| Joomla! http://forum.joomla.org/ |
|
| AOL users can't Login (or remain logged in) to Joomla sites http://forum.joomla.org/viewtopic.php?f=198&t=138764 |
Page 1 of 2 |
| Author: | wendylou [ Tue Feb 06, 2007 7:15 pm ] |
| Post subject: | AOL users can't Login (or remain logged in) to Joomla sites |
Description: AOL Users Can't Login (or remain logged in) to Joomla Sites for the duration of their Session Joomla 1.0.12 does NOT address the AOL login issues that wee purported to have been fixed in Joomla 1.0.8 using the Security Level 2 option for Proxy IPs. AOL and Proxy IP users are complaining that even if they can drill into the site, when they must login or register, they: 1) lose their login state 2) see "You are not authorized..." 3) ultimately cannot log back in after repeated attempts The 'Who's Online' module shows they are still logged in, even though the login shows they are no longer logged in. The number of users online is also inflated. Checking AOL cookies, we see the user acquires up to 5 cookies just by hitting the site, probably form 5 IPs being used by AOL proxy servers. Thus, one cannot conduct e-commerce on a Joomla site with AOL users. Our stats show that 30% of the users out there are still using AOL. It would appear that none of what was addressed in Joomla 1.0 8 has resolved this AOL user login issue, and we're using Joomla 1.0.12. This is a disaster! When will this be addressed and fixed in Joomla? I have been all over the web and Joomla.org forums, seen postings about this problem as recent as January 2007, yet no one has a definitive answer. We have just launched two sites using VirtueMart and Joomla 1.0.12 only to discover that most AOL users cannot keep their session going long enough to purchase anything. And in actuality, it also applies to anyone behind a proxy server. VirtueMart claims this is a Joomla issue. I have tried setting Security to Level 2, which I understand is the way to correct this proxy IP problem, but it does nothing. We tried forcing the removal of 'www' from the URL (as suggested by certain forum users) to no avail. I read all about the hot-fix patch, but that info was from a year ago, prior to it being incorporated into Joomla 1.0.8. To restate the problem, most if not all AOL users cannot register or login to Joomla 1.0.12 long enough to make a purchase – they will be logged out at some point. They will remain listed as logged in by "Who's Online" module. They will most like see "You are not authorised..." warnings. After a certain number of attempts, they will NOT be allowed to log back in. It's a glaring error. Now we're stuck without any solution on the table and no way to conduct e-commerce without constant complaints from AOL and proxy IP users. Help! Reported on: Joomla! 1.0.12 Stable [ Sunfire [eCommerce Edition] Classification: [Q&T] Critical/High/Medium/Low/Enhancement Affected functions: Login, Who's Online, sessions, VirtueMart, and random public pages are reported as restricted. Related files: Steps to replicate: http://ecommerce.bacsports.org Login name: test Password: test Analysis: [Q&T] Confirmed/Unable to confirm/Rejected Proposed fix(es): Unknown Topic / Artifact ID: AOL Users Can't Login; Proxy Server problems / See http://forum.joomla.org/index.php/topic,120946.0.html System info: Joomla! 1.0.12 Stable [ Sunfire [eCommerce Edition] Joomla Security = Level 2 Mac OS X Apache/1.3.33 PHP 4.3.11 |
|
| Author: | Lyn [ Wed Feb 07, 2007 3:08 pm ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
I really wish this item would get addressed. We are getting complaints from other users coming in from large proxy services that are getting booted out due to a problem with Joomla's login function. This issue more or less renders Joomla/VirtuMart a poor solution for many users. The complaints are rolling in from users with these combinations: AOL (AOL Browser) Comcast (IE 7) MSN (IE 7) Help! |
|
| Author: | tsfftf [ Wed Feb 28, 2007 8:00 pm ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
yo mate, the problem is in the global settings of joomla. if you change the security settings so they are lower (level 2) everything should be ok. |
|
| Author: | Neale [ Wed Feb 28, 2007 8:07 pm ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
Quote: yo mate, the problem is in the global settings of joomla. if you change the security settings so they are lower (level 2) everything should be ok. Agreed... more specifically, go to SITE > GLOBAL CONFIGURATION and select the SERVER tab. Look for the "Session Authentication Method:" pulldown and set it to "Level 2 Security - Allow of Proxy IPs". |
|
| Author: | Lyn [ Wed Feb 28, 2007 8:13 pm ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
I appreciate the replies. The suggestion to change the settings to Level 2. However, even with this modification, we continued to have problems with VirtuMart. Using the VirtuMart login was also needed before the problems eventually (we hope) stopped. Lyn |
|
| Author: | kawika [ Sun Mar 04, 2007 9:41 pm ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
Any update on this? I've got one registered user using AOL that can't stay logged-in even with Level 2 security set. I can see in the logs that their IP address is changing with every page clicked on, sometimes it uses a pool of 4-6 IPs. The first three octets are the same which is a requirement of Level 2 Security so it "supposed" to work. Thanks for any update |
|
