front-end login loop about cidram HOT 8 CLOSED

All right, line L#159 is the culprit. Potentially, other lines with setcookie() (L#271 and in another file for captcha).

For reasons I cannot explain right now, $path and $domain (and $httponly) are [probably, in some relation] cause of the issue. Removing (replacing) them with default values, fixes the problem with cookie generation and storing in this case.

this works:

setcookie('CIDRAM-ADMIN', $CIDRAM['FE']['Cookie'], $CIDRAM['Now'] + 604800);

this works too:

setcookie('CIDRAM-ADMIN', $CIDRAM['FE']['Cookie'], $CIDRAM['Now'] + 604800, '/');

setcookie('CIDRAM-ADMIN', $CIDRAM['FE']['Cookie'], $CIDRAM['Now'] + 604800, '/', '', false, false);

setcookie('CIDRAM-ADMIN', $CIDRAM['FE']['Cookie'], $CIDRAM['Now'] + 604800, '', '', false, true);

setcookie('CIDRAM-ADMIN', $CIDRAM['FE']['Cookie'], $CIDRAM['Now'] + 604800, '', '', false, false);

Will continue with tests later, to see exactly what's going on.

from cidram.

Not sure if I am doing everything fine, as there is no documentation, but from what I've figured out myself is that we first need to hit loader.php and login, to access frontend side.

Yep; Correct. :-)

Now, the problem is that after initial login with default user/pass, I get the homepage stating 'Hello, admin.', but past that point I am going in a login loop (e.g. cannot access any other page, being redirected to login form).

There is absolutely nothing in php error logs. Tested on 2 different apache-based servers with older php (5.4.x) and newer php versions. Again, nothing in the error logs. This could be something with sessions or authentication part. I have all my permission/ownership in order, all dirs are writable.

What am I missing? :)

I haven't personally encountered this problem before, but the first two things that immediately come to my mind as possible causes are cookie settings and CHMOD settings.

When someone successfully logs into the front-end, two things which happen, which are required in order to be able to authenticate them for subsequent page requests, are the creation of a cookie for their browser, containing a session ID and other relevant authentication information for their session (identified as "CIDRAM-ADMIN"), and the addition of corresponding session data in a file, /vault/fe_assets/frontend.dat (plus the creation of this file, if it doesn't already exist at that point).

If cookies are disabled, it won't be possible to create this cookie, which would prevent successful authentication upon subsequent page requests, and if CHMOD settings don't allow for creating or modifying files in the /vault/ or /vault/fe_assets/ directories, the addition of corresponding session data in the frontend.dat file wouldn't be possible, so with that in mind:

• Does your browser have cookies enabled?
• Are your CHMOD settings correct?

If the answer is no to either of those questions, there's a good chance that that's the cause of the problem. Otherwise, if the answer is yes to both, we'll need to investigate this a bit further.

(Posting from work at the moment, so I can't check over code or do any testing at the moment, but I should be home again in 5 or so hours from now).

from cidram.

Hi Maik,

I have done tests under my main and dev servers, both on Linux and Windows OS (xampp stack), as you probably already know, there is no concept of chown/chmod under ntfs/fat and Windows. I also run CMSs (WordPress...), and everything works just fine.

But, yes, I have already checked and set my rights under linux (already mentioned this).

Thanks for giving more details how the login works, hopefully it will help me investigate further cause of the issue. Quick test shows that cookie is NOT generated upon login for some reason. Will test it later to see why, as this is really curious. I have never experienced login issues as mentioned, nor cookie generation (tested with my own scripts).

from cidram.

updated

Ok, finally some progress. It seems to be something with Chrome, specifically version on my laptop, as I cannot reproduce it with Chrome on my other computer. Also, it is working fine in Firefox, regardless of the setup. I have few suspects / extensions, but they are disabled on localhost, so it should work. At this point, this is really strange, as everything else (above mentioned WordPress login, for example) works everywhere.

Will keep investigating and report back if I find something conclusive.
Thanks

from cidram.

Thanks for looking into this.

I'll do some testing when I get home in the next few hours, too.

from cidram.

@dev-101 which is the version of Google Chrome on your notebook (channel + version)?

Do you see some messages like errors in the console tab of your developer tools in Chrome and are cookies transferred in the requests in the network tab?

from cidram.

I have completely reinstalled Chrome, with some registry cleanup, and it fixed the problem.

Strange problem though, as some setcookie() methods worked fine and hadn't this problem up until now.

Some setcookie() options are not compatible with all browsers according to the docs, so in the end, this issue might not be completely pointless, using simpler versions above could not be such a bad idea.

Thanks

from cidram.

Hmm.. Strange. Oh well; As long as the issue has been solved now, all is good, I guess. Thanks again for investigating. :-)

from cidram.