False session expired warning

  • In my image limit test, I may have discovered another issue. A false warning that my session has expired even though it clearly has not and I can easily navigate to another page (the dashboard for example) and I am still logged in.


    1.jpg


    To repeat these steps visit this thread (when you have pending notices)

    smile (image test)



    Attempt to view your notifications and the above (see attached) warning will popup.

    Move anywhere else on the site and you can clearly see that this is a false warning.

    Files

    Edited once, last by Abuse_and_Troll_Test ().

  • ^ A quick followup on this. This can also (sometimes) be produced when posting. Usually after switching between the raw and normal editor, then hitting submit. However, it is not exclusive to that behavior.

  • Now would be a good time to check the logs to see if anything was logged. :)

    Files

    • Official Post

    Actually the message simply means that the combination of session id and security token does not match.


    This is usually caused by expired sessions, but reloading the page usually fixes this, because you have a login cookie that will perform an automatic login in the background. Using this cookie to authenticate the AJAX request is strictly forbidden, as this would introduce a XSRF vulnerability.


    I'm thinking about changing the message, so that it instructs to reload the page, which most of the time is sufficient to solve this.

  • Actually the message simply means that the combination of session id and security token does not match.


    This is usually caused by expired sessions, but reloading the page usually fixes this, because you have a login cookie that will perform an automatic login in the background. Using this cookie to authenticate the AJAX request is strictly forbidden, as this would introduce a XSRF vulnerability.


    I'm thinking about changing the message, so that it instructs to reload the page, which most of the time is sufficient to solve this.

    It happens far to often for comfort. So much so that my users would assume the site was broken (as I do).

  • Now that you say that, the have been some changes to the way cookies are set, which could cause issues in combination with any old cookies still around. I recommend clearing the cookies set for this site and login again, that should fix it.

    I'm confident that it is not old cookies. I just finished formatting my whole hard drive and reinstalling a fresh copy of Windows. The attached screenshot is an error I received when clicked on the login / register button.


    That means I received this error before even trying to login. I had not even entered my user name or password. Meaning I received this error as a guest.

    Files

  • Every user has a session that can expire, even guests do. Do you mind to tell me what browser and addons you're running?

    In this instance, it would have expired in under 1 minutes (that is how long I was on the site before clicking the link).


    Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0


    JavaScript Enabled: Yes
    Cookies Enabled: Yes
    Device Pixel Ratio: 1
    Screen Resolution: 1920px x 1080px
    Browser Window Size: 1903 px x 971 px


    source: http://www.whoishostingthis.com/tools/user-agent/


    Actually 49.0.2 - 64 bit to be exact. ;)

    Files

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!