upgrade .13 -> .15; invalid session

Joomla version 1.0 is end-of-life and are no longer supported. Please use Joomla 3.x instead.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
NBeat
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Mar 07, 2008 10:53 am

Re: upgrade .13 -> .15; invalid session

Post by NBeat » Fri Mar 07, 2008 9:21 pm

I have the same problem, and I started digging in the code.. I found out that the $session_id variable is nothing more than another variable for the superglobal $_SESSION["session_id"]; for some reason this superglobal is just plain empty when it is stored to the variable $session_id.

Why is the $_SESSION["session_id"] superglobal empty, while the session_id function isn't and returns a valid session ID ?

The code:

Code: Select all

echo "sessionid = " . $_SESSION["session_id"] . "<BR>";
echo "sessionid = " . session_id() . "<BR>";
The output:

Code: Select all

sessionid =
sessionid = 7c661be1be14cada14162d604918780f

mgood1999
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sat Mar 08, 2008 2:49 am

Re: upgrade .13 -> .15; invalid session

Post by mgood1999 » Sat Mar 08, 2008 3:02 am

Thanks, sfetter!

I could not log into the Backend but kept getting the session error. I did exactly what you suggested. I created a subdirectory in my main Joomla directory named "/sessions". Then I created a file named "php.ini" and put what you said....

session.save_path=/absolute/path/to/joomla/sessions
register_globals = OFF

(I got my absolute path to joomla from my config.php file.)

and saved the php.ini file in my main directory.

Voila! I was able to log in! Thanks so much for sharing!! :)

sfetter
Joomla! Apprentice
Joomla! Apprentice
Posts: 25
Joined: Fri Jan 25, 2008 7:45 pm

Re: upgrade .13 -> .15; invalid session

Post by sfetter » Sat Mar 08, 2008 4:46 am

Hey mgood1999

That's great news. Glad to hear the thing that worked for me has helped somebody else.

I sure have done a lot of combing through these forums, and have learned a lot in the process! It's nice to be able to give something back to at least one person.

Survivor Driver
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Sat Sep 09, 2006 3:53 am

Re: upgrade .13 -> .15; invalid session

Post by Survivor Driver » Sat Mar 08, 2008 11:45 am

Believe it or not I've got the same problem on a new .15 instal. That's the first problem - the second problem is I don't understand the suggested fixes in this forum. They're sort of like recipes where the chef (I'm sure deliberately) leaves out certain crucial details.
How come the only contributions to this particular problem for some 2 weeks are not Joomla experts? Hey Moderators! how about some expert advice here please?

bambam82
Joomla! Apprentice
Joomla! Apprentice
Posts: 21
Joined: Mon Apr 16, 2007 10:49 am
Location: Utrecht
Contact:

Re: upgrade .13 -> .15; invalid session

Post by bambam82 » Sun Mar 09, 2008 2:12 pm

I'm still hoping a lost expert comes by to say, oohhh... It's this and that. You see very simple...

Until then...
trying and trying...
http://www.bamweb.nl/ // custom OpenBSD solutions

doggymon
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Mon Mar 10, 2008 1:29 pm

Re: upgrade .13 -> .15; invalid session

Post by doggymon » Mon Mar 10, 2008 1:50 pm

I had the same problem with a fresh install but the fix listed here helped me. thank you :)

parg
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Mar 12, 2008 5:45 pm

Re: upgrade .13 -> .15; invalid session

Post by parg » Wed Mar 12, 2008 5:50 pm

Hello everyone,

I'm new to Joomla and have been having the same problem with my fresh install. I tried the most recent fix here (creating the "sessions" > "ini.php" in the main directory) and I'm still getting the same message, although a few times, I got a different message...instead of "Invalid Session" it said something about having the wrong level/privileges..but then reverted back to the original "Invalid Session" error.

I wish it wasn't so difficult just to get into the admin control panel geesh. If anyone has any advice please keep me posted!

Thanks.

