Joomla! Forum - community, help and support

Hi,

I've experienced the following when upgrading my site to 1.0.15, or when I do a fresh install.
After one of these I'm not able to login through the backend (administrator) of my site. This is also the case when I do a fresh installation. Error message is : Invalid Session. The location points to: /administrator/index.php?mosmsg=Invalid%20Session.

I've tried the session time fix, but this wouldn't work.

I have done the following to re-enable it again, but I don't think it is the correct procedure.
Take a look at the following lines. starting from line 770. If you uncomment these lines, it will work. But like I said, I don't think it is correct do this this way.

Below you'll find my system information:

OpenBSD 4.0
Joomla: 1.0.15
PHP: php5-core-5.1.4p2-hardened
builtin Apache chrooted

Let me know if you need anything more

This is the output in my php tmp directory. If I try to log in this is the format of the session it will generate:

This is the output of the session in version 1.0.13 (which works) The difference I see, is that it has no value at the time I view the backend. This file is only filled at the time I login (succesfully)

In case of version 1.0.15, this file is filled on forehand...

I have the exact same problem!
Any thoughts?

I am also having this problem, it started with a fresh install of 1.0.15.

wtf is wrong? This has buggered my afternoon's work.

Also having this problem after upgrading .13. to .15, tried several fixes decribed in this and other threads but nothing helped
edit: GRRRRR, it started to work again but I don't know why (((

I have had a real nightmare getting this one working, and Still nothing.

1.0.12 was the last version i tried about 6 months to a year ago and it was fine.

i've installed 1.0.15 about 8 times now and now I've got past my initial problem, Ii have this "administrator/index.php?mosmsg=Invalid%20Session" Every time i try to login in to the administrator panel. The login works fine on the Front end, its just the Super admin account that isn't working.

Incidentally, I deleted all the Tables everytime and everything joomla related Everytime i did a fresh installation.

it logs in, refreshes the page and does pretty much nothing, (Like everyone else.)

Any Support or Pointers would be absolutely Amazing.

Hiya, the first poster's instructions to uncomment were backwards for me - I had to comment out the code in joomla.php lines 770-774:

Cheers ericaweb,

worked for me and my .12 to .15 upgrade.

erickaweb wrote:Hiya, the first poster's instructions to uncomment were backwards for me - I had to comment out the code in joomla.php lines 770-774:

Code: Select all

/*if ($session_id != session_id()) {
			// session id does not correspond to required session format
			echo "<script>document.location.href='index.php?mosmsg=Invalid Session'</script>\n";
			exit();
		}*/

Worked for you lot, Well I can't apply this Fix your all doing,Because i Don't know what File or Where you are modifying. i dont care about Secruity, its going to be a top end relocator (yes im too lazy to make my own) I can Lock it down after Ive done th Back end Admin work.

joomla.php ? Cant find that im afraid ! Im using 1.0.15

All I need to know is what File to comment out the lines in !

Hi,

After I upgraded form 13 to 15 I had a invalid session error as well.
When i copyed the patch files again (via ftp) the error was gone and i could login.
Has anyone tried to copy the files a second time to make sure there wasn't an error durring uploading.

For me this was a fix, maybe it can help others to.

Worked for you lot, Well I can't apply this Fix your all doing,Because i Don't know what File or Where you are modifying. i dont care about Secruity, its going to be a top end relocator (yes im too lazy to make my own) I can Lock it down after Ive done th Back end Admin work.

joomla.php ? Cant find that im afraid ! Im using 1.0.15

All I need to know is what File to comment out the lines in !

File is located: includes/joomla.php

This is crazy that so many people are having the same issue. It's driving me nuts. First of all i can not find the file that needs to be edited to fix the login problem. Where is the exact location. I have looked in the administrator folder and can not find the file named index.php?mosmsg=Invalid%20Session. I am new to this and could use all the help I can get. Once I locate the file I think I can apply the fix.

Thanks in advance.

Vinny

vv1500 wrote:This is crazy that so many people are having the same issue. It's driving me nuts. First of all i can not find the file that needs to be edited to fix the login problem. Where is the exact location. I have looked in the administrator folder and can not find the file named index.php?mosmsg=Invalid%20Session. I am new to this and could use all the help I can get. Once I locate the file I think I can apply the fix.

Thanks in advance.

Vinny

The "joomla.php" file is located in the "includes" folder.

Click on a name to view its properties.
/ public_html / administrator / includes / (Current Folder)
Create New Folder
Upload file(s)
Up one level
js 755
pcl 755
Create New File
admin.php 9 k 0644
auth.php 2 k 0644
index.html 0 k 0644
menubar.html.php 22 k 0644
pageNavigation.php 8 k 0644
toolbar.html.php

It doesn't seem to be in there.

it isn't in administrator.
It is in /includes in your joomla dir.

Another hack to my earlier desicribed hack is to change the following line in /includes/joomla.php
go to line 770
and change line to mind the $ and the () around session_id

This will do the "if" check on an "a" compare to "a" basis, which will work ofcourse

Like I said it's a hack and I will still hope the joomla guys will say something smart about this.

