[CONFIRMED+FIX] Joomla! 1.0.13 Admin session dies for certain $task values

[choppy]

I have to say that I agree. I'm not a rocket scientist at all by the way. I tried the fix but what I find is that this may have a lot to do with what you have installed no?

Not assuming or anything but if that is the case then I'd prefer the earlier version back if I could get my hands on it?
My main site is now at a halt and two in dev are now on hold.

Is there a link to the older version please? Anyone got it?

Thanks folks - Busy thread.
Best.

I do not think 1.0.13 is a stable release. It is in operable. Maybe it should be pulled until there is a solution. Is there a solution?

[ilox]

Well I have 3 sites running. Two I upgraded from 12 to 13. The other had been wrecked by the host so I just blew it away and put a fresh copy of 13 in there.
Now that the fix has been placed I am rolling along nicely with all 3 sites. Go back to 12? No way, no need to.

[choppy]

The problem I gather is the new patch for 1.0.13. MY main site is dead.

Another installation also using 1.0.13 without the patch is working just fine as is another without this new patch.
I could delete the installation and replace it with one that does not have the patch.

Fixes have not worked. Don't know. 

Well I have 3 sites running. Two I upgraded from 12 to 13. The other had been wrecked by the host so I just blew it away and put a fresh copy of 13 in there.
Now that the fix has been placed I am rolling along nicely with all 3 sites. Go back to 12? No way, no need to.

[ilox]

The patches are only to fix the problem of being in administration, changing a setting in some components, being kicked out of admin and forced to log in again. That is, AFAIK, all that it does.
That patch works for me and has worked for other people who were also being regularly booted out of admin.

Sounds to me - and I am not an expert in this - but you probably have other problems, the problems that I talked about above should not make your site "Dead", it only affected Administration.

I think you have another problem entirely. If you provide more information on what you have checked and the things you have done. The components you have running and the error messages that you get back. With details like that then the experts around us should be able to point to ways to resolve the problems.

Wish you luck!

[choppy]

Ok Doc thank you. 

Symptoms:
Cannot access Admin area -
Cannot login front end -
When logged in back end two Admin user ID's were visible - MINE THAT IS. (Back when I could)

** In the past changing the password inside PhpMyAdmin solved both problems but not any more.

============================

3rd party installations?
Of the ones that I can remember these are they:

Joomla 1.0.13 installed -
CB 1.1 -
Fireboard 1. 01 Beta
Utchat
Badwords2
Missus
Noahs Classifieds
com_comprofiler_invite
com_lmo

============================

HISTORY
I reinstalled my Fireboard installation - Completely removing the old version first.


1. At first my Main admin menu bar vanished. I reinstalled this through PhpMYAdmin
2. Components were all missing from Admin environment. As above I reinstalled this in PhpMyAdmin
3. ** I could have mistakenly added the Joomla_1.0.0_to_1.0.13-Stable-Patch_Package.zip
on top of an existing installation? I don't think I did this but as you know Windows condenses file names so I am not counting my stupidity out of it.


I've tried the hotfix (Joomla.php/indedx.php) nothing changes.

Many thanks.

[keggyoid46]

RobS fix is unbelievable, THANK YOU SOOOOOO much. You are a true hero.

the log out when using virtuemart did my head in big time. replaced the index and joomla php's and it worked fine

thanks again rob

[PI]

Hi,

The problem affects also DBQ (a Green Mountain IT component), ans the soeren's fix solves this issue.

[maeigr]

For the people that are getting the "Invalid Session" message, could you please try to clear your browser cookies or try a different browser if you have access to one.

Thanks.

Tried that (with opera 9, ie7, ie6, firefox 2.0, and safari 3 on windows and iceweasel (firefox 2), opera 9, konqueror, and epiphany on linux), on 2 different computers. And it didn't work.

(Though, I've been able to downgrade joomla!, so that's not a problem till the next update/security patch).