Algol
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Sun Mar 05, 2006 3:35 am

Re: upgrade .13 -> .15; invalid session

Post by Algol » Sun Mar 16, 2008 1:48 am

I had that the "Invalid session" problem after upgrading to 1.0.15, and I just cleared /cache folder and the error disappeared.

spetsk
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Feb 05, 2008 1:38 pm

Re: upgrade .13 -> .15; invalid session

Post by spetsk » Wed Mar 19, 2008 11:21 am

Thanks sfetter!

It resolved my problem with the sessions for versions 12, 13, 14 and 15. It doesn't matter what version you have. I have no idea what made it for me, i created both /session folder and /tmp folder and added the php.ini to my root folder.

This is awesome! Finally THE solution,

BR,
Kerti

ahmedk
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sun Mar 23, 2008 9:06 am

Re: upgrade .13 -> .15; invalid session

Post by ahmedk » Tue Mar 25, 2008 1:21 am

Hi

I had this problem and I fixed it by editing my php.ini my provider allow me to edit my php.ini

look for line

Code: Select all

session.save_path = 
and insert your full path

ex : /home/users/xx/xxx/user/phpsessions

lucky I had joomla.php edited by my provider script which showed me the session directory
when I upgraded the file was over written

sataneyeez
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Sun Mar 30, 2008 7:33 am

Re: upgrade .13 -> .15; invalid session

Post by sataneyeez » Tue Apr 01, 2008 9:01 am

hi

i have tried this fix but no luck. Still getting the "invalid session" error. Any suggestions.

bambam82
Joomla! Apprentice
Joomla! Apprentice
Posts: 21
Joined: Mon Apr 16, 2007 10:49 am
Location: Utrecht
Contact:

Re: upgrade .13 -> .15; invalid session

Post by bambam82 » Tue Apr 01, 2008 9:24 am

sataneyeez wrote:hi

i have tried this fix but no luck. Still getting the "invalid session" error. Any suggestions.
You say "this". In the meanwhile there are at least 3 solutions, each with there own problem.
Be more specific...
http://www.bamweb.nl/ // custom OpenBSD solutions

sataneyeez
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Sun Mar 30, 2008 7:33 am

Re: upgrade .13 -> .15; invalid session

Post by sataneyeez » Tue Apr 01, 2008 11:39 am

i tried the fix by adding the changes to php.ini and creating a new /sessions folder.

sataneyeez
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Sun Mar 30, 2008 7:33 am

Re: upgrade .13 -> .15; invalid session

Post by sataneyeez » Tue Apr 01, 2008 1:41 pm

I am in the same boat as breannadrew. Done exactly the same things and now getting the "need to login" msg.

sataneyeez
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Sun Mar 30, 2008 7:33 am

Re: upgrade .13 -> .15; invalid session

Post by sataneyeez » Tue Apr 01, 2008 1:44 pm

I am in the same boat as breannadrew. Done exactly the same things and now getting the "need to login" msg.

sysser
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Thu Apr 03, 2008 12:03 pm

Re: upgrade .13 -> .15; invalid session

Post by sysser » Thu Apr 03, 2008 3:32 pm

I found the some problem.
Migrated from 1.0.13 to 1.0.15.
Server handled directly not by an ISP.
If I use Firefox to access as admin it works perfectly.
If I use IE to access as admin I will get "Invalid Session".

Into session.save_path directory with Firefox I can see just one sess_xxxxxxxxxxx file. With IE there are two files and one it is empty.

I tried all solution without results. With IE doesn't work, with Firefox it works fine !!!

Please provide me a feedback.

If you need more informations please do not hesitate to contact me.

ranjithbajpe
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Mon Nov 19, 2007 4:34 am

Re: upgrade .13 -> .15; invalid session

Post by ranjithbajpe » Mon Apr 07, 2008 6:00 am

when i updated i got this error "Restricted access"

why? whats the fix?

