EGroupware › egroupware-users

Unbelievable : Your session could not be verified

Classic

List

Threaded

11 messages Options

kahuna

Unbelievable : Your session could not be verified

This post was updated on .

Hi,

i search since 2 days why i have that message: Your session could not be verified

I have installed egw 1.8 (same problem with 1.6) on the host web server agsahosting.

I have done to resolve the problem:

- the "Check IP address of all sessions" is deleted

- add in the php.ini : session.save_path = /home/xxxxxxx/public_html/egroupware/egw_sessions

So, egw create the sess_08e622b686c6e5dd91215.. file in the egw_sessions directory with the 0600 permissions, everything seems to be ok, but i still have the problem:

egw log in and 1 second after log out with the same message: Your session could not be verified

is it enough permission with 0600 for the session file?, because my own server create the same file with
0640 permission.

kahuna

Re: Unbelievable : Your session could not be verified

I have writed "false" in the usecookies / egw_config table, i can open the calendar.

Every links from the calendar are ok, but if i want to change in other links like contacts, timesheets, etc

i go back in the login page with my favorite fucking "Your session could not be verified"

Someone can explain why, i'm frustrated !!!!!

kahuna

Re: Unbelievable : Your session could not be verified

This post was updated on .

New discovery...

To be resume:

if i click on a link inside the egw, i'm forwarded to the login page with the same sentence "Your session could not be verified"

In this episode:

when i am in the calendar page, i have that url:

http://www.mydomain.com/egroupware/index.php?sessionid=2f675d50476fe721d5ff3bbce0071535&kp3=Bg3W889woWOZEioQNpvjVR8r&domain=default&menuaction=calendar.calendar_uiviews.index

Nothing wrong for the moment.
I have tried to change directly the url with an other page where i know the link, so i have writed that:

http://www.mydomain.com/egroupware/index.php?sessionid=2f675d50476fe721d5ff3bbce0071535&kp3=Bg3W889woWOZEioQNpvjVR8r&domain=default&menuaction=timesheet.timesheet_ui.index

Guess what? that's work, i'm on the timesheet page !!!!!!

What is the difference between the icon linked and the url line for egw?

kahuna

Re: Unbelievable : Your session could not be verified

I think the problem come from the cookies,

because when i change the "use cookie for id session" value in security menu with "yes (more secure)"
i can't stay more one seconds in the calendar page before the login page forward.

Ralf Becker-2

Re: Unbelievable : Your session could not be verified

In reply to this post by kahuna

Switch "How to store the session-id" to "Cookie", it's more secure
anyway AND will fix your problem.

Ralf

Am 14.07.11 18:18, schrieb kahuna:

> *New discovery...*
>
> To be resume:
>
> if i click on a link inside the egw, i'm forwarded to the login page with
> the same sentence "timesheet.timesheet_ui.index"
>
>
> In this episode:
>
> when i am in the calendar page, i have that url:
>
> http://www.mydomain.com/egroupware/index.php?sessionid=2f675d50476fe721d5ff3bbce0071535&kp3=Bg3W889woWOZEioQNpvjVR8r&domain=default&menuaction=calendar.calendar_uiviews.index
>
> Nothing wrong for the moment.
> I have tried to change directly the url with an other page where i know the
> link, so i have writed that:
>
> http://www.mydomain.com/egroupware/index.php?sessionid=2f675d50476fe721d5ff3bbce0071535&kp3=Bg3W889woWOZEioQNpvjVR8r&domain=default&menuaction=timesheet.timesheet_ui.index
>
> Guess what? that's work, i'm on the timesheet page !!!!!!
>
>
>
> What is the difference between the icon linked and the url line for egw?
>
> --
> View this message in context: http://egroupware.219119.n3.nabble.com/Unbelievable-Your-session-could-not-be-verified-tp3163890p3169615.html
> Sent from the egroupware-users mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> AppSumo Presents a FREE Video for the SourceForge Community by Eric
> Ries, the creator of the Lean Startup Methodology on "Lean Startup
> Secrets Revealed." This video shows you how to validate your ideas,
> optimize your ideas and identify your business strategy.
> http://p.sf.net/sfu/appsumosfdev2dev
> _______________________________________________
> eGroupWare-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/egroupware-users