[ajwagner777]

Hi all,

I'm sorry that I have taken so long to get back here but I have just been really busy and dealing with life.  I went through and tried to rework the problem so it doesn't have this problem and I think I found a way to deal with it that it is just as secure and possibly faster than the previous fix that was made.  I have attached a zip file to this post with two files in it.  The first file is index.php should replace administrator/index.php and joomla.php should replace includes/joomla.php  When you put these files in place, you will probably get logged out but once you get logged back in, the problem will hopefully be fixed.  Please do not test this on live sites though, I cannot guarantee that it works as I am working on a laptop and only have one environment to test against.

Works beautifully!  Thanks

[Busby]

I have a [slightly] similar problem in that when I try to login at the back end with my admin username and password, I can't but I can get in the frontend with it. Fortunately, I have another username with super Admin rights which lets me in but my 'main' admin doesn't work, even if I change the password.

I have not done the patch as I don't seem to have any other issues.

Any suggestions please?

[tcp]

The problem affects also DBQ (a Green Mountain IT component), ans the soeren's fix solves this issue.

Rob's patch seems to resolve the problem of saving or applying changes to a record in DBQ ( and other components ).  Not sure about problems with the admin login, as this seems to a related but separate issue that I'm not experiencing. 

tcp

[choppy]

Many apologies.

I did find what was wrong. It was a conflict between Joomla and CB. CB provided a new fix on comprofiler.php which solved my login problems.

Should have mentioned this before.
Thanks very much. 

The problem affects also DBQ (a Green Mountain IT component), ans the soeren's fix solves this issue.

Rob's patch seems to resolve the problem of saving or applying changes to a record in DBQ ( and other components ).  Not sure about problems with the admin login, as this seems to a related but separate issue that I'm not experiencing. 

tcp

[Busby]

Looks like I going down a road I didn't want to travel - a full restore from a backup - I hope it works because there's 6 months work down the pan if ir doesn't! None of my users can now log in the back end..

[golmert]

Hi,

1.0.13 installed, PHP 5.2.3, cookies enabled on my browser , IIS on my local host , IE 7, MySQL 5,  fix files applied and still no go..:

When I try to log in to the admin gui nothing happnes. I cannot log in and the same login screen remains with no error message.

Can anyone please help??

Thanks

[rob27]

Try one of these:

MySQL Admin - repair DB - extended
then normal logon backend

or

forgot password (from frontend)
then try to logon backend with the new password

[Busby]

Try one of these:

MySQL Admin - repair DB - extended
then normal logon backend

or

forgot password (from frontend)
then try to logon backend with the new password

Not got a clue how to find the login for MYSQL and tried the new password thing and it still doesn't work. I have also tried setting up a new account and I can log in to the front end with the new account but not the backend!

And it gets worse...

Tried to download a backup but when I unpack it Winzip reports it's corrupt! Now I'm really up a creek without a paddle - I could be looking at months of work all for nothing!

Can anybody help please?

[rob27]

http://www.mysql.com/products/tools/administrator/

Install on workstation
Give your workstation righta on the mysql DB used for joomla:

# mysql -u root –p
# mysql> use mysql;
# mysql> grant all on databasename.* to name@wks identified by ‘’;
# mysql> flush privileges;

Now use the MySQL Admin to repair your Joomla database, use extended.

Implement fix from RobS in this thread

[Busby]

Well, a big sigh of relief! problem seems to be sorted..

I managed to do a restore of the files which were updated from the backup I did before the update - the login problem was no different - so, I recopied the update files again and everything is now working normally again, as far as I can determine!

I think the moral of the story is - don't be too quick to apply security patches/updates! 

[dpjaviya]

Thank you so Much....
I'm so, much happy.   I waste my 5 days behind this problem.
Now i feel very very good. 

[Busby]

Can't help wondering where this leaves us.. There are probably people out there, like us, who will see a security 'stable' patch and apply it the same as we all have..

I think that the very least, the core team should withdraw the patch untill its been sorted - not a work around.

When the problem is resolved it can be released and we can all sleep soundly! Can't understad why this hasn't been done 

[Bayram]

Thank You Robs!

