The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 100 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
PostPosted: Fri Mar 07, 2008 9:21 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Fri Mar 07, 2008 10:53 am
Posts: 1
I have the same problem, and I started digging in the code.. I found out that the $session_id variable is nothing more than another variable for the superglobal $_SESSION["session_id"]; for some reason this superglobal is just plain empty when it is stored to the variable $session_id.

Why is the $_SESSION["session_id"] superglobal empty, while the session_id function isn't and returns a valid session ID ?

The code:
Code:
echo "sessionid = " . $_SESSION["session_id"] . "<BR>";
echo "sessionid = " . session_id() . "<BR>";


The output:
Code:
sessionid =
sessionid = 7c661be1be14cada14162d604918780f


Top
 Profile  
 
PostPosted: Sat Mar 08, 2008 3:02 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Sat Mar 08, 2008 2:49 am
Posts: 1
Thanks, sfetter!

I could not log into the Backend but kept getting the session error. I did exactly what you suggested. I created a subdirectory in my main Joomla directory named "/sessions". Then I created a file named "php.ini" and put what you said....

session.save_path=/absolute/path/to/joomla/sessions
register_globals = OFF

(I got my absolute path to joomla from my config.php file.)

and saved the php.ini file in my main directory.

Voila! I was able to log in! Thanks so much for sharing!! :)


Top
 Profile  
 
PostPosted: Sat Mar 08, 2008 4:46 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Fri Jan 25, 2008 7:45 pm
Posts: 4
Hey mgood1999

That's great news. Glad to hear the thing that worked for me has helped somebody else.

I sure have done a lot of combing through these forums, and have learned a lot in the process! It's nice to be able to give something back to at least one person.


Top
 Profile  
 
PostPosted: Sat Mar 08, 2008 11:45 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sat Sep 09, 2006 3:53 am
Posts: 7
Believe it or not I've got the same problem on a new .15 instal. That's the first problem - the second problem is I don't understand the suggested fixes in this forum. They're sort of like recipes where the chef (I'm sure deliberately) leaves out certain crucial details.
How come the only contributions to this particular problem for some 2 weeks are not Joomla experts? Hey Moderators! how about some expert advice here please?


Top
 Profile  
 
PostPosted: Sun Mar 09, 2008 2:12 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Apr 16, 2007 10:49 am
Posts: 21
Location: Utrecht
I'm still hoping a lost expert comes by to say, oohhh... It's this and that. You see very simple...

Until then...
trying and trying...

_________________
http://www.bamweb.nl/ // custom OpenBSD solutions


Top
 Profile  
 
PostPosted: Mon Mar 10, 2008 1:50 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Mon Mar 10, 2008 1:29 pm
Posts: 1
I had the same problem with a fresh install but the fix listed here helped me. thank you :)


Top
 Profile  
 
PostPosted: Wed Mar 12, 2008 5:50 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Mar 12, 2008 5:45 pm
Posts: 1
Hello everyone,

I'm new to Joomla and have been having the same problem with my fresh install. I tried the most recent fix here (creating the "sessions" > "ini.php" in the main directory) and I'm still getting the same message, although a few times, I got a different message...instead of "Invalid Session" it said something about having the wrong level/privileges..but then reverted back to the original "Invalid Session" error.

I wish it wasn't so difficult just to get into the admin control panel geesh. If anyone has any advice please keep me posted!

Thanks.


Top
 Profile  
 
PostPosted: Sun Mar 16, 2008 1:48 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Mar 05, 2006 3:35 am
Posts: 8
I had that the "Invalid session" problem after upgrading to 1.0.15, and I just cleared /cache folder and the error disappeared.


Top
 Profile  
 
PostPosted: Wed Mar 19, 2008 11:21 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Tue Feb 05, 2008 1:38 pm
Posts: 3
Thanks sfetter!

It resolved my problem with the sessions for versions 12, 13, 14 and 15. It doesn't matter what version you have. I have no idea what made it for me, i created both /session folder and /tmp folder and added the php.ini to my root folder.

This is awesome! Finally THE solution,

BR,
Kerti


Top
 Profile  
 
PostPosted: Tue Mar 25, 2008 1:21 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Sun Mar 23, 2008 9:06 am
Posts: 1
Hi

I had this problem and I fixed it by editing my php.ini my provider allow me to edit my php.ini

look for line

Code:
session.save_path =

and insert your full path

ex : /home/users/xx/xxx/user/phpsessions

lucky I had joomla.php edited by my provider script which showed me the session directory
when I upgraded the file was over written


Top
 Profile  
 
PostPosted: Tue Apr 01, 2008 9:01 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Mar 30, 2008 7:33 am
Posts: 10
hi

i have tried this fix but no luck. Still getting the "invalid session" error. Any suggestions.


