Forum Index >  glFusion >  glFusion Support New Topic Post Reply
 Security tocket is invalid.
First | Previous | 1 2 | Next | Last    |  Printable Version
By: max (offline)  Mar 31 2011 15:47 pm  
max

No, this has not happened before.

If I'm logged in but been inactive for 20 minutes and want to post a story or edit a static page, I have to re-authenticate to get to the story/static page editor itself. Yes?

If I submit the story two minutes later, I get the security token invalid message. That has not happened since pl5.

I have 3600+ stories in the system, this behavior started a few days ago.

Forum Newbie
Newbie

Group Comfort
Level:
: 0

Registered: 06/25/07
Posts: 14

Profile Email    
  Quote
By: Mark (offline)  Mar 31 2011 16:06 pm  
Mark

Got it! I missed the part about the re-auth. You are correct, it should not expire after 2 minutes....

You guys are giving me some great information to help find this one.

One more question, if you don't wait the 20 minutes, so you don't have to re-auth when entering the admin areas (to edit the story), does it work or do you get the invalid message?

Thanks!
Mark

Forum Admin
Admin

Group Comfort
Level:
: +107

Registered: 10/21/05
Posts: 6056
Location: The Great State of
Texas

Profile      
  Quote
By: Mark (offline)  Mar 31 2011 16:11 pm  
Mark

Found it!! Not sure how to fix it yet, but at least I know what is causing it....

Stay tuned!

Mark

Forum Admin
Admin

Group Comfort
Level:
: +107

Registered: 10/21/05
Posts: 6056
Location: The Great State of
Texas

Profile      
  Quote
By: max (offline)  Mar 31 2011 16:12 pm  
max


In my case, if I don't wait, the invalid message never comes.

Only: 20 mins --> re-auth --> submit (within a few mins) --> error -> submit again --> success! Smile

Forum Newbie
Newbie

Group Comfort
Level:
: 0

Registered: 06/25/07
Posts: 14

Profile Email    
  Quote
By: Mark (offline)  Mar 31 2011 20:43 pm  
Mark

With all the great feedback and information, I was finally able to track down the bug. It is too long and complicated a story to go into, but what is important is I think I have a fix.

I'm attaching an updated auth.inc.php (public_html/admin/ directory). If you guys would give it a try (overwrite your existing one) and let me know if this solves the problem. If it does, then I will roll out 1.2.1.pl6 with this and a couple of other minor fixes ASAP.

Thanks!
Mark

Forum Admin
Admin

Group Comfort
Level:
: +107

Registered: 10/21/05
Posts: 6056
Location: The Great State of
Texas

Profile      
  Quote
By: savco (offline)  Mar 31 2011 23:54 pm  
savco

Sorry Mark, no go on my site..the err still persists.

I just noticed that the error.log is actually empty..not even a single entry is that supposed to happen ?

s

PS Im a little puzzled as to why its only 2 of us seeing this error..someone else must have it as well..a lot of people use FF and this really prevents publishing any story..humm..

Forum Regular Member
Regular Member

Group Comfort
Level:
: 0

Registered: 04/11/08
Posts: 71

Profile Email    
  Quote
By: max (offline)  Apr 01 2011 05:02 am  
max

No more errors for me. Thanks!

Forum Newbie
Newbie

Group Comfort
Level:
: 0

Registered: 06/25/07
Posts: 14

Profile Email    
  Quote
By: Mark (offline)  Apr 01 2011 05:31 am  
Mark

savco - Since your problem is only with FireFox, I think it is something specific to your browser / add-on configuration. If I remember correctly, you told me the error does not happen with other browsers. I've added the IE Tab add-on to my FFv4, but still everything is working as it should....

I just noticed that the error.log is actually empty..not even a single entry is that supposed to happen ?

I would expect there to be something in there if the token check fails....I'll look closer at the source a little later this morning and see if there are instances where the token check could fail and not log an error.

The problem that is fixed with the updated auth.inc.php would affect all users and all browsers. The bug was very specific that it only appears when you have to re-authenticate when entering the admin area.

BTW - the best way to contact me via email is mark AT glfusion DOT org - I still think it would be worth a look around your site to see if there is something that is site specific - but, if you had the same error here when trying to send me a PM, that really makes me think that it might be browser related, not site related.

Thanks!
Mark

Forum Admin
Admin

Group Comfort
Level:
: +107

Registered: 10/21/05
Posts: 6056
Location: The Great State of
Texas

Profile      
  Quote
New Topic Post Reply

First | Previous | 1 2 | Next | Last

 All times are CDT. The time is now 08:04 am.
Normal Topic Normal Topic
Locked Topic Locked Topic
Sticky Topic Sticky Topic
New Post New Post
Sticky Topic w/ New Post Sticky Topic w/ New Post
Locked Topic w/ New Post Locked Topic w/ New Post
View Anonymous Posts 
Able to Post 
HTML Allowed 
Censored Content