Cheers,
Bart

Thanks bambam82 (for the fixes and for explaining that "includes" is not "administrator/includes"

erickaweb wrote:Thanks bambam82 (for the fixes and for explaining that "includes" is not "administrator/includes"

It's not a fix, it's a hack. I don't know if this will jeopardize security... That's up to the joomla guru's...

I hope they will read this.

thanks again for the help. I can not believe that this upgrade is so problematic.

Tried both the mods,

removing the Brackets and Commenting out the statement. And Still nothing.

This is not much fun

Furyv1xen wrote:Tried both the mods,
removing the Brackets and Commenting out the statement. And Still nothing.
This is not much fun

I have clarified my earlier post. It is not only the bracket, but also the "$" sign.

Doesn't work for me (both solutions, indeed).
Now I get http://192.168.2.2/administrator/index. ... to%20login
mosmsg=You need to login

Any fix for this ?

BTW: On our Test-Server is a 1-to-1 copy of our internet server (which is running fine) - So I guess theres some settings in the php.ini involved.

Any input ?

Many apologies,
Yes, i added the the $ in as you said. Speaking with my Provider surely shouldn't be the fix, as It was working previously when i was on 1.0.12, Granted i will probably have to roll back, just a little peturbed as to why its not working. Ahwell. i guess I'll live with it.

Thanks for everyone s support so far, its certainly a very helpful community.

Found the solution on http://czropa.wz.cz/?src=doc/joomla_adm ... _login.php

Problem with login to administration interface of Joomla (Free Content Management System)after installation :
http://localhost/administrator/index.ph ... to%20login
I reinstall and on pre-installation check page was one warning:
Session save path: NOTWRITEABLE
E:\Temp\php\upload
I create these directory and all works fine!
If You have same warning create Session save directory or change parameter session.save_path in php.ini

That fixed it for me......
Try it !!

mollahme wrote:Found the solution on http://czropa.wz.cz/?src=doc/joomla_adm ... _login.php

Problem with login to administration interface of Joomla (Free Content Management System)after installation :
http://localhost/administrator/index.ph ... to%20login
I reinstall and on pre-installation check page was one warning:
Session save path: NOTWRITEABLE
E:\Temp\php\upload
I create these directory and all works fine!
If You have same warning create Session save directory or change parameter session.save_path in php.ini

That fixed it for me......
Try it !!

This is always the case! this has nothing to do with 1.0.15 in particular. In a default php.ini you would point this to /tmp (in linux). I use /var/www/tmp with www:www as owner:group with 777 as chmod in openbsd.
Nothing wrong here

Hi folks

I too have struggled with the Invalid Session problem ... and I think I have finally found something that works for my site.

I think that if PHP_Register_Globals is OFF (which is the recommended safer way to run the system), then my service provider wasn't saving the session data in the default file (which /tmp). Even though "System Information | Permissions" showed that /tmp was WRITEABLE, I now suspect that something in my service provider's setup made this unreliable.

(Come to think of it ... /tmp is a public directory on my service provider. Anybody can write to it. I wonder if somebody else's Joomla installation was also set to save session data to the same public directory ... which would mean that sometimes the session data would be stable for a while, but at other times it could have been overwritten almost immediately. That would explain why my sessions would last variable amounts of time.)

When I created a "sessions" directory within my own installation of Joomla, and put instructions re this in my php.ini file FIRST (before the direction to turn off register_globals) I stopped having problems all together.

To be clear, here's my php.ini file now. I have a copy in my main directory, and another copy in my administrator directory:

session.save_path=/path/to/joomla/sessions
register_globals = OFF

I've changed the code as was suggested originally in this post and I now have upgraded from having an invalid session message to having a "you need to login" message. But I still cannot access the admin end of my site.

I also have tried to add a php.ini file to the main and administrator directories with your suggested code in it. But this doesn't seem to have made a difference.

Is there anything additional that I need to add, or should I have changed something for customization for my site?

thanks
B

Just realized from reading your reply that I skipped a step in my description. I've been struggling with this problem too long.

As I understand it (and remember, I'm a newbie!!!) PHP needs some place to store the session data. The default place to do this in in the /tmp folder of your service provider.

If you want to store the session info somewhere else (like within your own installation) you need to create a directory to put it in. I called mine "sessions" which seems to be a fairly common thing to call it, judging from the various threads about this. CHMOD the directory you created to 755 so it's writeable.

When you create your custom PHP.INI file, you need to make sure that the path/to/your/Joomla installation is the "absolute path" used by your service provider. You'll find a copy of that in your CONFIGURATION.PHP file -- look for the line that reads

$mosConfig_absolute_path =

The absolute path is everything inside the quotation marks.

Careful of typos -- even one letter wrong means the thing won't work at all!

Hope that helps

I have the same problem, but it is interesting that from the beginning all was working fine. I din't install any additional component, but when i tryed to login today, it doesn't work (Invalid Session). That's very strange, becouse it all worked fine a day before. I have same problem now on my local copy and on working site ?

- since site worked on my local computer and on live site i have excluded the service provider fault (webhosting), and i think it is something else that's not connected to apache server or PHP ??