Top
 Profile  
 
PostPosted: Tue Apr 01, 2008 9:24 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Apr 16, 2007 10:49 am
Posts: 21
Location: Utrecht
sataneyeez wrote:
hi

i have tried this fix but no luck. Still getting the "invalid session" error. Any suggestions.

You say "this". In the meanwhile there are at least 3 solutions, each with there own problem.
Be more specific...

_________________
http://www.bamweb.nl/ // custom OpenBSD solutions


Top
 Profile  
 
PostPosted: Tue Apr 01, 2008 11:39 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Mar 30, 2008 7:33 am
Posts: 10
i tried the fix by adding the changes to php.ini and creating a new /sessions folder.


Top
 Profile  
 
PostPosted: Tue Apr 01, 2008 1:41 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Mar 30, 2008 7:33 am
Posts: 10
I am in the same boat as breannadrew. Done exactly the same things and now getting the "need to login" msg.


Top
 Profile  
 
PostPosted: Tue Apr 01, 2008 1:44 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Mar 30, 2008 7:33 am
Posts: 10
I am in the same boat as breannadrew. Done exactly the same things and now getting the "need to login" msg.


Top
 Profile  
 
PostPosted: Thu Apr 03, 2008 3:32 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Thu Apr 03, 2008 12:03 pm
Posts: 1
I found the some problem.
Migrated from 1.0.13 to 1.0.15.
Server handled directly not by an ISP.
If I use Firefox to access as admin it works perfectly.
If I use IE to access as admin I will get "Invalid Session".

Into session.save_path directory with Firefox I can see just one sess_xxxxxxxxxxx file. With IE there are two files and one it is empty.

I tried all solution without results. With IE doesn't work, with Firefox it works fine !!!

Please provide me a feedback.

If you need more informations please do not hesitate to contact me.


Top
 Profile  
 
PostPosted: Mon Apr 07, 2008 6:00 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Nov 19, 2007 4:34 am
Posts: 17
when i updated i got this error "Restricted access"

why? whats the fix?


Top
 Profile  
 
PostPosted: Tue Apr 08, 2008 9:29 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Jul 27, 2006 7:51 pm
Posts: 45
Location: Metro Washington DC, USA
I'm having this difficulty too. I've been trying to install a component and I get kicked out with an invalid session. I have tried the php.ini file fix with no luck. I'm reluctant to comment out the includes/joomla.php lines since there may be security implications. Anyone with fresh ideas?

_________________
Joomla! websites and white-label development services - http://terracemedia.com
Follow me on Twitter @TerraceMedia


Top
 Profile  
 
PostPosted: Wed Apr 09, 2008 2:17 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Feb 24, 2008 4:47 am
Posts: 9
I have the same problem as some others here. Commenting out lines 770-774 in joomla.php doesn't do the trick. If you have commented out these lines and you now get the "You need to login" message, I believe you should undo the commenting (as it doesn't help you at all). The "You need to login" message in that particular instance is happening because the $_SESSION variable is completely empty.

In my case, I have tried various things, and the best scenario I can achieve is the one I just described. In my case, the session files are getting generated within a folder (not /tmp) on my server. However, it appears that EACH TIME I attempt to login, new session files are getting created on the server. I'm not an expert here but it would appear to me that this is the cause of my problem (and other people's problems?) - surely only one file should be created per session?? (with each session usually lasting 20 mins). In other words, I ~think~ each time I attempt to login, a new session file gets created (with the correct settings), but then the next step of the login process can't read the existing session file (it looks for a new one?), so it fails.

Any ideas or comments?


Top
 Profile  
 
PostPosted: Thu Apr 10, 2008 6:35 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Jan 23, 2008 10:27 am
Posts: 4
I managed to fix this problem once and for all.

The session error is occurring for me because my client's host has configured the server (shared hosting) to have a shared session directory rather than individual sessions per domain and per account. On cPanel hosts this shouldn't be a problem since sessions are configured for each domain individually. Although it is unlikely that many people will have the same problem as me, changing joomla's code can prevent joomla for logging you out for session errors.