| Author: | Comenius [ Sat Apr 28, 2007 3:39 pm ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
This is also broken for me. I have an AOL user, my server security settings are at level 2, and the individual still can't register without getting a "not authorized" response. Anyone have a fix? |
|
| Author: | sberreta [ Fri Jun 15, 2007 12:10 pm ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
Still not solved???? I have the same problem. Security level = 2... AOL users can't register, login, or are logged out within a few clicks or seconds. Please, if you know how to fix this issue post the solution. Thanks a lot!!! Also, I use Virtuemart... |
|
| Author: | timchilton [ Tue Jun 19, 2007 10:42 pm ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
I've seen this problem too Minimise the AOL browser (to stop it dropping the connection) and use Firefox, then everything works OK I realise that this isn't a fix for the AOL browser issue but it allows people to work in Joomla sites whilst the bug remains. Tim |
|
| Author: | sberreta [ Wed Jun 20, 2007 12:44 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
OK, it's true that if you use Firefox or IE then it works. But if you're running an important site, you can't admit to miss AOL users. There should be a true solution for this issue. |
|
| Author: | ets_tempest [ Fri Jul 06, 2007 12:04 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
I've posted an explanation and my patch for this issue to my blog here Joomla 1.0.x patch for AOL support. I've also attached my SVN patch for the HEAD of 1.0.x to this post. I'm attempting to open an official ticket and submit it via Joomla's official patch submission process, but having trouble jumping through those hoops at the moment. The short explanation is that AOL users can appear to originate from multiple IP addresses through the life of a single session. While Joomla's Security level = 2 patch attempts to account for this by using subnets to hash a session id, this is insufficient for AOL users because they are not necessarily bound to a single subnet. My patch is not pretty because it will require regular updates. I've used the published list of AOL subnets to help identify AOL users. Pretty or not...it works and solves a significant shortcoming of the current release. Buyer beware but it works for me. |
|
| Author: | sal3m [ Mon Aug 06, 2007 8:52 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
I found the patch and understand it goes into the includes/joomla.php. But where in the script does it go. Sorry not a php guru like yourselves :-) Aslo, if this script is implemented, do we still turn the security level to 2? |
|
| Author: | ets_tempest [ Tue Aug 07, 2007 4:26 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
sal3m wrote: I found the patch and understand it goes into the includes/joomla.php. But where in the script does it go. Sorry not a php guru like yourselves :-) Aslo, if this script is implemented, do we still turn the security level to 2? sal3m, my patch consists of two methods that should replace a single existing method named "sessionCookieValue" within your joomla.php file. Yes, after applying my patch you'll need to set security level 2 to use it. |
|
| Author: | sal3m [ Tue Aug 07, 2007 9:43 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
I have tried it and all I get is a blank screen. I have copied it in straight from the downloadable file and from the website http://jroller.com/agileanswers/entry/j ... _0_x_patch Is it possible to have a complete joomla.php file for this issue. I think the problem lies with the text copy/paste adding extra characters. Word wrap was off |
|
| Author: | mtsueji [ Mon Mar 17, 2008 2:34 pm ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
Is anyone out there still dealing with this AOL issue? I've tried lowering the security level but it did not work...curious if anyone has discovred a solution. |
|
| Author: | yiendos [ Wed Mar 19, 2008 12:38 pm ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
Dito: Joomla! 1.0.12 Stable [ Sunfire [eCommerce Edition] I have a website whereby local schools login via the Yorkshire Humber Grid for Learning ISP and mysteriously recently some schools login can't access the site and are appearing on the who's online list. Users experiencing the problem can successfully login at home so I can only guess this is a proxy problem as listed above. I've recently set the global configuration to server security settings level 2 and awaiting to see if this solves the problem. I'll update the post with any findings made. **********Edit******************** Whilst the affected users haven't got back to me... one user has been able to log in and successfully submit a report online so I'm taking it as red the situation has been sorted **********Edit******************** |
|
| Author: | ets_tempest [ Wed Mar 19, 2008 6:18 pm ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
sal3m wrote: I have tried it and all I get is a blank screen. I have copied it in straight from the downloadable file and from the website http://jroller.com/agileanswers/entry/j ... _0_x_patch Is it possible to have a complete joomla.php file for this issue. I think the problem lies with the text copy/paste adding extra characters. Word wrap was off I don't have a non-custom joomla.php (mine is heavily motified). If the two methods above don't work as-is, you'll need to lean on your friendly neighborhood php guru. It's not too tough, but it may require a little tweaking to get them to work with your specific joomla.php / Joomla version. |
