XF 1.5 Sudden problems with log in

Dakis

Well-known member
Suddenly my forum is not allowing anyone to log in unless the "stay logged in" button is checked. If you don't check it, it accepts your username/pass and then just return to the same page without having logged in. If you check the "stay logged in" button, it logs in just fine.

Further to this, I tried to enter my admin panel to look for any errors as I haven't changed anything in the forum config recently, and even though it logs me in, when I try to navigate the admin panel it throws me back in the admincp log in page.

Does anyone know how to troubleshoot this?
 

Sam F

Active member
Suddenly my forum is not allowing anyone to log in unless the "stay logged in" button is checked. If you don't check it, it accepts your username/pass and then just return to the same page without having logged in. If you check the "stay logged in" button, it logs in just fine.

Further to this, I tried to enter my admin panel to look for any errors as I haven't changed anything in the forum config recently, and even though it logs me in, when I try to navigate the admin panel it throws me back in the admincp log in page.

Does anyone know how to troubleshoot this?
something similar is happening only with Firefox

 

Dakis

Well-known member
Thanks but this does not seem to be the same issue, plus it's happening across all browsers.
 

ozzy47

Well-known member
Suddenly my forum is not allowing anyone to log in unless the "stay logged in" button is checked. If you don't check it, it accepts your username/pass and then just return to the same page without having logged in. If you check the "stay logged in" button, it logs in just fine.

Further to this, I tried to enter my admin panel to look for any errors as I haven't changed anything in the forum config recently, and even though it logs me in, when I try to navigate the admin panel it throws me back in the admincp log in page.

Does anyone know how to troubleshoot this?
Try on a unmodified default style with all your addons disabled.
 

Dakis

Well-known member
Thanks - I'll give that a go, though I haven't changed anything in the forum in months.

The only thing that's changed is I signed up for Ezoic and the DNS is now being re-routed from Cloudflare through Ezoic. This could be the source of the problem, but I did this change a week ago and the problem only showed up now.

I've disabled Ezoic for now and see what happens.
 

Dakis

Well-known member
Turns out this is still causing trouble. I added this to my config.php:

if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {

$http_x_headers = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );

$_SERVER['REMOTE_ADDR'] = $http_x_headers[0];

}


but even though it is now allowing people to log in, after you have used the site for some time if you are logged in and try to view it again, you get either a 500 or a 503 server error. If you try to view another page, it works and goes back to normal.

I'm guessing that this has something to do with the session expiring and the above code not fully working for what I'm doing.

I searched around the forum and found simpler versions of this, such as this one but I don't really know if I should try this instead or not:

$_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_X_FORWARDED_FOR"];

Anyone has any ideas?
 

Dakis

Well-known member
So I narrowed down that for the requests that fail and show the server errors, the siteis returning a header that looks like

"Set-Cookie: xf_user=22684%2C90c7df200b1b50d1929eec5a946c53a1fdf9d664; expires=Mon, 04-Nov-2019 20:25:13 GMT; Max-Age=2592000; path=/; secure; HttpOnly"

over 100 times, which causes the error.

Does anyone have any idea how to mitigate this, and if this can be fixed by changing the code above ?
 

Dakis

Well-known member
I found a solution for this, if anyone else comes across it: there was a rule in CloudFlare to bypass cache for the login page. As soon as I disabled that, the errors stopped happening.
 
Top