I might add that because of the changes that need to be made, it will open a security vulnerability because any session that is initiated by another user can be used to access the back-end because the session ID are the same - which are null values. For example, session id = "" for both users. Therefore, even thought they would need to login to admin with a username and password to successfully access the joomla back-end, they could simply type in the URI of say administrator/index2.php and they will be granted access.

This is not a problem for me because the joomla installation is not publicly accessible and is an extranet for a business, so the security vulnerability is not extensive in this case.

All of this applies to the Includes/Joomla.php file.

VERY IMPORTANT If you have used any other fixes, etc, you should download the installation files from the package repository on Joomla's main website and copy back any files you have edited overwriting the changes. If you fail to do this then Joomla will not load, I've tried it and that's how I know.

Another thing is that after applying this patch, you will need to make your site inaccessible to any other users including yourself whilst you access the administrator section. This is because if another user accesses the website, they will start a session of ID="", the same as yours - this will cause the back-end to tell you that are not authorised to use this resource. I have tested it extensively and it ONLY happens when other users are on the site.

Now for the fix, applied to Joomla 1.0.15 or Joomla 1.0.13:

Firstly, you should find line 872. All of the lines executing the exit() function should be commented and so should any $mos echos as they will log you out and take you back to the admin index page respectively. Do not edit the first part of the conditional else function (the one for session.auto_start) as there is no need to do this.

Code:
         // no session_id as user has not attempted to login, or session.auto_start is switched on
         if (ini_get( 'session.auto_start' ) || !ini_get( 'session.use_cookies' )) {
            echo "<script>document.location.href='index.php?mosmsg=You need to login. If PHP\'s session.auto_start setting is on or session.use_cookies setting is off, you may need to correct this before you will be able to login.'</script>\n";
         } else {
            //echo "<script>document.location.href='index.php?mosmsg=You need to login'</script>\n";
         }
         //exit();
      } else {
         // session id does not correspond to required session format
         //echo "<script>document.location.href='index.php?mosmsg=Invalid Session'</script>\n";
         //exit();
      }


Then the session ID check needs to be commented as well as the previous one. The return value from the session check needs to return a valid session ID so there needs to be an echo. This is demonstrated as follows (you will need to find this in the code yourself). The previous user kindly suggested this.

Code:
if ($session_id != session_id()) {
         // session id does not correspond to required session format
         echo ($session_id . "-" . session_id());
         //echo "<script>document.location.href='index.php?mosmsg=Invalid Session'</script>\n";
         //exit();
      }


All of the changes MUST be made or there will be no change. If you fail to do the first bit then you will just be constantly logged out until you finish the fix.

Effectively, this removes session checking and validation. Hence, all users have the same session ID.

As I have indicated, this fix opens up a security hole, so do this at your own risk.

WAY TO FIX THE SECURITY HOLE

Password protect the administrator directory using .htaccess files, or use the relevant cPanel/SSH utilities.

I suspect that this may still cause errors with user logins as each user will have the same session ID, so if two users login and use the CMS at the same time, I suspect that they will either cause a database error or access the same database records. Any recommendations for this are welcomed.

Hope it helps.


Top
 Profile  
 
PostPosted: Thu Apr 10, 2008 7:34 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Feb 24, 2008 4:47 am
Posts: 9
Thankyou to the previous user for posting their fixes. In my case these fixes do help, but present other new problems. For example, one of these problems is:

- once I login, I get to the main administration page, but Joomla can't read my session variables. This means that I only have limited access to the administration console (as a user rather than as an Administrator or Super Administrator) - and it won't remember the text editor that I have chosen.

I have decided to downgrade my adminstration console (only the admin console, not the public site) to version 1.0.12 (which I know works). I will release a copy of the 1.0.12 version of my site to either a subdomain or subfolder that no-one else knows about (for security reasons), then delete the administrator folder from the 1.0.15 site. This will effectively split my administration console away from the public facing website completely, though they will still share the same database (so that making changes won't cause any problems).

It would be great if someone could help identify the reasons for this issue, and possibly suggest a fix that doesn't compromise security.


Top
 Profile  
 
PostPosted: Thu Apr 10, 2008 2:38 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Oct 25, 2006 10:53 pm
Posts: 26
i found another fix: i had to enable session.auto_start in the php settings to get a new piece of software/component to operate correctly. after changing this setting to "off", i was able to login again.