User avatar
bpsullivan
Joomla! Apprentice
Joomla! Apprentice
Posts: 45
Joined: Thu Jul 27, 2006 7:51 pm
Location: Metro Washington DC, USA
Contact:

Re: upgrade .13 -> .15; invalid session

Post by bpsullivan » Tue Apr 08, 2008 9:29 pm

I'm having this difficulty too. I've been trying to install a component and I get kicked out with an invalid session. I have tried the php.ini file fix with no luck. I'm reluctant to comment out the includes/joomla.php lines since there may be security implications. Anyone with fresh ideas?
Joomla! websites and white-label development services - http://terracemedia.com
Follow me on Twitter @TerraceMedia

gavingrubb
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Sun Feb 24, 2008 4:47 am

Re: upgrade .13 -> .15; invalid session

Post by gavingrubb » Wed Apr 09, 2008 2:17 am

I have the same problem as some others here. Commenting out lines 770-774 in joomla.php doesn't do the trick. If you have commented out these lines and you now get the "You need to login" message, I believe you should undo the commenting (as it doesn't help you at all). The "You need to login" message in that particular instance is happening because the $_SESSION variable is completely empty.

In my case, I have tried various things, and the best scenario I can achieve is the one I just described. In my case, the session files are getting generated within a folder (not /tmp) on my server. However, it appears that EACH TIME I attempt to login, new session files are getting created on the server. I'm not an expert here but it would appear to me that this is the cause of my problem (and other people's problems?) - surely only one file should be created per session?? (with each session usually lasting 20 mins). In other words, I ~think~ each time I attempt to login, a new session file gets created (with the correct settings), but then the next step of the login process can't read the existing session file (it looks for a new one?), so it fails.

Any ideas or comments?

whitetigerx
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Wed Jan 23, 2008 10:27 am

Re: upgrade .13 -> .15; invalid session

Post by whitetigerx » Thu Apr 10, 2008 6:35 am

I managed to fix this problem once and for all.

The session error is occurring for me because my client's host has configured the server (shared hosting) to have a shared session directory rather than individual sessions per domain and per account. On cPanel hosts this shouldn't be a problem since sessions are configured for each domain individually. Although it is unlikely that many people will have the same problem as me, changing joomla's code can prevent joomla for logging you out for session errors.

I might add that because of the changes that need to be made, it will open a security vulnerability because any session that is initiated by another user can be used to access the back-end because the session ID are the same - which are null values. For example, session id = "" for both users. Therefore, even thought they would need to login to admin with a username and password to successfully access the joomla back-end, they could simply type in the URI of say administrator/index2.php and they will be granted access.

This is not a problem for me because the joomla installation is not publicly accessible and is an extranet for a business, so the security vulnerability is not extensive in this case.

All of this applies to the Includes/Joomla.php file.

VERY IMPORTANT If you have used any other fixes, etc, you should download the installation files from the package repository on Joomla's main website and copy back any files you have edited overwriting the changes. If you fail to do this then Joomla will not load, I've tried it and that's how I know.

Another thing is that after applying this patch, you will need to make your site inaccessible to any other users including yourself whilst you access the administrator section. This is because if another user accesses the website, they will start a session of ID="", the same as yours - this will cause the back-end to tell you that are not authorised to use this resource. I have tested it extensively and it ONLY happens when other users are on the site.

Now for the fix, applied to Joomla 1.0.15 or Joomla 1.0.13:

Firstly, you should find line 872. All of the lines executing the exit() function should be commented and so should any $mos echos as they will log you out and take you back to the admin index page respectively. Do not edit the first part of the conditional else function (the one for session.auto_start) as there is no need to do this.

