The Joomla! Forum ™

Hi Neeps. Ok, it definitely seems to be an issue related to IIS vs. Apache. Does that appear to be the case for others as well? Thanks. Mark

_________________
Mark Dexter
"Well...how did I get here?"

HI,

I did other tests, I thought it would be a problem for the version of php on my server (5.1.6) but I tryed it on another server whit same php version and it worked.
I have also tested the latest version of joomla 1.5.18 and the problem persists.
In my opinion the problem is the configuration of php on the server.
I have no idea which are the ideal settings for a correct working of the joomla login procedure....

You disable the security enhancement that was added in Joomla! 1.5.16.

Ian

I had time to further investigate the problem under IIS5 (see my previous post for system information: I have also applied the 1.5.17 -> 1.5.18 patch).

RE-EDITING: I have posted a html report file as attachment, to give a possibly better report.

When i go to the administrator login page, the system normally creates a session and stores a cookie in my browser (see the first table in attached file)


If now I try to login as superadmin, I see that another session db line is written (see the second table in attachment)

BUT the browser cookie at this time is still named d88d29c9d6cfdcd729bd0f0082c90058 and still contains the previous session_id value a9vpb0a2kl0npo1o3ai91vs2j7.

Looking at the two situations, we can notice:
1) the time value is slightly different: the sistem puts a new value in the old original row, and puts the old value in the newly created row
2) the cookie session_id remains the same, but the db one has changed
3) there are two sessions db rows, instead of only one, for the same user

If now I try to login again, the system writes one more line for each login try (see the third table), and the cookie remains still the same.

It seems that the system is not able to send a new cookie to the browser, or something similar.
In that way, the system correctly creates a new session line, but is unable to assign it to the currently logged user. And trying to login again and again, it creates one new line for each new login try, leaving intact the cookie data.

I hope that this data could help someone to find the trick :-)
Waiting for a solution, now....
Regards

My question is: what are the php features used by the function fork();
so we can control in the php.ini if are enabled or not....

Login Not working with fresh install of joomla1.5.18.

i am working on my local system Apache/2.0.59 (Win32) PHP/5.2.0 on windows xp sp2

commenting line in appilication.php did a trick.

..no one answering to this question?
It's a serious bug, and it should be fixed in any case!
I'm sure that programmers are hard working to 1.6 version, but many of us will upgrade to 1.6 only when all other extensions will be stable for that release. So 1.5.x will stay along on our servers, and it should be fixed soon...
I understand that we are speaking about Open Source sw, and that programmers are volunters, but many of us are available to give help if needed...
Please, look for a fix asap :-)

People should try upgrading to J! 1.5.18, doing a fresh install and see if the problem remains.

Ian

Have you tried posting this to the Bug Reporting forum?

same problem in 1.5.18, fresh intallation.
The fork(); function fails
I insist, is a configuration problem of php on the server.....

Right now I have tested a fresh 1.5.18 installation, and the problem is still there.

Here my Post Asisstant results

JTS-post Problem Description wrote:

Frontend/backend login error

JTS-post Log/Error Message wrote:

none

JTS-post Actions Taken To Resolve wrote:

Commenting out the session (fork) instruction in application.php solve the problem

You told you had a server working and another one not working after upgrade: are you able to check their .ini setups and find a possible difference, if any?

Yes, did and unfortunately the problem remains.

We're having a hard time with this issue because we can't reproduce it here and we're not quite sure how to ask for good diagnostics info.

It may be IIS specific, but we're not sure.

Is anybody having this problem on Apache and is able to give us ssh access to a dev site where we can try and debug?

Ian

I have updated several sites to 1.5.18 and all works smooth except the one site that is using MySql 5.0 other ones are in MySql 3.x

@ianmac

I ask my administrator if he can give you access to our apache server where there is the problem, I will inform you in the next few days....

@ianmarc

I send you a private message...

Hi Ian
I am having this problem on 18 on apache server and will hapily set it up for you to look at it. Its a problem that needs resolving.
MikeyP

So, it the bug fixed? I'm wanting to upgrade three sites to .18. One of which has been a problem twice.

_________________
Craig Davis
CD-Vision Marketing
http://www.cdvisionmarketing.com/

Any news about a bug fix for this problem?

no news....I worote a private message to ianmark but but did not answer me...

This is another thread with the same problem: viewtopic.php?f=430&t=522704



dpacadmin is giving some possible solutions that I am going to try.

Non of this has worked for me, anyone?

I am sure that this is not a problem of session, but of the configuration of PHP on the server....

Hello,

I have been plagued by this issue also. It only started happening after upgrading to Joomla 1.5.20

Logging in to the front end simply refreshes the page and "whos online" shows the user (including myself as administrator) is logged in but they actually aren't.

Logging in via backend works fine but not always.

This ONLY occurs in Internet Explorer for me and works fine in Firefox (I do not know of other browsers as I don't use them).

I have now commented out $session->fork(); and the problem goes away.

I noticed people asking if there were any serious consequences as a result of commenting this line out but no comprehensive answer. So for those who rely on Joomla to power their businesses, like myself, I'd appreciate some official commentary/response regarding this.

Thanks

So the problem isn't solved in 1.5.20?

NO

There was a small change made to session handling in 1.5.17 in response to a discovered session fixation vulnerability in Joomla! See http://developer.joomla.org/security/ne ... ation.html for more information.

This seems to work without issue on the vast majority of servers. There does seem to be a small minority on which this causes problems. I have put out a request in this thread already for ssh access to an affected server so that I might try and track down the exact issue but so far nobody has been able to provide this.

Ian MacLennan
JSST Member

By any chance, are you running two instances of Joomla on your hosting server? I ran into this problem with a client that runs several Joomla websites off one hosting account. I think it may have caused the session cookies to get mixed up in the browser.