Session login

juxto 2008-11-25 10:57:22 UTC #1

Hi,

Since egroupware 1.6 RCx i have a problem in login, i can log in and i can explore calendar but if i try to use adressbook for example and egroupware logout and say that can’t verify the session. In version 1.4 i solved this change in header admin the sessions type from PHP to database but in the newer version of egroupware don’t exist this option.

I have also downloaded the final version today and not working to. I do all steps and works fine inclusive the install check.

Then i try in a localhost ubuntu apache server and work fine. I need to install something to work the session on php?

I will apreciate some help.

Thank you,
Luís Marques

Dennis_Taylor 2009-01-27 15:33:08 UTC #2

I’ve had a similar problem with 1.6.001. Comparing this version of index.php, I found that the session verification is either missing, or handled differently. Not sure if this is the “correct” solution, but I worked around this issue by copying a small block of code from V1.4.

Patch attached. Good luck!

Dennis

egw-session.1.6.001.patch (560 Bytes)

juxto 2009-01-28 15:10:01 UTC #3

Hi Dennis,

I tried to patch in index.php and not worked too.
You have other idea?
Thank you for your reply.

Regards,
Luís Marques

Dennis_Taylor 2009-01-28 17:09:11 UTC #4

If the patch succeeded, you should see this block in index.php, beginning around line 20:

    $GLOBALS['sessionid'] = isset($_GET['sessionid']) ? $_GET['sessionid'] : @$_COOKIE['sessionid'];
    if(!$GLOBALS['sessionid'])
    {
        Header('Location: login.php'.
            (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING']) ?
            '?phpgw_forward='.urlencode('/index.php?'.$_SERVER['QUERY_STRING']):''));
        exit;
    }

This is expecting a session id to be passed via either the query string appended to the URL, or a cookie. If you’ve verified that the patch did succeed, and you’re still getting the verification message, then my next suggestion would be to clear your browser’s cache/cookies, and make sure you’re accepting cookies from egw. I’ve also found that it may be necessary to “nudge” the system a bit by specifying the base URL explicitly, just once:

    http[s]://<your.server.name>/egroupware/

or whatever the URL may be. Just make sure there’s no query string appended.

This is the current extent of my knowledge in this area. Best of luck!

Dennis

juxto 2009-02-04 17:15:41 UTC #5

Hi Dennis, Thank you.
I changed the file manually, but he continues to make the same thing.

Thank you for your time.

Regards,
Luis

Dennis Taylor:

If the patch succeeded, you should see this block in index.php, beginning around line 20:
    $GLOBALS['sessionid'] = isset($_GET['sessionid']) ? $_GET['sessionid'] : @$_COOKIE['sessionid'];
    if(!$GLOBALS['sessionid'])
    {
        Header('Location: login.php'.
            (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING']) ?
            '?phpgw_forward='.urlencode('/index.php?'.$_SERVER['QUERY_STRING']):''));
        exit;
    }
This is expecting a session id to be passed via either the query string appended to the URL, or a cookie. If you’ve verified that the patch did succeed, and you’re still getting the verification message, then my next suggestion would be to clear your browser’s cache/cookies, and make sure you’re accepting cookies from egw. I’ve also found that it may be necessary to “nudge” the system a bit by specifying the base URL explicitly, just once:
    http[s]://<your.server.name>/egroupware/
or whatever the URL may be. Just make sure there’s no query string appended.

This is the current extent of my knowledge in this area. Best of luck!

Dennis

juxto:

Hi Dennis,

I tried to patch in index.php and not worked too.
You have other idea?
Thank you for your reply.

Regards,
Luís Marques

Dennis_Taylor 2009-02-04 18:22:03 UTC #6

The only other advice I can offer is this: Your session ends when you log out from any application, even if you have multiple apps running, i.e. in separate browser windows or tabs. If you’ve logged out from one application, then you log out from another, you’ll get the verification error. To prevent this, close all egw application tabs/windows except for one, then log out from there. Or, if you’ve already logged out while you still have other active egw applications, simply close their windows or tabs.

Beyond that, I’m stumped, as well.

Good luck!
Dennis