Invalid Session

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
User avatar
Kellanved
Former Team Member
Posts: 2635
Joined: Wed Jan 26, 2005 2:48 pm
Location: Meta-level

Post by Kellanved » Thu Dec 28, 2006 6:47 pm

The session check is a security relevant change; I'd first try to get the issue resolved (different browser, see if there are any tools doing things which they shouldn't; ask if hitting submit twice is too bad)

However removing it should not place your board in terrible danger. It's not to prevent hacks, it is there to prevent cheating.
Nocando is in Idontwanna county. No support via PM

pharry
Registered User
Posts: 45
Joined: Thu Jul 22, 2004 12:08 am

Post by pharry » Thu Dec 28, 2006 7:20 pm

She has tried the different browser. She's been on my board for four years with no problems, so I don't think she's hitting enter twice.

If this isn't an issue for hackers, then I'd like to remove it for now. So that brings up the question, how?

pharry
Registered User
Posts: 45
Joined: Thu Jul 22, 2004 12:08 am

Post by pharry » Thu Dec 28, 2006 7:39 pm

One other issue that we are all having since the upgrade - we have to logon separately to the gallery (photopost). Why is this, and how do I fix it? Prior to the upgrade, the logon in the forums took care of the gallery as well.

mathemajikian
Registered User
Posts: 7
Joined: Thu Dec 28, 2006 1:55 am

Post by mathemajikian » Thu Dec 28, 2006 8:13 pm

pharry wrote: If this isn't an issue for hackers, then I'd like to remove it for now. So that brings up the question, how?

I would love to see a fix for this very very soon.


I fixed this issue by replacing each of the individual files affected by the update with those from my pre-upgrade version of phpbb. I didn't have a backup of my forum before the update so I just downloaded 2.0.21 and used the files inside to replace those affected by the upgrade. My board still thinks that it has been updated and the issue has went away!

Here's a list of the files which must be replaced to fix the problem.

groupcp.php
login.php
memberlist.php
modcp.php
posting.php <--- This might be the only file you need to restore. If so, then your good to go. If not, then replace them all.
privmsg.php
search.php
viewforum.php
viewtopic.php
admin/admin_board.php
includes/functions.php
includes/usercp_email.php
includes/usercp_register.php
language/language_english/lang_main.php

Hope this helps.
Last edited by mathemajikian on Thu Dec 28, 2006 9:38 pm, edited 2 times in total.

User avatar
Kellanved
Former Team Member
Posts: 2635
Joined: Wed Jan 26, 2005 2:48 pm
Location: Meta-level

Post by Kellanved » Thu Dec 28, 2006 8:37 pm

mathemajikian wrote:
pharry wrote:If this isn't an issue for hackers, then I'd like to remove it for now. So that brings up the question, how?

I would love to see a fix for this very very soon.



Here's a list of the files which must be replaced to fix the problem.


The list is far too long; posting/privmsg/usercp_register. Also, don't replace the files, just comment out the added $sid checks.

This is not a fix; it is a step-backwards for a problem which should be fixed client-side. I advise against doing it, unless really, really necessary (and even then I wouldn't do it).
Nocando is in Idontwanna county. No support via PM

mathemajikian
Registered User
Posts: 7
Joined: Thu Dec 28, 2006 1:55 am

Post by mathemajikian » Thu Dec 28, 2006 8:42 pm

Kellanved wrote: I advise against doing it, unless really, really necessary (and even then I wouldn't do it).


I agree. This isn't the best way to do things, but it worked. PERFORM AT YOUR OWN RISK. :P

pharry
Registered User
Posts: 45
Joined: Thu Jul 22, 2004 12:08 am

Post by pharry » Thu Dec 28, 2006 8:54 pm

I went ahead and did it. Too many users are having trouble with the invalid session, "can not perform search" message, and the gallery logon.

This did not fix the gallery logon issue, though.

I agree it may be a step backwards, but I can not tell that many of my board members that it is a client-side issue, you must fix it yourself. That's just not very user friendly.

mathemajikian
Registered User
Posts: 7
Joined: Thu Dec 28, 2006 1:55 am

Post by mathemajikian » Thu Dec 28, 2006 9:05 pm

pharry wrote: This did not fix the gallery logon issue, though.


