View Issue Details

IDProjectCategoryView StatusLast Update
0000562WackoWikiactionpublic2024-11-14 21:22
Reporterbrianko Assigned Toadministrator  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version6.0.27 
Target Version6.1.xFixed in Version6.1.x 
Summary0000562: page call not detecting authenticated session
DescriptionAfter some indeterminate amount of time, the {{commented}} action will no longer detect an authenticated session and will show the user as being logged out. Other actions show the user to be logged in.
Additional InformationImages show links being clicked, one after another, with the Comments page clearly showing the user logged out, while two other links clearly show the user logged in.
TagsNo tags attached.
Attached Files
image.png (15,121 bytes)   
image.png (15,121 bytes)   
image-2.png (13,094 bytes)   
image-2.png (13,094 bytes)   
image-3.png (14,830 bytes)   
image-3.png (14,830 bytes)   

Relationships

related to 0000563 resolvedadministrator Change $cf_cookie_samesite default to 'Lax' 
related to 0000568 assignedadministrator Unable to logout or go to account settings 

Activities

administrator

2024-02-15 13:10

administrator   ~0001101

Last edited: 2024-03-22 07:03

I can confirm this behavior, occasionally the browser loads the cached page version, the browser has stored, despite being logged in. Usually a page refresh in the browser discards the cached version.

I'm not sure what is causing this and how it can be fixed. Guess it is a session & HTTP header issue, ttl stuff, is it? The very moment you're logged in, the HTTP class won't serve you a cached version.

    case 'wacko':
        $http->check_cache($route['page'], $route['method']);
        $engine->run($route['page'], $route['method']);
        $http->store_cache();
        break;

In the run() function it checks the session and auth token

    // start user session
    if (!($user = $this->get_user()) && ($user = $this->check_auth_token()))
    {
        // re-login by auth token
        $this->soft_login($user);
    }

I don't think it is caused by the commented action. Looks to me more like a session termination & soft login issue.

However if a action causes a 500er your session will be terminated.
How we can pin down this issue?

administrator

2024-03-20 09:22

administrator   ~0001105

Last edited: 2024-04-09 14:29

I could not reproduce the behavior on my local test instance. I suspect it is caused by the shared hosting environment.

It would be good to know what exactly is causing the odd behavior to mitigate it.
Today I got permanently logged out, other times it is not possible to upload files, it happens occasionally.

possible causes
  * server measures (proxy, session set back, ...)
  * purge of session dir

https://web.dev/articles/http-cache
https://redbot.org

See also request / response header.
  * NS_BINDING_ABORTED

administrator

2024-11-14 10:06

administrator   ~0001110

Last edited: 2024-11-14 21:22

It seems that issue has been fixed with the latest release, see 6.1.25 and 6.1.26 change log.


* removed deprecated usage of Expires: and Pragma: header
* fixed If-Modified-Since conditional requests issues
* fixed invalid ETag
* fixed various Cache-Control header issues
* re-check for anonymous user before storing cache
  * soft_login() may set sess->user_profile

Issue History

Date Modified Username Field Change
2024-02-15 02:47 brianko New Issue
2024-02-15 02:47 brianko File Added: image.png
2024-02-15 02:47 brianko File Added: image-2.png
2024-02-15 02:47 brianko File Added: image-3.png
2024-02-15 13:10 administrator Note Added: 0001101
2024-02-15 13:17 administrator Note Edited: 0001101
2024-02-15 13:22 administrator Note Edited: 0001101
2024-02-15 13:50 administrator Status new => confirmed
2024-02-15 13:56 administrator Note Edited: 0001101
2024-02-15 13:57 administrator Note Edited: 0001101
2024-02-15 14:00 administrator Note Edited: 0001101
2024-02-15 14:03 administrator Note Edited: 0001101
2024-02-15 14:06 administrator Note Edited: 0001101
2024-02-16 07:26 administrator Relationship added related to 0000563
2024-03-20 09:22 administrator Note Added: 0001105
2024-03-20 09:28 administrator Note Edited: 0001105
2024-03-20 09:41 administrator Note Edited: 0001105
2024-03-20 10:26 administrator Note Edited: 0001105
2024-03-22 07:03 administrator Note Edited: 0001101
2024-04-09 12:47 administrator Relationship added related to 0000568
2024-04-09 13:07 administrator Summary {{commented}} not detecting authenticated session => page call not detecting authenticated session
2024-04-09 14:29 administrator Note Edited: 0001105
2024-11-14 10:06 administrator Assigned To => administrator
2024-11-14 10:06 administrator Status confirmed => resolved
2024-11-14 10:06 administrator Resolution open => fixed
2024-11-14 10:06 administrator Fixed in Version => 6.1.x
2024-11-14 10:06 administrator Target Version => 6.1.x
2024-11-14 10:06 administrator Note Added: 0001110
2024-11-14 21:19 administrator Note Edited: 0001110
2024-11-14 21:22 administrator Note Edited: 0001110