--
Ralf Becker
Director Software Development

Stylite AG

Morschheimer Strasse 15 | Tel. +49 6352 70629 0
D-67292 Kirchheimbolanden | Fax. +49 6352 70629 30

Email: [hidden email]

www.stylite.de | www.egroupware.org

Managing Directors: Andre Keller | Ralf Becker | Gudrun Mueller
Chairman of the supervisory board: Prof. Dr. Birger Leon Kropshofer

Commerzbank BLZ 55040022 | Account 218111300
IBAN DE33 5504 0022 0218 1113 00 | BIC COBADEFFXXX
VAT DE214280951 | Registered HRB 30575 Kaiserslautern Germany

------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric
Ries, the creator of the Lean Startup Methodology on "Lean Startup
Secrets Revealed." This video shows you how to validate your ideas,
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
eGroupWare-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/egroupware-users

kahuna

Re: Unbelievable : Your session could not be verified

This post was updated on .

Thanks Ralf,

but if you read my last post, you see, i try that and it was worse....

kahuna

Re: Unbelievable : Your session could not be verified

If that interest someone, i give you the link for a new installation freshmade with the same problem...

http://www.imagin-sight.com/egroupware

login: admin
pass: 123

ingoratsdorf

Re: Unbelievable : Your session could not be verified

Hi.

That only confirms that it's not your browser that is having issues or you as a user....
Either your server configuration is incorrect or not suitable and/or your installation is not correct.

I would rather suspect the first case since it is hardly possible to mess up the installation.

Have there been any warnings during installation?
How does your header setup looks like?
What is your system configuration?

If you want people to help you, then you need to provide INFORMATION, not just statements like "The f@#$#@ing message shows again"....

Regards,
Ingo

----- Original Message -----
From: kahuna <[hidden email]>
To: [hidden email]
Sent: Sat, 16 Jul 2011 05:21:47
Subject: Re: [eGroupWare-users] Unbelievable : Your session could not be verified

> If that interest someone, i give you the link for a new installation
> freshmade with the same problem...
>
> http://www.imagin-sight.com/egroupware
>
> login: admin
> pass: 123
>

------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric
Ries, the creator of the Lean Startup Methodology on "Lean Startup
Secrets Revealed." This video shows you how to validate your ideas,
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
eGroupWare-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/egroupware-users

kahuna

Re: Unbelievable : Your session could not be verified

you're right, but it's not my first installation, i never have had problem.

The idea was to migrate my egw 1.6 to a webhost with egw 1.8.

During the installation, there were no warnings, the migration was perfectly ok.

My header looks like:

<?php
/**
* eGroupWare - configuration file
*
* Use eGroupWare's setup to create or edit this configuration file.
* You do NOT need to copy and edit this file manually!
*
* @link http://www.egroupware.org
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @author RalfBecker@outdoor-training.de
* (This file was originaly written by Dan Kuykendall)
* @version $Id: header.inc.php.template 33300 2010-12-06 08:39:04Z leithoff $
*/

// allow to migrate from phpgw_info to egw_info
if (!isset($GLOBALS['egw_info']) || in_array($GLOBALS['egw_info']['flags']['currentapp'],array('jinn','mydms','tts')))
{
if (!isset($GLOBALS['egw_info']))
{
$GLOBALS['egw_info'] =& $GLOBALS['phpgw_info'];
}
else
{
$GLOBALS['phpgw_info'] =& $GLOBALS['egw_info'];
}
$GLOBALS['egw_info']['flags']['phpgw_compatibility'] = true;
}

// eGW install dir, need to be changed if you copy the server to an other directory
define('EGW_SERVER_ROOT','/home/ouosxzkt/public_html/egroupware');

// other pathes depending on the one above
define('EGW_INCLUDE_ROOT',EGW_SERVER_ROOT);
define('EGW_API_INC',EGW_INCLUDE_ROOT.'/phpgwapi/inc');

// who is allowed to make changes to THIS config file via eGW's setup
$GLOBALS['egw_info']['server']['header_admin_user'] = 'admin';
$GLOBALS['egw_info']['server']['header_admin_password'] = '202cb962ac59075b964b07152d234b70';

// restrict the access to setup to certain (comma separated) IPs or domains
$GLOBALS['egw_info']['server']['setup_acl'] = '';

