Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

Installing SilverStripe /

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Random CMS Forbidden error

Go to End

40 Posts   10544 Views


Community Member, 199 Posts

30 June 2009 at 7:51pm

I'm exactly the same as Fuzz10. Tried and tested the same. Client also getting increasingly annoyed.


Administrator, 690 Posts

2 July 2009 at 12:10am

Umm, I'm a little stumped to be honest. This isn't something I've come across before, except when people have put "_" characters in domain names, which muck up session cookies in IE.

* Have you tried different browsers? Do you get any different results?
* Can you send me details of how to get to your sites at sam [at] siverstripe [dot] com, so I can have a look myself?


Community Member, 199 Posts

10 July 2009 at 2:55am

Hey Sam,

Sorry for late reply. I ended up moving my site to a new hosting company. I couldn't find a fix for over a month and my client was getting very mad to say the least. The problem did occur in both IE and Firefox. I wasn't able to test on any other platform.

I believe it has something to do with installing on a sub-directory. Perhaps the guys at Silverstripe can take a look when they get a spare moment... i'm sure many other people will encounter this same problem.

Thanks for following up :)

Gravitational FX

Community Member, 22 Posts

10 July 2009 at 12:40pm

I've had exactly the same problem - also in the "php 5 installation error" thread.

After numerous reinstallations and hanging at the PHP 5 is required during installation, I came back to the install after dinner, restarted the browser and was pleased (and confused) to see the ss232 installed and the homepage running.

Yay - I thought - but prematurely.

When clicking on "the CMS" link from the homepage and loggin in with the admin credentials I get the following page (ss1.png).
Refresh.. refresh..refresh..refresh.. nothing..

Type in / and I get the Admin interface again (ss2.png)

Click on the security tab and it goes back to the login screen (ss3.png)

Very wierd!

Attached Files

Community Member, 72 Posts

8 July 2010 at 11:37am

So, one year later (almost to the day), and I've got the same problem. To sum it up, I installed SS 2.4.0, onto a Rackspace cloud server. I currently have 3 other SS installs on the same cloud, different domains, and they work just fine (they are v. 2.3.4).

Here is my long story summed up as best as possible.
Installed v 2.3.4 just like the other three sites I have on the cloud.
Everything installed fine.
Tried to log in - worked (sort of). I was presented with the CMS, and couldn't save any forms, then was redirected to the login page again.
I tried, reinstalling, pulling hair out, avoiding the boss, etc.
Installed v 2.4.0
Same problem as above.
Followed Sam's suggestions in this post - no workie.
Tried the suggestions in this post: - No workie.

Like Briohny, my client is getting mad, as well as my boss.

Firebug is giving me the errors of "NOTLOGGEDIN" and "SecurityID doesn't match, possible CSRF attack."

Here is my setup:
PHP 5.2.13
MySQL 5+
working in the root directory (always have been)
user has full admin rights
I have tested and have this problem on Safari, Firefox (pc and mac) IE, 7 & 8, so its not a browser problem.

I'm at a total loss here. What finally worked for any of you to get this working?


Community Member, 72 Posts

9 July 2010 at 9:41am

to whom it may concern. I've been chatting with rackspace tech support for over an hour, and basically hosting sites have a common folder for all virtual private servers to hold session files.

So if you are having issues you can add the following to the bottom of your .htaccess file and take control of your own sessions:

php_value session.gc_probability 1
php_value session.gc_divisor 100
php_value session.gc_maxlifetime 3600
php_value session.save_path /mnt/stor1/123456/

my session save path is outside my content folder that holds the web files, so it can't be accessed from the www.

Here is a link explaining the above.


Community Member, 95 Posts

20 July 2010 at 6:59pm

I just upgraded a site to 2.4.0 and i am getting this error only in my statically published index.php page.

my staticPublisher outputs php files to the cache folder. all pages that are statically published are written correctly with the exception of the index.php page. this page only says "NOTLOGGEDIN:" with a few headers


 * This is a system-generated PHP script that performs header management for the statically cached content given below.

define('MAX_AGE', '0');
define('LAST_MODIFIED', '2010-07-20 00:27:11');

if(MAX_AGE > 0) {
	header("Cache-Control: max-age=" . MAX_AGE);
} else {
	header("Cache-Control: no-cache, max-age=0, must-revalidate");

header("Expires: " . gmdate('D, d M Y H:i:s', time() + MAX_AGE) . ' GMT');
header("Last-modified: " . gmdate('D, d M Y H:i:s', strtotime(LAST_MODIFIED)) . ' GMT');

	if(strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= strtotime(LAST_MODIFIED)) {
		header("Last-modified: " . gmdate('D, d M Y H:i:s', strtotime(LAST_MODIFIED)) . ' GMT', true, 304);


i tried flushing the cache, (?flush=all), and logging out & logging back in.

i wanted to email the backtrace but dont see any method to do that in the 2.4.0 Security class.

how can i debug this?

thanks, any help would be great,


Community Member, 15 Posts

1 October 2010 at 6:28am

Just wanted to say thanks to moloko man for his response on this topic regarding rackspace hosting ... was completely driving me crazy, and was struggling to find this solution.

For the sake of hopefully helping future searches, The issues I had either gave me the message

"securityid doesn't match, possible csrf attack"

or I would get messages telling me to log back in when I was trying to create new users. This was all in the admin on 2.42 ... on the rackspace cloud.

thanks again,


Go to Top