Is this gallery login a MOD? I don't have this problem so I really don't have any suggestions, but atleast the the other problem was corrected. I'm definitely not going to jump the gun on phpbb upgrades from now on! :twisted:

How can this be a client side issue? I had problems trying to register new users on the board, (invalid session please resubmit form) but after I replaced the files the problem went away? I even tried from a multitude of different browsers! (Opera, IE, Mozilla, Firefox, elinks, links+) So it can't be a browser issue.
Last edited by mathemajikian on Thu Dec 28, 2006 9:13 pm, edited 3 times in total.

Ableck
Registered User
Posts: 3
Joined: Thu Dec 28, 2006 2:50 pm

Post by Ableck » Thu Dec 28, 2006 9:10 pm

I completely agree.
It may not be the best way but we, admins, are not meant to meet such problems and it is your job to provide us with a solution.
So? Should I take a step backwards or there is a way to fix this message appearing only when trying to send PMs? :?

mathemajikian
Registered User
Posts: 7
Joined: Thu Dec 28, 2006 1:55 am

Post by mathemajikian » Thu Dec 28, 2006 9:16 pm

Ableck wrote: So? Should I take a step backwards or there is a way to fix this message appearing only when trying to send PMs? :?


I suggest logging out as the administrator and trying to register a new user on your board. I'm pretty sure this process is also jacked up. (Potential users will not be able to register on your board if this is the case) Post your results.

Ableck
Registered User
Posts: 3
Joined: Thu Dec 28, 2006 2:50 pm

Post by Ableck » Thu Dec 28, 2006 9:38 pm

mathemajikian wrote:
Ableck wrote:So? Should I take a step backwards or there is a way to fix this message appearing only when trying to send PMs? :?


I suggest logging out as the administrator and trying to register a new user on your board. I'm pretty sure this process is also jacked up. (Potential users will not be able to register on your board if this is the case) Post your results.


I did it. And nope, it really is only when trying to send PMs.
Ideas? :(

mathemajikian
Registered User
Posts: 7
Joined: Thu Dec 28, 2006 1:55 am

Post by mathemajikian » Thu Dec 28, 2006 9:41 pm

Ableck wrote: I did it. And nope, it really is only when trying to send PMs. Ideas? :(


Strange..... PM me your sites url. Maybe you should just try and replace this file: privmsg.php make a copy of the one you have installed now and replace it with one from a previous release. If that works, then try and replace it with one from the current release, but not with the one your are having problems with now, and see what happens.

pharry
Registered User
Posts: 45
Joined: Thu Jul 22, 2004 12:08 am

Post by pharry » Fri Dec 29, 2006 12:38 am

I fixed the logon problem with the gallery. Someone here had me change my cookie for phpBB. I didn't think to also change the one for the gallery. I've done that now, and the logon seems to be persistent.

batbawls
Registered User
Posts: 3
Joined: Fri Dec 29, 2006 12:53 am

Post by batbawls » Fri Dec 29, 2006 12:58 am

rbruhn wrote: I have this same issue of invalid session when posting. However, it is ONLY related to AOL Internet Explorer. People who use Firefox, IE 6 or 7, Opera, etc. have not had any problems. Only those using that sucky AOL IE.

I do not have any mods installed. My install was a fresh version of 2.0.21 and then updated to 2.0.22.

Any suggestions on how to fix this for AOL besides just removing the code?


This problem is caused by AOL's caching proxy and Google Web Accelerator. They both use the HTTP prefetch header, if that's any indication on how to block them, but you'd still have to redirect users to instructions on how to bypass or disable their service's proxy. This is easily done with GWA (e.g. "don't cache this site"), but AOL would require switching to some other browser like Firefox.

For now the only solution I've able to use will be to remove the check for the session that was added in x.22. :-(

darksnape
Registered User
Posts: 55
Joined: Wed Feb 23, 2005 1:23 pm

Post by darksnape » Sun Dec 31, 2006 11:35 pm

HEEEELP!
THERE IS NO SOLUTION FOR THE PROBLEM YET! PHPBB KILLS ME! DO STH!

Locked

Return to “2.0.x Support Forum”