/* eGroupWare domain-specific db settings */
$GLOBALS['egw_domain']['default'] = array(
'db_host' => 'localhost',
'db_port' => '3306',
'db_name' => 'ouosxzkt_egw',
'db_user' => 'ouosxzkt_egw',
'db_pass' => 'adaymaybe',
// Look at the README file
'db_type' => 'mysql',
// This will limit who is allowed to make configuration modifications
'config_user' => 'admin',
'config_passwd' => '202cb962ac59075b964b07152d234b70'
);

/*
** If you want to have your domains in a select box, change to True
** If not, users will have to login as user@domain
** Note: This is only for virtual domain support, default domain users (that's everyone
** form the first domain or if you have only one) can login only using just there loginid.
*/
$GLOBALS['egw_info']['server']['show_domain_selectbox'] = false;

$GLOBALS['egw_info']['server']['db_persistent'] = true;

/*
** used session handler: egw_session_files works for all build in php session handlers
** other handlers (like egw_session_memcache) can be enabled here
*/
$GLOBALS['egw_info']['server']['session_handler'] = 'egw_session_files';

/* Select which login template set you want, most people will use idots */
$GLOBALS['egw_info']['login_template_set'] = 'idots';

/* This is used to control mcrypt's use */
$GLOBALS['egw_info']['server']['mcrypt_enabled'] = false;

/*
** This is a random string used as the initialization vector for mcrypt
** feel free to change it when setting up eGrouWare on a clean database,
** but you must not change it after that point!
** It should be around 30 bytes in length.
*/
$GLOBALS['egw_info']['server']['mcrypt_iv'] = 'Ckhz2tGJaIRZfeXWxlij1vNCWbTC9';

if(!isset($GLOBALS['egw_info']['flags']['nocachecontrol']) || !$GLOBALS['egw_info']['flags']['nocachecontrol'])
{
header('Cache-Control: no-cache, must-revalidate'); // HTTP/1.1
header('Pragma: no-cache'); // HTTP/1.0
}
else
{
// allow caching by browser
session_cache_limiter('private_no_expire');
}

$GLOBALS['egw_info']['flags']['page_start_time'] = microtime(true);

define('DEBUG_API', False);
define('DEBUG_APP', False);

include(EGW_SERVER_ROOT.'/phpgwapi/setup/setup.inc.php');
$GLOBALS['egw_info']['server']['versions']['phpgwapi'] = $setup_info['phpgwapi']['version'];
$GLOBALS['egw_info']['server']['versions']['current_header'] = $setup_info['phpgwapi']['versions']['current_header'];
unset($setup_info);
$GLOBALS['egw_info']['server']['versions']['header'] = '1.29';

if(!isset($GLOBALS['egw_info']['flags']['noapi']) || !$GLOBALS['egw_info']['flags']['noapi'])
{
if (substr($_SERVER['SCRIPT_NAME'],-7) != 'dav.php') // dont do it for webdav/groupdav, as we can not safely switch it off again
{
ob_start(); // to prevent error messages to be send before our headers
}
require_once(EGW_API_INC . '/functions.inc.php');
}
else
{
require_once(EGW_API_INC . '/common_functions.inc.php');
}

/*
Leave off the final php closing tag, some editors will add
a \n or space after which will mess up cookies later on
*/

My php.ini on the webhost:

file_uploads = on
log_errors = on
magic_quotes_gpc = off
magic_quotes_runtime = off
register_globals = off
short_open_tag = on
track_vars = on
display_errors = off
error_reporting = 6135
max_execution_time = 90
max_input_time = 60
memory_limit = 256M
session.gc_maxlifetime = 14400
upload_max_filesize = 64M
post_max_size = 65M
safe_mode = on
date.timezone = Europe/Luxembourg

# session handling: now the check for expired sessions is done on every 10th session creation
session.use_trans_sid = Off
session.gc_probability = 1
session.gc_divisor = 10

# multibyte extension: needed for utf-8
mbstring.func_overload = 7

session.save_path = /home/ouosxzkt/public_html/egw_sessions

My system configuration is the hosting agsahosting with a shared server.

To be sure my last installation was made without migration, with an empty database,
the setup login/pass are the same.

ingoratsdorf

Re: Unbelievable : Your session could not be verified

Hi.