Code: Select all

			// no session_id as user has not attempted to login, or session.auto_start is switched on
			if (ini_get( 'session.auto_start' ) || !ini_get( 'session.use_cookies' )) {
				echo "<script>document.location.href='index.php?mosmsg=You need to login. If PHP\'s session.auto_start setting is on or session.use_cookies setting is off, you may need to correct this before you will be able to login.'</script>\n";
			} else {
				//echo "<script>document.location.href='index.php?mosmsg=You need to login'</script>\n";
			}
			//exit();
		} else {
			// session id does not correspond to required session format
			//echo "<script>document.location.href='index.php?mosmsg=Invalid Session'</script>\n";
			//exit();
		}
Then the session ID check needs to be commented as well as the previous one. The return value from the session check needs to return a valid session ID so there needs to be an echo. This is demonstrated as follows (you will need to find this in the code yourself). The previous user kindly suggested this.

Code: Select all

if ($session_id != session_id()) {
			// session id does not correspond to required session format
			echo ($session_id . "-" . session_id());
			//echo "<script>document.location.href='index.php?mosmsg=Invalid Session'</script>\n";
			//exit();
		}
All of the changes MUST be made or there will be no change. If you fail to do the first bit then you will just be constantly logged out until you finish the fix.

Effectively, this removes session checking and validation. Hence, all users have the same session ID.

As I have indicated, this fix opens up a security hole, so do this at your own risk.

WAY TO FIX THE SECURITY HOLE

Password protect the administrator directory using .htaccess files, or use the relevant cPanel/SSH utilities.

I suspect that this may still cause errors with user logins as each user will have the same session ID, so if two users login and use the CMS at the same time, I suspect that they will either cause a database error or access the same database records. Any recommendations for this are welcomed.

Hope it helps.

gavingrubb
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Sun Feb 24, 2008 4:47 am

Re: upgrade .13 -> .15; invalid session

Post by gavingrubb » Thu Apr 10, 2008 7:34 am

Thankyou to the previous user for posting their fixes. In my case these fixes do help, but present other new problems. For example, one of these problems is:

- once I login, I get to the main administration page, but Joomla can't read my session variables. This means that I only have limited access to the administration console (as a user rather than as an Administrator or Super Administrator) - and it won't remember the text editor that I have chosen.

I have decided to downgrade my adminstration console (only the admin console, not the public site) to version 1.0.12 (which I know works). I will release a copy of the 1.0.12 version of my site to either a subdomain or subfolder that no-one else knows about (for security reasons), then delete the administrator folder from the 1.0.15 site. This will effectively split my administration console away from the public facing website completely, though they will still share the same database (so that making changes won't cause any problems).

It would be great if someone could help identify the reasons for this issue, and possibly suggest a fix that doesn't compromise security.

rgsummerlin
Joomla! Apprentice
Joomla! Apprentice
Posts: 26
Joined: Wed Oct 25, 2006 10:53 pm

Re: upgrade .13 -> .15; invalid session

Post by rgsummerlin » Thu Apr 10, 2008 2:38 pm

i found another fix: i had to enable session.auto_start in the php settings to get a new piece of software/component to operate correctly. after changing this setting to "off", i was able to login again.

User avatar
bossies
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 112
Joined: Tue Oct 11, 2005 3:53 pm
Location: Malmesbury - South Africa
Contact:

Re: upgrade .13 -> .15; invalid session

Post by bossies » Sat Apr 12, 2008 10:47 am

Just my 2 cents - after i uploaded the fix, it did not work for me and then one guys said something about uploading the fix again - the long and short is that did not work either.

What fix the problem for me was file permissions - out of frustration I recursively 777 the complete joomla dir and then i could log back in - then i went to admin page configuration and the server tab and reapply the permissions recursively again.

Still working...
Malmesbury - South Africa
http://www.voiceconnect.co.za Voiceconnect
http://www.atmalmesbury.co.za

User avatar
nafl99
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Fri Feb 03, 2006 4:51 am

Re: upgrade .13 -> .15; invalid session

Post by nafl99 » Thu Apr 17, 2008 3:06 pm

I resolved my problem with this:, hopefully the summary below can help someone else.

