[CONFIRMED+FIX] Joomla! 1.0.13 Admin session dies for certain $task values

[itlionat]

Hi again,
I have many Joomla sites in different versions on my server and it would be very painful to patch now all sites and the main point it worked before.
I tried the latest patch on the Joomla 1.0.13 but I still had problems even with different settings.
However I played around now with the session.save_path and the last time I even removed totally the value (also no path at all) and I got this error that session is not writable.
Then I added again the value '/tmp' and I got then a incorrect username or password but on my unpatched Joomla1.5 I could surprisingly log in  So i removed the patch from my 1.0.13 version and now I can login in all my sites without any problem.
I guess my problem was that the cPanel easy apache build script didn't saved the php.ini properly. Maybe wrong charset or the session values had some additional characters that were not visible. So should you have cPanel and your webhost just upgraded and your site worked before, then ask your webhost to retype the session values again.
I'm sooo happy  that everything works fine without any patch!

[ulpo]

Hi!
I dont'n read all post in this topic...

anyway, I find this hotfix to this problem:
http://virtuemart.net/index.php?option= ... ad&gid=371

/administrator/index2.php

Code: Select all

BEFORE

doGzip();
// if task action is 'save' or 'apply' redo session check
if ( $task == 'save' || $task == 'apply' ) {
	$mainframe->initSessionAdmin( $option, '' );
}


AFTER

// if task action is 'save' or 'apply' redo session check
if ( $task == 'save' || $task == 'apply' ) {
	$mainframe->initSessionAdmin( $option, '' );
}
doGzip();

and it works in my Joomla 1.0.13 IE pl

Thank you so much, this little change in the index2.php has solved everything. After getting nuts almost you have saved my day and work.
It seemed to be that there was nothing which worked fo me with joomla 1.13 and Joomfish, but finally you found a simple way to get it done....
Thx again

ulpo

[steve2]

Hi all,

I'm sorry that I have taken so long to get back here but I have just been really busy and dealing with life.  I went through and tried to rework the problem so it doesn't have this problem and I think I found a way to deal with it that it is just as secure and possibly faster than the previous fix that was made.  I have attached a zip file to this post with two files in it.  The first file is index.php should replace administrator/index.php and joomla.php should replace includes/joomla.php  When you put these files in place, you will probably get logged out but once you get logged back in, the problem will hopefully be fixed.  Please do not test this on live sites though, I cannot guarantee that it works as I am working on a laptop and only have one environment to test against.

Appreciate your hard work guys, this fixed it for me...

[bulesz]

Thansk for you work guyz!

I cant believe this, how could release it without this fix? I means without this its completeley useless! cant login etc...

Wasnt any test of it???? Strange!

[joeleal]

Hi There,

Can you please tell me where the zip file (fix) for this problem is?

[joeleal]

[quote="joeleal "]
Hi There,

Can you please tell me where the zip file (fix) for this problem is?


Sorry, I found it. Thanks

[joehome]

Nice! Thanks for this fix. it worked for me. Really, thank you sooooooo much.
-Joe

Hi all,

I'm sorry that I have taken so long to get back here but I have just been really busy and dealing with life.  I went through and tried to rework the problem so it doesn't have this problem and I think I found a way to deal with it that it is just as secure and possibly faster than the previous fix that was made.  I have attached a zip file to this post with two files in it.  The first file is index.php should replace administrator/index.php and joomla.php should replace includes/joomla.php  When you put these files in place, you will probably get logged out but once you get logged back in, the problem will hopefully be fixed.  Please do not test this on live sites though, I cannot guarantee that it works as I am working on a laptop and only have one environment to test against.

[kgonyea]

For the people that are getting the "Invalid Session" message, could you please try to clear your browser cookies or try a different browser if you have access to one.

Thanks.

I was getting the Invalid Session error, until I found this:

http://tech.amikelive.com/node-41/compr ... omla-1013/

That solved the problem for me.  It is a combo fix for several issues discussed in this thread.  I'm sure it will be useful for others as well.

[HansLee]

alright.. I cant find the hotfix.. where can I find it?

[kgonyea]

alright.. I cant find the hotfix.. where can I find it?

Here's a link to the patch I used:

http://dev.amikelive.com/joomla1/compon ... info/id,3/

And instructions from the link from my last post...

How to invoke this fix:

  1. Backup your joomla files
  2. Copy the files in the zip into their respective folders
  3. Create a folder named session in your joomla installation directory (the directory where index.php exists)
  4. Give Apache (or php handler) user permission to write into the directory (you can chmod the directory to 777 or alike)
  5. Test logging into joomla admin panel.

[DaFish]

Hi all,

I'm sorry that I have taken so long to get back here but I have just been really busy and dealing with life.  I went through and tried to rework the problem so it doesn't have this problem and I think I found a way to deal with it that it is just as secure and possibly faster than the previous fix that was made.  I have attached a zip file to this post with two files in it.  The first file is index.php should replace administrator/index.php and joomla.php should replace includes/joomla.php  When you put these files in place, you will probably get logged out but once you get logged back in, the problem will hopefully be fixed.  Please do not test this on live sites though, I cannot guarantee that it works as I am working on a laptop and only have one environment to test against.