Top
 Profile  
 
PostPosted: Sat Apr 12, 2008 10:47 am 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Tue Oct 11, 2005 3:53 pm
Posts: 110
Location: Malmesbury - South Africa
Just my 2 cents - after i uploaded the fix, it did not work for me and then one guys said something about uploading the fix again - the long and short is that did not work either.

What fix the problem for me was file permissions - out of frustration I recursively 777 the complete joomla dir and then i could log back in - then i went to admin page configuration and the server tab and reapply the permissions recursively again.

Still working...

_________________
Malmesbury - South Africa
http://www.voiceconnect.co.za Voiceconnect
http://www.atmalmesbury.co.za


Top
 Profile  
 
PostPosted: Thu Apr 17, 2008 3:06 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Feb 03, 2006 4:51 am
Posts: 16
I resolved my problem with this:, hopefully the summary below can help someone else.

1) create a sessions folder in your root. CHMOD it to 777
2) Add the previously referred to sessions code to your config file
3) Delete any sessions files that may have appeared in the session folder
4) Login to your administrator page and it should work.

Email me if you have questions. I am online 20 hours a day.

My problems began when Ipowerweb switched from the Vdeck platform to the Cpanel platform. Not that Cpanel is bad, it just has a different structure.

_________________
The 360 Business Coach.
Free Business plan evaluation. Just create an account!
360agencies.com


Top
 Profile  
 
PostPosted: Sun Apr 20, 2008 9:10 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Sun Apr 20, 2008 8:52 pm
Posts: 1
My experience with this problem:
-reading posters, I tried to proceed with a complete installation and that was OK, problem resolved.
-Now the problem with user + password, the encription of password changes (now its longer), you must change the field password or mos_users table, to varchar 100. If you have problems, try to put the value "admin" to the password by hand with you MySql client, the value is: 873f312e3e7a00af35b390fb25b68e1a:z1jEsc4X3L1PTMmm
With this you must go on with your user and pass: admin

(If your web was working, you should not modify permission on folders)

Hope this help everybody and sorry my bad english.


Top
 Profile  
 
PostPosted: Mon Apr 21, 2008 10:04 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Apr 21, 2008 9:59 am
Posts: 34
Location: Helsinki, Finland
I can confirm that sfetter's solution worked for my fresh install of 1.0.15 :)


Top
 Profile  
 
PostPosted: Fri May 09, 2008 6:53 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sat Apr 05, 2008 7:42 am
Posts: 5
Greetings,

first of all let me thank you for posting such fixes... It worked for me, though after commenting the lines. But now, after logging in to the admin panel, I have left the code as it was originally and again I can't login...

Any idea why this is happening? As a work around is great to login and so on, but do you know anyway to reset whatever has been changed? Is it safe to leave the code "invalid-sesion-patched", then, why do these lines exist ...

Any idea, a step further, will be extremely welcome.

Thank you all. I hope it helps somehow.

Marc


Top
 Profile  
 
PostPosted: Thu May 15, 2008 2:37 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Aug 24, 2007 3:47 pm
Posts: 8
sfetter's fix worked for me on a new 1.0.15 install. Don't really get why, but i use ipower as did another poster, and their recent platform change is causing me some problems, I believe. I had to start with a new install after I kept getting a 'Invalid user name and password' error, and nothing worked to fix it. Off to bed for me - thanks to all the posters!


Top
 Profile  
 
PostPosted: Fri May 16, 2008 9:04 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Aug 02, 2006 12:25 am
Posts: 3
Location: Hawaii
I had the same problem due to the hard [drive] allocated size for my website reached its full. The reason why it got full was that 2 days ago, I scheduled a monthly database backup thru ebackup component and it filled my server hard [drive] limit in just 2 days - 3Gb worth data. So when I tried to login on the backend of Joomla, the new session value could not get its value written on the server due to the max-ed out hard [drive] space. After I deleted the schedule and that 3Gb hard [drive] space, my website works fine. I thought my case was little different than the other cases written here. But someone may have the same problem as I had. Hope my case and solution is helpful

_________________
7 leaves becoming a flower


Top
 Profile  
 
PostPosted: Sat May 17, 2008 7:55 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Dec 07, 2005 11:28 am
Posts: 60
I hade the same problem with invalid session. I solved my problem by updating my old configuration file with the new from 1.0.15. It seems that the newer version has some extra rows of code. Compare your old config file with the new from 1.0.15 and make the necessary change. I solved my problem by doing that...:-)

_________________
http://www.laplandonline.se


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 100 posts ]  Go to page Previous  1, 2, 3, 4  Next



Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group