|
| Author: | gwmbox [ Fri Mar 21, 2008 10:25 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
This appears to be the same issue as identified here viewtopic.php?f=32&t=268208 Any Joomla Admins know about this as it appears to have been an issue since 1.0.12 - or earlier..... Please advise on a working fix.... Thanks |
|
| Author: | canton [ Wed Apr 16, 2008 8:01 pm ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
Does anyone have a solution to this problem. About 50% of my user can't get into my site as they get the pop-up saying that there blocked by the administrator. I have already used the hack for the past few weeks but there isn't any difference. I so surprised that joomla hasn't tried to resolve this issue yet  Thanks in advance |
|
| Author: | boxcarmib [ Tue Apr 22, 2008 3:03 pm ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
I just found out that my site suffers from this problem as well -- at least I now understand all the user complaints that just left me scratching my head. I see the first post on this defect was February 6 of last year... the most recent post was April 16th of this year... that's over 14 months and nothing has been done to fix the problem. I guess everyone who knows anything about the inner workings of Joomla 1.0.x has moved on to 1.5 and this will never be fixed. My bad for relying on open-source I guess... not that I have any right to complain, you get what you pay for. I guess I'm just a little bit grumpy because I think Joomla tries to suggest it's robust and mature enough that it deserves to be taken seriously. HAH! |
|
| Author: | Robin [ Wed Apr 23, 2008 6:22 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
Hi, On the global configuration tab you can find a security level drop down. This can be set to level 1 instead of 3, this level 1 also states something about AOL users and logins. Note; the version I'm using, and where the screenshot was taken on, is 1.0.15. |
|
| Author: | gwmbox [ Wed Apr 23, 2008 7:11 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
Robin - thanks for the post and suggested solution - is this the only solution, what I mean is that level 2 did not work and I am hesitant to go level 1 - I mean what other security issues will we be opening up if we go to level 1? Greg |
|
| Author: | Robin [ Wed Apr 23, 2008 7:58 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
Hi Greg, Not sure about level 1 here, if it would open up other areas, I'd have to check what code is behind it.Could you briefly try though, see if it works? |
|
| Author: | canton [ Wed Apr 23, 2008 9:02 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
Ok i have set my setting to 1. We shall see what happens  Thanks for helping greg 
|
|
| Author: | canton [ Wed Apr 23, 2008 10:11 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
I have had 2 member try to get in and i have the same problem. just to give you an updat The member that are blocked always have the date "1999-11-29 23:00:00" as there signup date. What do you think could be the problem? |
|
| Author: | Robin [ Wed Apr 23, 2008 10:28 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
I'll do some digging in the Q&T forums, I've seen this before... |
|
| Author: | gwmbox [ Wed Apr 23, 2008 10:36 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
Thanks Robin your help is appreciated - I have asked a couple of AOL users that were having trouble before to try again - when I get a reply from them I will report back. Thanks Greg |
|
| Author: | Robin [ Wed Apr 23, 2008 10:38 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
Oh one more thing that might help in locating the issue, please read viewtopic.php?f=126&t=272708 It's a small tool to get your sys info. And post it here... |
|
| Author: | gwmbox [ Wed Apr 23, 2008 10:51 am ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
Here you go (my domain name removed though) Diagnostic Information Joomla! Version: Joomla! 1.0.15 Stable [ Daytime ] 22 February 2008 23:00 UTC configuration.php: Not Writable (Mode: 444 ) | RG_EMULATION: Disabled Architecture/Platform: Linux 2.6.9-023stab033.7-enterprise ( i686) | Web Server: Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.6 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a ( mydomain.com.au ) | PHP Version: 4.4.6 PHP Requirements: register_globals: Disabled | magic_quotes_gpc: Enabled | safe_mode: Disabled | MySQL Support: Yes | XML Support: Yes | zlib Support: Yes mbstring Support (1.5): Yes | iconv Support (1.5): No | save.session_path: Writable | Max.Execution Time: 30 seconds | File Uploads: Enabled MySQL Version: 4.1.22-standard ( Localhost via UNIX socket ) Extended Information: SEF: Enabled | FTP Layer: N/A | htaccess: Implemented PHP/suExec: User and Web Server accounts are not the same. (PHP/suExec probably not installed) PHP Environment: API: apache | MySQLi: No | Max. Memory: | Max. Upload Size: 50M | Max. Post Size: 8M | Max. Input Time: 60 | Zend Version: 1.3.0 Disabled Functions: MySQL Client: 4.1.22 ( latin1 ) Hope that helps Greg |
|
| Author: | gwmbox [ Sun Apr 27, 2008 1:55 pm ] |
| Post subject: | Re: AOL users can't Login (or remain logged in) to Joomla sites |
OK I have had two AOL users test and I have moved it to Security level 1 and they can still not login or remain logged in. Anything else? Cheers Greg |
|
| Page 1 of 2 | All times are UTC |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|