1) create a sessions folder in your root. CHMOD it to 777
2) Add the previously referred to sessions code to your config file
3) Delete any sessions files that may have appeared in the session folder
4) Login to your administrator page and it should work.

Email me if you have questions. I am online 20 hours a day.

My problems began when Ipowerweb switched from the Vdeck platform to the Cpanel platform. Not that Cpanel is bad, it just has a different structure.
The 360 Business Coach.
Free Business plan evaluation. Just create an account!
360agencies.com

AJJA
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sun Apr 20, 2008 8:52 pm

Re: upgrade .13 -> .15; invalid session

Post by AJJA » Sun Apr 20, 2008 9:10 pm

My experience with this problem:
-reading posters, I tried to proceed with a complete installation and that was OK, problem resolved.
-Now the problem with user + password, the encription of password changes (now its longer), you must change the field password or mos_users table, to varchar 100. If you have problems, try to put the value "admin" to the password by hand with you MySql client, the value is: 873f312e3e7a00af35b390fb25b68e1a:z1jEsc4X3L1PTMmm
With this you must go on with your user and pass: admin

(If your web was working, you should not modify permission on folders)

Hope this help everybody and sorry my bad english.

Nicely
Joomla! Apprentice
Joomla! Apprentice
Posts: 36
Joined: Mon Apr 21, 2008 9:59 am
Location: Helsinki, Finland

Re: upgrade .13 -> .15; invalid session

Post by Nicely » Mon Apr 21, 2008 10:04 am

I can confirm that sfetter's solution worked for my fresh install of 1.0.15 :)

mfarssac
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Sat Apr 05, 2008 7:42 am

Re: upgrade .13 -> .15; invalid session

Post by mfarssac » Fri May 09, 2008 6:53 am

Greetings,

first of all let me thank you for posting such fixes... It worked for me, though after commenting the lines. But now, after logging in to the admin panel, I have left the code as it was originally and again I can't login...

Any idea why this is happening? As a work around is great to login and so on, but do you know anyway to reset whatever has been changed? Is it safe to leave the code "invalid-sesion-patched", then, why do these lines exist ...

Any idea, a step further, will be extremely welcome.

Thank you all. I hope it helps somehow.

Marc

robkatla
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Fri Aug 24, 2007 3:47 pm

Re: upgrade .13 -> .15; invalid session

Post by robkatla » Thu May 15, 2008 2:37 am

sfetter's fix worked for me on a new 1.0.15 install. Don't really get why, but i use ipower as did another poster, and their recent platform change is causing me some problems, I believe. I had to start with a new install after I kept getting a 'Invalid user name and password' error, and nothing worked to fix it. Off to bed for me - thanks to all the posters!

soloheart
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Wed Aug 02, 2006 12:25 am
Location: Hawaii
Contact:

Re: upgrade .13 -> .15; invalid session

Post by soloheart » Fri May 16, 2008 9:04 pm

I had the same problem due to the hard drive allocated size for my website reached its full. The reason why it got full was that 2 days ago, I scheduled a monthly database backup thru ebackup component and it filled my server hard drive limit in just 2 days - 3Gb worth data. So when I tried to login on the backend of Joomla, the new session value could not get its value written on the server due to the max-ed out hard drive space. After I deleted the schedule and that 3Gb hard drive space, my website works fine. I thought my case was little different than the other cases written here. But someone may have the same problem as I had. Hope my case and solution is helpful
7 leaves becoming a flower

samarn
Joomla! Intern
Joomla! Intern
Posts: 60
Joined: Wed Dec 07, 2005 11:28 am

Re: upgrade .13 -> .15; invalid session

Post by samarn » Sat May 17, 2008 7:55 am

I hade the same problem with invalid session. I solved my problem by updating my old configuration file with the new from 1.0.15. It seems that the newer version has some extra rows of code. Compare your old config file with the new from 1.0.15 and make the necessary change. I solved my problem by doing that...:-)


Locked

Return to “Upgrading - 1.0.x”