Since I cannot see any issues in you installation, I would suspect that your hosting is not compatible with eGroupware.
Are you actually sure that you CAN have your own PHP.INI in place and that it actually takes the values you specify? This is rather unusual on shared servers...
Have you contacted agsahosting re the problem? Do they have any comments?

I am on a shared server too and I can have whatever php.ini that I like, but it would be totally ignored, as most of the apache .htaccess settings....
Yet it runs.

>From what I can make out it has to do with the sessions in PHP...

Cheers,
Ingo

----- Original Message -----
From: kahuna <[hidden email]>
To: [hidden email]
Sent: Sat, 16 Jul 2011 19:42:57
Subject: Re: [eGroupWare-users] Unbelievable : Your session could not be verified

> you're right, but it's not my first installation, i never have had problem.
>
> The idea was to migrate my egw 1.6 to a webhost with egw 1.8.
>
> During the installation, there were no warnings, the migration was perfectly
> ok.
>
> *My header looks like:*
>
> <?php
> /**
> * eGroupWare - configuration file
> *
> * Use eGroupWare's setup to create or edit this configuration file.
> * You do NOT need to copy and edit this file manually!
> *
> * @link http://www.egroupware.org
> * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General
> Public License
> * @author [hidden email]
> * (This file was originaly written by Dan Kuykendall)
> * @version $Id: header.inc.php.template 33300 2010-12-06 08:39:04Z leithoff
> $
> */
>
> // allow to migrate from phpgw_info to egw_info
> if (!isset($GLOBALS['egw_info']) ||
> in_array($GLOBALS['egw_info']['flags']['currentapp'],array('jinn','mydms','tts')))
> {
> if (!isset($GLOBALS['egw_info']))
> {
> $GLOBALS['egw_info'] =& $GLOBALS['phpgw_info'];
> }
> else
> {
> $GLOBALS['phpgw_info'] =& $GLOBALS['egw_info'];
> }
> $GLOBALS['egw_info']['flags']['phpgw_compatibility'] = true;
> }
>
> // eGW install dir, need to be changed if you copy the server to an other
> directory
> define('EGW_SERVER_ROOT','/home/ouosxzkt/public_html/egroupware');
>
> // other pathes depending on the one above
> define('EGW_INCLUDE_ROOT',EGW_SERVER_ROOT);
> define('EGW_API_INC',EGW_INCLUDE_ROOT.'/phpgwapi/inc');
>
> // who is allowed to make changes to THIS config file via eGW's setup
> $GLOBALS['egw_info']['server']['header_admin_user'] = 'admin';
> $GLOBALS['egw_info']['server']['header_admin_password'] =
> '202cb962ac59075b964b07152d234b70';
>
> // restrict the access to setup to certain (comma separated) IPs or domains
> $GLOBALS['egw_info']['server']['setup_acl'] = '';
>
> /* eGroupWare domain-specific db settings */
> $GLOBALS['egw_domain']['default'] = array(
> 'db_host' => 'localhost',
> 'db_port' => '3306',
> 'db_name' => 'ouosxzkt_egw',
> 'db_user' => 'ouosxzkt_egw',
> 'db_pass' => 'adaymaybe',
> // Look at the README file
> 'db_type' => 'mysql',
> // This will limit who is allowed to make configuration modifications
> 'config_user' => 'admin',
> 'config_passwd' => '202cb962ac59075b964b07152d234b70'
> );
>
>
> /*
> ** If you want to have your domains in a select box, change to True
> ** If not, users will have to login as user@domain
> ** Note: This is only for virtual domain support, default domain users
> (that's everyone
> ** form the first domain or if you have only one) can login only using just
> there loginid.
> */
> $GLOBALS['egw_info']['server']['show_domain_selectbox'] = false;
>
> $GLOBALS['egw_info']['server']['db_persistent'] = true;
>
> /*
> ** used session handler: egw_session_files works for all build in php
> session handlers
> ** other handlers (like egw_session_memcache) can be enabled here
> */
> $GLOBALS['egw_info']['server']['session_handler'] = 'egw_session_files';
>
> /* Select which login template set you want, most people will use idots */
> $GLOBALS['egw_info']['login_template_set'] = 'idots';
>
> /* This is used to control mcrypt's use */
> $GLOBALS['egw_info']['server']['mcrypt_enabled'] = false;
>
> /*
> ** This is a random string used as the initialization vector for mcrypt
