Comments (8)
All right, line L#159 is the culprit. Potentially, other lines with setcookie() (L#271 and in another file for captcha).
For reasons I cannot explain right now, $path and $domain (and $httponly) are [probably, in some relation] cause of the issue. Removing (replacing) them with default values, fixes the problem with cookie generation and storing in this case.
this works:
setcookie('CIDRAM-ADMIN', $CIDRAM['FE']['Cookie'], $CIDRAM['Now'] + 604800);
this works too:
setcookie('CIDRAM-ADMIN', $CIDRAM['FE']['Cookie'], $CIDRAM['Now'] + 604800, '/');
setcookie('CIDRAM-ADMIN', $CIDRAM['FE']['Cookie'], $CIDRAM['Now'] + 604800, '/', '', false, false);
setcookie('CIDRAM-ADMIN', $CIDRAM['FE']['Cookie'], $CIDRAM['Now'] + 604800, '', '', false, true);
setcookie('CIDRAM-ADMIN', $CIDRAM['FE']['Cookie'], $CIDRAM['Now'] + 604800, '', '', false, false);
Will continue with tests later, to see exactly what's going on.
from cidram.
Not sure if I am doing everything fine, as there is no documentation, but from what I've figured out myself is that we first need to hit loader.php and login, to access frontend side.
Yep; Correct. :-)
Now, the problem is that after initial login with default user/pass, I get the homepage stating 'Hello, admin.', but past that point I am going in a login loop (e.g. cannot access any other page, being redirected to login form).
There is absolutely nothing in php error logs. Tested on 2 different apache-based servers with older php (5.4.x) and newer php versions. Again, nothing in the error logs. This could be something with sessions or authentication part. I have all my permission/ownership in order, all dirs are writable.
What am I missing? :)
I haven't personally encountered this problem before, but the first two things that immediately come to my mind as possible causes are cookie settings and CHMOD settings.
When someone successfully logs into the front-end, two things which happen, which are required in order to be able to authenticate them for subsequent page requests, are the creation of a cookie for their browser, containing a session ID and other relevant authentication information for their session (identified as "CIDRAM-ADMIN"), and the addition of corresponding session data in a file, /vault/fe_assets/frontend.dat
(plus the creation of this file, if it doesn't already exist at that point).
If cookies are disabled, it won't be possible to create this cookie, which would prevent successful authentication upon subsequent page requests, and if CHMOD settings don't allow for creating or modifying files in the /vault/
or /vault/fe_assets/
directories, the addition of corresponding session data in the frontend.dat
file wouldn't be possible, so with that in mind:
- Does your browser have cookies enabled?
- Are your CHMOD settings correct?
If the answer is no to either of those questions, there's a good chance that that's the cause of the problem. Otherwise, if the answer is yes to both, we'll need to investigate this a bit further.
(Posting from work at the moment, so I can't check over code or do any testing at the moment, but I should be home again in 5 or so hours from now).
from cidram.
Hi Maik,
I have done tests under my main and dev servers, both on Linux and Windows OS (xampp stack), as you probably already know, there is no concept of chown/chmod under ntfs/fat and Windows. I also run CMSs (WordPress...), and everything works just fine.
But, yes, I have already checked and set my rights under linux (already mentioned this).
Thanks for giving more details how the login works, hopefully it will help me investigate further cause of the issue. Quick test shows that cookie is NOT generated upon login for some reason. Will test it later to see why, as this is really curious. I have never experienced login issues as mentioned, nor cookie generation (tested with my own scripts).
from cidram.
updated
Ok, finally some progress. It seems to be something with Chrome, specifically version on my laptop, as I cannot reproduce it with Chrome on my other computer. Also, it is working fine in Firefox, regardless of the setup. I have few suspects / extensions, but they are disabled on localhost, so it should work. At this point, this is really strange, as everything else (above mentioned WordPress login, for example) works everywhere.
Will keep investigating and report back if I find something conclusive.
Thanks
from cidram.
Thanks for looking into this.
I'll do some testing when I get home in the next few hours, too.
from cidram.
@dev-101 which is the version of Google Chrome on your notebook (channel + version)?
Do you see some messages like errors in the console tab of your developer tools in Chrome and are cookies transferred in the requests in the network tab?
from cidram.
I have completely reinstalled Chrome, with some registry cleanup, and it fixed the problem.
Strange problem though, as some setcookie() methods worked fine and hadn't this problem up until now.
Some setcookie() options are not compatible with all browsers according to the docs, so in the end, this issue might not be completely pointless, using simpler versions above could not be such a bad idea.
Thanks
from cidram.
Hmm.. Strange. Oh well; As long as the issue has been solved now, all is good, I guess. Thanks again for investigating. :-)
from cidram.
Related Issues (20)
- Redis Logout Issue HOT 2
- How to bypass this? HOT 6
- Bing bot blocked? HOT 1
- Aux problem HOT 2
- IP-API expiration / Country code lookup HOT 1
- Small Cleanup Needed HOT 1
- Oddity with exact and approximate match in Auxiliary rules HOT 2
- Maformed User Agent? HOT 1
- Aux question HOT 2
- API HOT 2
- New Scrapings user agents found HOT 2
- User agent: Mozila/5.0 HOT 1
- Caching days for BGPview and IP_API HOT 2
- Question about "bobuam" and Outdated Browsers HOT 3
- A question on Aux rules HOT 5
- Country Lookup (BGPVIEW)
- How to whitelist everything from *.google.com HOT 2
- Blackhole with CIDRAM HOT 19
- Request: Expired Aux Rules (dates) HOT 1
- Anyone know ? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cidram.