[Divermark]

I'm new to all this stuff so sorry for not sounding technical. I played with it at home using the JSAS server and everything was fine.

I've uploaded everything but I keep getting the 'Invalid session' message trying to get into the admin side. I've tried re-installing it and get the same message.

I setting up a user in the front end, but get the message 'cookies must be enabled', they are! It even leaves a cookie!

The only thing I can think of is that in Step One of teh setup I get
cofiguration.php is unwriteable, but I've uploaded this afterwards
Session save path is also unwriteable, but I don't know what that is?
Safe mode is On and not Off
Display errors is Off and not On

As a relative numpty I am getting a headache after spending atotal of 8 hours trying to solve soimething I know nothing about!

HELP ME PLEASE!!

[RobS]

Session save path is also unwriteable, but I don't know what that is?

That is your problem.  If PHP can not write to the directory where sessions are supposed to be saved you will not be able to login.  Use google to find out more information about how to fix the problem.  This is not a Joomla! problem, this is a problem with your environment/setup.

[RobS]

Can't help wondering where this leaves us.. There are probably people out there, like us, who will see a security 'stable' patch and apply it the same as we all have..

I think that the very least, the core team should withdraw the patch untill its been sorted - not a work around.

When the problem is resolved it can be released and we can all sleep soundly! Can't understad why this hasn't been done 

Well, realistically, a very small percentage of users seem to experience these problems.  There are 4 pages of replies, that makes 120 replies.  There are only 414 downloads of the patch so far and links to it have been plastered all over the place from what I understand.  Yet, there have been over 200,000 downloads of Joomla! 1.0.13 according to a quick glance of the numbers at http://joomlacode.org/gf/project/joomla/frs/

There will always be problems with upgrades.  It is impossible to test all environments and all configurations.  If you would like to help us do better I suggest you volunteer to help by joining the Quality & Testing Working Group.  We have a very, very small team and could use more help.

[nekhoma]

Will this fix be included in any interim 1.0.13 release?

[user deleted]

Will this fix be included in any interim 1.0.13 release?

Hi nekhoma,

My answer is simple I'm afraid, no, we do not release a new 1.0.x just because of this fix. This is because the 1.0.x version is in maintenance mode which means we only release a new version if there are security issues. Once that will happen, the fix will of course be included.

[goot]

Shouldn't anyone post a link so you don't have to be a member to download Rob's fix? I searched for a while and dind't find any link... anyways, have a great life folks! Your fix works just fine for me Rob, Cheers mate! 

[pnobrega]

ok guys.. maybe i'm really stupid or maybe my english is just so bad that i can't understand nothing.. But my logging out problem keeps happening. 
My website is running on a host that as Linux; Apache/1.3.37 (Unix); PHP Version: 4.4.4.
I'm using Joomla! 1.0.13 Stable [ Sunglow ] 21 July 2007 16:00 UTC and VirtueMart 1.0.12.Ii found out another two patch for VM at VM website. In here: http://virtuemart.net/index.php?option= ... &Itemid=57.
The logging out problem remained. Then i started reading this post and downloaded the fix.zip and replaced index.php at adminitrator and joomla.php at includes. And everything f***** time i'm in administration, with site offline and previewing in another tab, and i go to website and navigate on my shop and back to admin it logs me out . It says Invalid Session! Did I do something wrong? 

[netshine]

we only release a new version if there are security issues.

Why? 1.0.13 introduced a new bug. 1.5 is not stable yet, so 1.0.13 is the most recent "stable" version. I don't understand why you can't stabilise the "stable" version. Surely you make more work for yourselves and tarnish Joomla's reputation by constantly pointing disgruntled new users to this patch rather than just releasing a fixed version?

[user deleted]

Hi netshine,

The answer is that we made a decision to put it in maintenance mode, meaning we only release when there are security issues. With all the work going on with the new 1.5, we do not have the resources to continue full development on the 1.0.X series. I understand your point, but people might as well download the fix here, instead of us releasing an entire new version.