FrontAccounting forum — login repeats with every click

Re: login repeats with every click

null@example.com (apmuthu) — Tue, 25 Jan 2022 03:18:12 +0000

On http call, a check if https exists and if so an appropriate https redirection in FA would be good.

Re: login repeats with every click

null@example.com (itronics) — Mon, 24 Jan 2022 08:56:04 +0000

Recognising http vs https is how it worked before the change. But this means that once logged in to your installation via http, it willl be selected always on later logins (unless there is automatic http>https redirection). Logging via http means sending password in plain, which is completely unsecure and should be avoided if possible.
IMO user safety should be prioritized when dealing with sensitive data (like accounting), so sending cookies only via secure channel is just better policy default. Admin choice to lower down security is now required to be made as conscious decision, and should not depend on arbitrary ISP server settings.
J.

Re: login repeats with every click

null@example.com (apmuthu) — Mon, 24 Jan 2022 05:00:06 +0000

Effective workaround to use the newer commit only for https and not for http:

Replace hardcoded line 14 of includes/session.inc:

define('SECURE_ONLY', true);

to be

define('SECURE_ONLY', (parse_url($_SERVER['REQUEST_URI'], PHP_URL_SCHEME) == 'https'));

This way newer installs will not break when not using https. The last few times, the released versions seem to have some showstopper for existing users. This will only make existing users especially on legacy systems not to upgrade as that would warrant "consultant costs". FA should herd and retain it's flock as that is where the network wealth of the project lies - bulk satisfied standard users who can upgrade atleast in minor versions safely.

Re: login repeats with every click

null@example.com (apmuthu) — Mon, 24 Jan 2022 02:59:29 +0000

It is then better not to be hardcoded as a define but dynamically computed if https is in the URL. As it stands after the current commit, we still need to set the define manually.

Re: login repeats with every click

null@example.com (itronics) — Sun, 23 Jan 2022 20:51:37 +0000

This change was introduced to enforce secure session in FA, so all works as expected if FA is accessed via https.
For rare situations when https is not available, additional configuration value could be handy, so we have added it.
Now, if you know what you are doing, you can switch off https cookies enforcing in session.inc.
Unfortunately this option cannot be added in sysprefs/config.php because the settings are not available before session is started.
J.

Re: login repeats with every click

null@example.com (joe) — Sat, 22 Jan 2022 21:29:17 +0000

Hello guys,

Thanks for reporting this issue.

I have asked Itronics to look into it and fix something.

Joe

Re: login repeats with every click

null@example.com (apmuthu) — Fri, 21 Jan 2022 03:04:23 +0000

@joe: This needs to be automagically set based on PHP version or by a server wide config variable.

Re: login repeats with every click

null@example.com (paschauf) — Wed, 05 Jan 2022 03:00:49 +0000

I recently made a fresh install and session.inc created continuous timeouts with redirects to the login page (ubuntu 20.04, PHP 7.4 as well as PHP8.0, FA 2.4.11). I was looking for hours at sessions with webservers and cookies but finally notrinos found the real culprit. Thanks.

WORKS:
$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)));

CONTINUOUSLY TIMEOUTS SESSIONS:
$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)), 0, '/', null, True);

Re: login repeats with every click

null@example.com (mosaicmerchant) — Tue, 28 Dec 2021 13:20:03 +0000

It's worked. Great. Thank you notrinos.

Re: login repeats with every click

null@example.com (risingstar) — Mon, 27 Dec 2021 12:58:24 +0000

notrinos wrote:

The problem has been firing from this commit: https://github.com/FrontAccountingERP/F … 07ada68667
Someone who faced the same issue after upgrade FA to 2.4.11 can get solution by roll back the file session.inc to state it was before the commit.
Or just replace the session.inc with this file:
https://raw.githubusercontent.com/Front … ession.inc

Great, it's work

Re: login repeats with every click

null@example.com (PatJr) — Thu, 23 Dec 2021 15:42:05 +0000

Thanks notrinos!
Looks like that works.

Re: login repeats with every click

null@example.com (notrinos) — Thu, 23 Dec 2021 12:29:07 +0000

The problem has been firing from this commit: https://github.com/FrontAccountingERP/F … 07ada68667
Someone who faced the same issue after upgrade FA to 2.4.11 can get solution by roll back the file session.inc to state it was before the commit.
Or just replace the session.inc with this file:
https://raw.githubusercontent.com/Front … ession.inc

Re: login repeats with every click

null@example.com (mosaicmerchant) — Thu, 23 Dec 2021 08:12:02 +0000

I am facing same problem here. Yesterday I upgrade 2.4.11 and since then it redirected me to the login page. Version 2.4.10 seems fine.

Re: login repeats with every click

null@example.com (PatJr) — Tue, 21 Dec 2021 04:05:41 +0000

Thank You kvvaradha for your feedback.
I'll have a try at those suggestions.

The browsers, I did try 3 different ones and got the same results.
I put 2.4.10 back in and it started working fine again.

Thanks Again and Merry Christmas 2021!

Re: login repeats with every click

null@example.com (kvvaradha) — Tue, 21 Dec 2021 03:51:03 +0000

Sometimes it happened, if you hosted it on web server and try to access from unstable internet.

Sometimes it happens with browser cookie or session level. So clear the cache and try again.

Sometimes it happens with program level. The php version also sometimes issues bug during creation of session.