params(self::$timeout, Director::baseURL());
			session_start();
		}
	}

And comment out the session_set_cookie_params(). Restart your browser and log into the CMS, and see if that works.

Finally, are you using Director::setBaseURL()? What value are you giving it? And could you see what Director::baseURL() returns, for example, by adding this to your Page_Controller::init() and visiting a page on the site.

class Page_Controller {
  static function init() {
    echo Director::baseURL();
    parent::init();
  }
}

Avatar
Fuzz10

Community Member, 791 Posts

24 June 2009 at 9:16pm

Hi Sam,

Thanks for that...

but self::get_rendered_backtrace(debug_backtrace()) produces an error....

Avatar
one2gamble

Community Member, 30 Posts

25 June 2009 at 2:23am

Ive been a bit busy, I should be able to test that tonight

Avatar
Briohny

Community Member, 199 Posts

25 June 2009 at 8:04pm

I haven't had a chance yet either. Hope to try tonight also. Let me know how you get on one2gamble.

Avatar
one2gamble

Community Member, 30 Posts

28 June 2009 at 5:19am

I ran out of time with this particular project, it wasnt a big deal either way. I just set up wordpress for them and went from there. Ill try silverstripe again here pretty quick and try to see what is going on.

Avatar
Fuzz10

Community Member, 791 Posts

30 June 2009 at 7:05pm

Edited: 30/06/2009 7:07pm

Sam :

- Default BaseURL : /

- No more custom cookie params

The problem still exists.

I added some debugging code in the permissionFailure method , but it does not get called.

I had a look at the PHP_INFO output , no weird values for session time-outs etc. The only thing I did not like was the PHP version : 5.1.6 , had some minor problems with that in the past , but since I have SS running on that version on a different machine , I don't think that is the problem.

The site works perfectly, but the client is getting very aggravated about not being able to use the CMS. Do you have any other thought or ideas we could try ?

Thanks !