We are having an issue with logging in a second time on our site ever since we installed the lightspeed module. At first I thought this might have to do with the need for hole punching, but now I'm not sure.
If you try to log into our website the first time, it works well. However, if you log in a second time, it won't work. It just remains on the customer/account/login page with no effect.
I tried to test this on my end, and echoed the user's email in the loginPost function in the account controller. When echoing directly from the controller, it was obvious that the user was being logged in, but upon the redirect to a page on the site, the user was no longer logged in and appeared as a Guest in the Magento backend (where you view online customers).
It appears to me as if the session is being lost after the redirect. I am not sure if this has anything to do with a switch between https and http as described in the stackoverflow problem here (http://stackoverflow.com/questions/7823994/magento-session-lost-when-switching-to-https-from-http ) where they had also installed lightspeed. The person there resolved the problem, but did not post the solution. Their problem wasn't the same as ours, but I was thinking there may be a connection between the two.
Has anyone seen a problem like this before?
Thanks in advance,
Brenda
Related
So I am experiencing this frustrating issue for quite some time already. The scenario is when I am using admin panel, it will automatically log me out frequently(especially when I click on Save or Edit button). Sometimes it was as bad as each action click it will log me out once, so I have to repeatedly login for each action I performed( Save or Edit).
It is even worst that this is not a constant issue which means it is not every time I click on this module will have this issue which makes me impossible to trace under what circumstances this issue will comes out. By the way, after the system log me out, the message appeared at the login page was 'Invalid session token'.
And recently I got feedback from my customer that even front end is having this issue. My customer make an order after filling up all the details and confirm the payment, when try to click next button, he is being logout !! No order confirmation email send to him. And when he re-login to his account, his order details is incorrect(showing other customer details). This has seriously impact my website reputation. I believe both these front end and backend issue were from the same root cause.
All this while I have been trying to look for solution for this, I have seen similar post on Opencart forum before but can't get a solid solution. So I am opening this topic again here and hope to get a solution from stackoverflow. Solid solutions/advise/idea are all welcome. Thank you.
You may check at following things,
delete system/logs/error.txt;
check if problem has gone;
if not - check where is your disk_space (you may contact your hoster for support)
I also had the same issue.
I have changed the string of code in the htaccess file from "http" to "https" and that worked for me.
I am using version 2.1.3 of CodeIgniter, and primarily use Chrome or FireFox, but I am learning that some of my clients are having issues with my systems not allowing them to log in. The system log indicates that the user has logged in, but I check if the session variable is set to determine whether the control panel or login screen needs to be displayed.
For some reason, the session variables are not set in at least IE8 and below, so the login screen keeps showing, even though the log says the user is logged in.
I checked this: CodeIgniter IE not storing sessions correctly and this is not applicable to me.
I am not using Ajax for this, so this is not it either: PHP Session lost in CodeIgniter IE only
Also, this is not loaded in an iFrame. So, I doubt there are P3P problems: CodeIgniter 2.x sessions and Internet Explorer
What could be the cause of this?
Thanks!
I could just guess, hope its helpful.
Check your php files if you have a closing tag ?> and if you have a whitespace after it. This cause to return a blank response, because of the whitespace, and this breaks the session and cookies.
Do you have some mechanism for regenerating session id`s
Thats all i can come up with, hope i`ve helped.
Regards
I found this article, and it appears to solve the problem for me, but I want to test more before accepting my own answer.
http://ellislab.com/forums/viewthread/211955/#982986
Hope this helps someone else.
Regards,
Kobus
Here's the "long story short" version of my issue:
I have this newsletter/subscription form that triggers the wp-admin/admin-ajax.php file, however the form wasn't working when I wasn't logged into Wordpress.
Turns out, the admin-ajax.php file has a 302 going against it.
I have already seen/tested previous resolutions of this problem (namely this one and that one), however none of them were helpful.
I searched throughout my theme files for any related "wp-admin" protections, I didn't find anything.
I modified and deactivated both WP Better Security and W3C (as well as various other plugins), nothing changed.
I changed/removed the htaccess, nothing changed.
I'm kind of getting frustrated with this issue.
At this point, I know there's somewhere in my code something blocking access to admin-ajax.php for "outsiders," however I can't figure out where.
It's either something protecting my admin folder and/or something protect admin-ajax.php.
Any ideas?
Help would be much appreciated.Thanks in advance!
