Admin Logs Out on Post Form

[cameroti]

Hi,

I have a new install of osCMax RC2. I have only one issue of note - every time I post a form in the admin panel (eg Manual Creat Order), I am logged out of the Admin Panel.

I thought I was losing the session, but I have mysql set for sessions, and all seems to be fine.

I have tried reinstalling, with no change in the outcome.

Has any one come across this - any pointers appreciated.

Cheers
Tim

[jpf]

Try "loging out" then try again. Also store session in MYSQL (set in configure.php files).

[cameroti]

Hi JPF,

Thanks for the prompt reply.

I had a search through the threads prior to post, and have already tried to log off then log back on - tested this extensively, but did not change behaviour.

I also checked my config files and they have sessions set to mysql.

The behaviour occurs when ever i post a form eg go to 'create order' select customer from drop down list, hit 'submit' - bang I am logged out. Very frustrating!

Any other thoughts on where I can look. I have noticed that from time to time this issue gets raised, but cannot find a solution.

Thanks & Regards,

[cameroti]

Further update ---

I found a post with the same problem suggesting that it could be resolved by using a different browser - I downloaded FireFox (great browser!) and tested but the behaviour remained the same.

Any other ideas?

Cheers

[cameroti]

For those that find this thread with the same problem - I ended up resolving by moving to a different ISP with later versions of MySQL and PHP and the same version of Apache. I transferred the code and database with out reinstalling, just updating the configure.php files (x2) and the problem went away.

I believe my ISP also required some compulsory security mods to osCommerce which was causing the glitch with osCMax.

Cheers

[Buser]

Hi Cameroti,

I'm currently experiencing the same problems as you were experiencing.
Can you please specify which versions of MySQL, PHP and Apache you are currently running without this problem? Do you have any idea which mods might have caused the problem? Just in case if this problem isn't related to the installed versions of MySQL, PHP and Apache.

Thanks in advance.

[cameroti]

Hi Buser,

My previous ISP was running the following config

Appache 1.3.33
PHP 4.3.2
MySQL 4.0.21

My current config is

Appache 1.3.33
PHP 4.4.0
MySQL 4.1.13 standard

Just as importantly, my previous ISP required some changes to the application_top.php files, specifically for the admin/application_top.php file they required 'isset' to be replaced by '!empty' (I think this only occurs once).

So to get rid of my problem, I reversed the above code change and transferred to a new ISP. I didn't bother re-installing, I just copied the files across, dumped and uploaded the data base, and changed the relevant lines in the two configure.php files... and hey presto everything worked fine.

I hope this helps - I have seen a number of posts with the same problem on other boards, and never a specific resolution.

Cheers
Tim

[avibodha]

One more thing to check is your value of PHP_SELF. You can see this in your Server Info panel under Tools.

See if this path matches exactly your path in your config. On my server it's different than my SSL secure admin path. Even though the page comes up, it's using a slightly different path. That means that the cookie for your logged-in ID is not passed to the page, and voila, you're logging in again.

Be sure your WS_ADMIN is correct because that's the path the cookie is set with.

My solution is to wrap each $PHP_SELF with basename($PHP_SELF) whenever I find one not working. This is especially true for forms since most of them do not pass a hidden field for the adminid.

All $PHP_SELF's (except for the ones just looking at the filename extension) should probably be replaced with a function so it can be customized as needed.

---todd

[cameroti]

The following change worked, even on my old ISP!

Code:

# Edit the file admin/includes/application_top.php
On line 35 (approx), replace :

$PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ?$HTTP_SERVER_VARS['PHP_SELF']
: $HTTP_SERVER_VARS['SCRIPT_NAME']);

with :

$PHP_SELF = (!empty($HTTP_SERVER_VARS['PHP_SELF']) ?
$HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']);

Hope this helps someone.