It's much more fun, when you can discuss your problems with others...
You are not logged in. Please login or register.
FrontAccounting forum → Report Bugs here → login repeats with every click
HI FA forum!
I just did an update from 2.4.10 to 2.4.11
2.4.10 was working just fine
FA is running on debian 11 on a VitualBox VM
I can get logged in OK
but now every time I click on a new menu item I get kicked back to the login screen
but if I login from localhost it doesn't do that, FA works fine
Probably some hiccup with VirtualBox.
Any tips appreciated.
Merry Christmas 2021!
Sometimes it happened, if you hosted it on web server and try to access from unstable internet.
Sometimes it happens with browser cookie or session level. So clear the cache and try again.
Sometimes it happens with program level. The php version also sometimes issues bug during creation of session.
Thank You kvvaradha for your feedback.
I'll have a try at those suggestions.
The browsers, I did try 3 different ones and got the same results.
I put 2.4.10 back in and it started working fine again.
Thanks Again and Merry Christmas 2021!
I am facing same problem here. Yesterday I upgrade 2.4.11 and since then it redirected me to the login page. Version 2.4.10 seems fine.
The problem has been firing from this commit: https://github.com/FrontAccountingERP/F … 07ada68667
Someone who faced the same issue after upgrade FA to 2.4.11 can get solution by roll back the file session.inc to state it was before the commit.
Or just replace the session.inc with this file:
https://raw.githubusercontent.com/Front … ession.inc
Thanks notrinos!
Looks like that works.
The problem has been firing from this commit: https://github.com/FrontAccountingERP/F … 07ada68667
Someone who faced the same issue after upgrade FA to 2.4.11 can get solution by roll back the file session.inc to state it was before the commit.
Or just replace the session.inc with this file:
https://raw.githubusercontent.com/Front … ession.inc
Great, it's work
It's worked. Great. Thank you notrinos.
I recently made a fresh install and session.inc created continuous timeouts with redirects to the login page (ubuntu 20.04, PHP 7.4 as well as PHP8.0, FA 2.4.11). I was looking for hours at sessions with webservers and cookies but finally notrinos found the real culprit. Thanks.
WORKS:
$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)));
CONTINUOUSLY TIMEOUTS SESSIONS:
$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)), 0, '/', null, True);
@joe: This needs to be automagically set based on PHP version or by a server wide config variable.
Hello guys,
Thanks for reporting this issue.
I have asked Itronics to look into it and fix something.
Joe
This change was introduced to enforce secure session in FA, so all works as expected if FA is accessed via https.
For rare situations when https is not available, additional configuration value could be handy, so we have added it.
Now, if you know what you are doing, you can switch off https cookies enforcing in session.inc.
Unfortunately this option cannot be added in sysprefs/config.php because the settings are not available before session is started.
J.
It is then better not to be hardcoded as a define but dynamically computed if https is in the URL. As it stands after the current commit, we still need to set the define manually.
Effective workaround to use the newer commit only for https and not for http:
Replace hardcoded line 14 of includes/session.inc:
define('SECURE_ONLY', true);to be
define('SECURE_ONLY', (parse_url($_SERVER['REQUEST_URI'], PHP_URL_SCHEME) == 'https'));This way newer installs will not break when not using https. The last few times, the released versions seem to have some showstopper for existing users. This will only make existing users especially on legacy systems not to upgrade as that would warrant "consultant costs". FA should herd and retain it's flock as that is where the network wealth of the project lies - bulk satisfied standard users who can upgrade atleast in minor versions safely.
Recognising http vs https is how it worked before the change. But this means that once logged in to your installation via http, it willl be selected always on later logins (unless there is automatic http>https redirection). Logging via http means sending password in plain, which is completely unsecure and should be avoided if possible.
IMO user safety should be prioritized when dealing with sensitive data (like accounting), so sending cookies only via secure channel is just better policy default. Admin choice to lower down security is now required to be made as conscious decision, and should not depend on arbitrary ISP server settings.
J.
On http call, a check if https exists and if so an appropriate https redirection in FA would be good.
FrontAccounting forum → Report Bugs here → login repeats with every click
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 4 official extensions. Copyright © 2003–2009 PunBB.