RobS... my hero.... struggled for days with this... seems all good now, thank you!

[olivewhite]

Well,
VirtueMart is also affected by this bug.
The problem is indeed a wrong order of the calls to initSessionAdmin and doGzip at the end of the file /administrator/index2.php.
If we change

BEFORE

Code: Select all

103		doGzip();
104		
105		// if task action is 'save' or 'apply' redo session check
106		if ( $task == 'save' || $task == 'apply' ) {
107			$mainframe->initSessionAdmin( $option, '' );
108		}

to

Code: Select all

102		// if task action is 'save' or 'apply' redo session check
103		if ( $task == 'save' || $task == 'apply' ) {
104			$mainframe->initSessionAdmin( $option, '' );
105		}
106		doGzip();

the problem is gone.

I have posted a Hotfix for Joomla! 1.0.13 on the VirtueMart Homepage.
Feel free to try it. It just contains the updated index2.php file.

ciao, Sören

Sincerely thank you so much 

[092098jvm]

I'm having the same issue with JoomlaPack. The fix above didn't fix though. Is there another problem maybe or a different patch?

[ScrapbookSupplies]

FIXED MY PROBLEMS!!!   

[jigoong]

Thank you for every solutions! 

[RZ112]

I did both proposed fixes.
No change, the problem remains, also after removing the cookies.
How can I remove eXtplorer?

[kgonyea]

I did both proposed fixes.
No change, the problem remains, also after removing the cookies.
How can I remove eXtplorer?

You tried the fix here and no luck?

http://forum.joomla.org/index.php/topic ... msg1122800

And are you getting the admin login loop with the invalid session error?  Are there any other errors or symptoms?

You should be able to uninstall extplorer via Installers>Components > select the component, and the uninstall link should be at the top of the page.

[webasylum]

RobS,

JACL Modifies the existing Joomla.php file in the includes folder.

Does the re-worked Joomla.php file in the includes file cause problems with JACL ? if so, what lines of code do I have to update ?

Many thanks,

Webasylum.

[muddauber]

Could someone explain the proper way to install this hotfix?

[greenarrow]

I need hotfix to run component eXtplorer. can anyone tell me where can i find HOTFIX ?

[webasylum]

The HotFix appears as a download link after you have registered on this Forum. 

[webasylum]

RobS,

JACL Modifies the existing Joomla.php file in the includes folder.

Does the re-worked Joomla.php file in the includes file cause problems with JACL ? if so, what lines of code do I have to update ?

Many thanks,

Webasylum.

As a foot note, I noticed that when JACL is installed - it provides clear statements of where it has hacked the Joomla.php file !  Excellent, so using any text editor it was easy to search through the working JACL'd Joomla.php file for its hack entries and copy those pieces of code over into the matching code points in the Hotfix's Joomla.php file.  Note! Always worth saving copies of existing files before merging such pieces of code so you can get back to the start if you mess things up!

Now I have the Hotfix working with eXtplorer and JACL as it should I think inside Joomla. :P

[greenarrow]

Thanks Bro But where Can i Find it Now ? Help Needed

[katerina]

Hi,
I have applied the fix and now I can log in the back end. But I find out that it is possible to activate the front end by
editing Joomla/components/com_extplorer/configuration.jx.php

Then I added it to the main menu and when I click on the link, I have a blanc page.
I cleared cache and tried another browser (IE instead of firefox).
I tried the other fix (which shifts the position of doGzip(); in index2.php.
Nothing worked.

I don't know if it is the bug or I have misconfigured the front end. Is there something else I could do?

[webasylum]

Hi,
I have applied the fix and now I can log in the back end. But I find out that it is possible to activate the front end by
editing Joomla/components/com_extplorer/configuration.jx.php

Then I added it to the main menu and when I click on the link, I have a blanc page.
I cleared cache and tried another browser (IE instead of firefox).
I tried the other fix (which shifts the position of doGzip(); in index2.php.
Nothing worked.

I don't know if it is the bug or I have misconfigured the front end. Is there something else I could do?

Katerina....

Its not a good idea to be trying to get Extlorer working from the front end menu !!??!??  this poses a severe security risk as the public could rewrite your php files etc etc

[webasylum]

Thanks Bro But where Can i Find it Now ? Help Needed

http://forum.joomla.org/index.php/topic ... .html  - Its part of The first post a little zip file icon and link - but it clearly states that you have to be logged in to see the download icon !

[katerina]

What I really want is to display tree structure of some data and I thought it could be the way to do it.
Is there any other way?

[webasylum]

What I really want is to display tree structure of some data and I thought it could be the way to do it.
Is there any other way?

Good Question !  Not sure... will have a look around, but such a question is outside this particular threads scope.
Post a fresh question under General Questions section of the Forum and Be specific with the kind of information you wish to display within the front end (whether it be files, images, sitemap, etc) and I'm sure you will end up with the answer.

[greenarrow]

Help me to find hotfix anyone

[howdwegethere]

There is a link to a post with the fix and instructions to apply it just three posts above yours.

Thanks Bro But where Can i Find it Now ? Help Needed

http://forum.joomla.org/index.php/topic ... .html  - Its part of The first post a little zip file icon and link - but it clearly states that you have to be logged in to see the download icon !