Ok, the problem here is that Wordpress uses two different hooks for ajax. It uses one for admin side, and one for logged out user. My guess is that your form is not using the latter.
Have a look at the two:
add_action('wp_ajax_my_action', 'my_action_callback');
add_action('wp_ajax_nopriv_my_action', 'my_action_callback');
From Wordpress Codex:
Since WordPress 2.8, there is a hook similar to wp_ajax_(action):
wp_ajax_nopriv_(action) executes for users that are not logged in. So,
if you want it to fire on the front-end for both visitors and
logged-in users, you can do this:
add_action('wp_ajax_my_action', 'my_action_callback');
add_action('wp_ajax_nopriv_my_action', 'my_action_callback');
See here: http://codex.wordpress.org/AJAX_in_Plugins
This is a very strange one for me and I've been battling with it for a while now. I really hope someone can help.
I have a fairly typical MVC 3 Website and I only seem to be getting this problem in IE and Firefox. Chrome plays along nicely. Lucky for me, the majority of our company's clients uses Chrome at the moment.
Problem is at a seemingly random point in time, the browser will automatically redirect me to the Account/LogOff action when I click on a link, and from there it will obviously go back to the Login page. This link will then continue with the same behavior.
I say "seemingly random" because today that link will work, tomorrow it won't and all other (or the majority - I have never had more than on problem link giving this problem at a time) links will be fine. Sometimes restarting the server/dev environment will take care of the problem, other times it won't. The browser will just keep redirecting to LogOff.
I have tried looking at the Referrer URL, but the controller/action being referred to will never be reached. (If I place a breakpoint in the action, it is missed and the next point reached would be the LogOff action)
If I look at the stacktrace when in the LogOff Action, I can't see any info from where the application has come from. I have also tried what was suggested in this page: Posting the Stack Trace on ASP.NET MVC, but I cannot see why I am being redirected to the LogOff action.
The only place I seem to be able to have a breakpoint get hit before hitting LogOff, is Application_BeginRequest in the Global.asax, but can't see where it is going from there on.
My guess is that somewhere along the line, ASPNET Auth decides the user isn't authenticated any more and redirects to the LogOff action. Problem is that the cookies associated with ASPNET Auth all still exist, have data in them and they haven't expired yet.
Anyway, I hope I have given enough info on the problem.
Thanks in advance.
[Edit]
OK, so I might have gotten a step closer. I came across this link and looked to see what is happening in my Application_AuthenticateRequest in my global.asax.
I am not quite sure why, by when I click on a link, Application_AuthenticateRequest gets accessed 3 times. When a link works (as in I can follow it and it doesn't log me out), the value of the .ASPAUTH cookie stays the same. I checked this by adding a breakpoint and a watch over
HttpContext.Current.Request.Cookies[".ASPXAUTH"].Value
When the link does not work, the first time the cookie has a value, then the other two times it is null. Thus, because the ASPXAUTH cookie is null, the system automatically redirects to the LogOut action.
If I consider the solution they posted in the link, I am not sure if this applies to me. As far as I can tell, the encrypted cookie is still small (as in a few hundred characters long) and not close to 4096 bytes. Also, I have only 3 cookies going at the time I when tested the broken link and I have a maximum of 5 cookies at any given time.
Any idea?
OK, so I had a hunch about cookies expiring. So I looked at whether there is a way to keep (force) cookies in Forms Authentication alive and that led me to http://www.codeproject.com/Articles/221889/How-to-Generate-Machine-Key-in-IIS7
The only way I could test this theory was to keep working and debugging the site as normal. (And that's why it took me so long to post this answer.) Since I introduced this solution it seems that the problem has been solved.
Interestingly I spoke an Architect the other day, with 20 years dev experience, about my problem. He looked at my code and is convinced this is a bug in the Forms Authentication code.
I hope this helps some people who are experiencing the same problem I have.
I've installed the FreakAuth Lite library for CodeIgniter (http://www.4webby.com/freakauth/). Everything is working nicely (logging in/out), but I have one problem. On the third page request after a user has logged in, the user is automatically logged out. This happens if you simply refresh the page three times, or click through to 3 separate pages. Any ideas? Thanks.
I, too, encountered that problem this evening. After some searching around, I found that this guy, Kaga.Zepp, over on the CodeIgniter forums suggested removing the 'session'
library from $autoload['libraries'] in autoload.php. That seemed to do the trick for me, too.
I didn't poke around to try to figure out why exactly, but there you go.
Hope it works for you as well.