> ** feel free to change it when setting up eGrouWare on a clean database,
> ** but you must not change it after that point!
> ** It should be around 30 bytes in length.
> */
> $GLOBALS['egw_info']['server']['mcrypt_iv'] =
> 'Ckhz2tGJaIRZfeXWxlij1vNCWbTC9';
>
> if(!isset($GLOBALS['egw_info']['flags']['nocachecontrol']) ||
> !$GLOBALS['egw_info']['flags']['nocachecontrol'])
> {
> header('Cache-Control: no-cache, must-revalidate'); // HTTP/1.1
> header('Pragma: no-cache'); // HTTP/1.0
> }
> else
> {
> // allow caching by browser
> session_cache_limiter('private_no_expire');
> }
>
> $GLOBALS['egw_info']['flags']['page_start_time'] = microtime(true);
>
> define('DEBUG_API', False);
> define('DEBUG_APP', False);
>
> include(EGW_SERVER_ROOT.'/phpgwapi/setup/setup.inc.php');
> $GLOBALS['egw_info']['server']['versions']['phpgwapi'] =
> $setup_info['phpgwapi']['version'];
> $GLOBALS['egw_info']['server']['versions']['current_header'] =
> $setup_info['phpgwapi']['versions']['current_header'];
> unset($setup_info);
> $GLOBALS['egw_info']['server']['versions']['header'] = '1.29';
>
> if(!isset($GLOBALS['egw_info']['flags']['noapi']) ||
> !$GLOBALS['egw_info']['flags']['noapi'])
> {
> if (substr($_SERVER['SCRIPT_NAME'],-7) != 'dav.php') // dont do it for
> webdav/groupdav, as we can not safely switch it off again
> {
> ob_start(); // to prevent error messages to be send before our headers
> }
> require_once(EGW_API_INC . '/functions.inc.php');
> }
> else
> {
> require_once(EGW_API_INC . '/common_functions.inc.php');
> }
>
> /*
> Leave off the final php closing tag, some editors will add
> a \n or space after which will mess up cookies later on
> */
>
>
> *My php.ini on the webhost:*
>
> file_uploads = on
> log_errors = on
> magic_quotes_gpc = off
> magic_quotes_runtime = off
> register_globals = off
> short_open_tag = on
> track_vars = on
> display_errors = off
> error_reporting = 6135
> max_execution_time = 90
> max_input_time = 60
> memory_limit = 256M
> session.gc_maxlifetime = 14400
> upload_max_filesize = 64M
> post_max_size = 65M
> safe_mode = on
> date.timezone = Europe/Luxembourg
>
> # session handling: now the check for expired sessions is done on every 10th
> session creation
> session.use_trans_sid = Off
> session.gc_probability = 1
> session.gc_divisor = 10
>
> # multibyte extension: needed for utf-8
> mbstring.func_overload = 7
>
> session.save_path = /home/ouosxzkt/public_html/egw_sessions
>
>
> *My system configuration* is the hosting agsahosting with a shared server.
>
>
> To be sure my last installation was made without migration, with an empty
> database,
> the setup login/pass are the same.
>
>
>
> --
> View this message in context: http://egroupware.219119.n3.nabble.com/Unbelievable-Your-session-could-not-be-verified-tp3163890p3174220.html
> Sent from the egroupware-users mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> AppSumo Presents a FREE Video for the SourceForge Community by Eric
> Ries, the creator of the Lean Startup Methodology on "Lean Startup
> Secrets Revealed." This video shows you how to validate your ideas,
> optimize your ideas and identify your business strategy.
> http://p.sf.net/sfu/appsumosfdev2dev
> _______________________________________________
> eGroupWare-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/egroupware-users
>

------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric
Ries, the creator of the Lean Startup Methodology on "Lean Startup
Secrets Revealed." This video shows you how to validate your ideas,
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
eGroupWare-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/egroupware-users

kahuna

Re: Unbelievable : Your session could not be verified

This post was updated on .

Hi,

the php.ini is ok, i think...

you can see that link to check that:

http://www.imagin-sight.com/egroupware/chemin.php

I have contacted agsahosting, they know nothing, never try egw, not a really good help.

Do we need the php extension XML-DTD on the server?

Lionel