Why does phpList ask me to login for every admin page I ...

Once you've installed phpList Version 2... ask questions here!
Forum rules
Please help the volunteers to help you by supplying the version of phpList you are using, browser & version and if possible, a link to your phpList installation. This is for Version 2 of phpList (the orange one).

Why does phpList ask me to login for every admin page I ...

Postby bryansk » 8:25pm, Mon 02 Nov, 2009

Wow,
lets see this again and again... (after 3 hours of reading here need to post):

New installed 2.10.10
Read much enough about it
Scouting my server and I can see:
- every time i click a page in admin, I have to login again
- temp folder for session is RW for apache
- session handling is file, functional in any other web appl.,
- phplist creates new session each time i click in admin (I see new and new sessions in temp dir)
- I have played with session.use_trans_id =0 or =1, no change
- I have played with $SessionTableName = "phplistsessions"; , no effect, same trouble
- and I did play with define("CHECK_SESSIONIP",0); to make shure my fixed IP (without any proxy) is fixed to the eye of phplist

Simply i think it is likely strange. Is there any FAQ, DOCs or post I did miss?
Please advice...

Thanks
Last edited by bryansk on 10:31pm, Mon 02 Nov, 2009, edited 1 time in total.
bryansk
phpLister
 
Posts: 6
Joined: 8:13pm, Mon 02 Nov, 2009

Re: Why does phpList ask me to login for every admin page I ...

Postby H2B2 » 10:22pm, Mon 02 Nov, 2009

You do not mention having checked your internet connection. This may be relevant, since if "You are connecting through multiple proxies and this means that your IP address isn't the same for every page request. (AOL is an example of an ISP that connects in this way.) You can solve this in config.php, by setting define("CHECK_SESSIONIP",0); "
ref: http://docs.phplist.com/PhplistFAQ
H2B2
Moderator
 
Posts: 7188
Joined: 1:51am, Wed 15 Mar, 2006

Re: Why does phpList ask me to login for every admin page I ...

Postby bryansk » 10:34pm, Mon 02 Nov, 2009

H2B2 wrote:You do not mention having checked your internet connection. This may be relevant, since if "You are connecting through multiple proxies and this means that your IP address isn't the same for every page request. (AOL is an example of an ISP that connects in this way.) You can solve this in config.php, by setting define("CHECK_SESSIONIP",0); "
ref: http://docs.phplist.com/PhplistFAQ


I just edited my original post, sorry I have forgotten to put this on list.
:)

Please give more hints...
bryansk
phpLister
 
Posts: 6
Joined: 8:13pm, Mon 02 Nov, 2009

Re: Why does phpList ask me to login for every admin page I ...

Postby H2B2 » 10:41pm, Mon 02 Nov, 2009

I'm afraid I have no other suggestions. You seem to have covered every possible cause I can think of at the moment. You might double-check that your old config.php file was correctly overwritten by the changed one.
H2B2
Moderator
 
Posts: 7188
Joined: 1:51am, Wed 15 Mar, 2006

Re: Why does phpList ask me to login for every admin page I ...

Postby bryansk » 11:18pm, Mon 02 Nov, 2009

H2B2 wrote:I'm afraid I have no other suggestions. You seem to have covered every possible cause I can think of at the moment. You might double-check that your old config.php file was correctly overwritten by the changed one.


...and i did check power cord too :)

well, in this case I would go in deep with session handling in scripts, I have never seen so many issues about handling the session as here. it is no complain, just statement. I;d like to go ahead with phplist, because it seems to me meeting my criteria best of all, just figure out this ugly start...as many times before with many other thing in life...
bryansk
phpLister
 
Posts: 6
Joined: 8:13pm, Mon 02 Nov, 2009

Re: Why does phpList ask me to login for every admin page I ...

Postby bryansk » 9:34pm, Wed 11 Nov, 2009

Well after a while - one more point to put to FAQ http://docs.phplist.com/PhplistFAQ:

check your section in php.ini near this:
[Session]
session.use_cookies = 1

As I do not like to set cookies, (some browsers do not support them) I disabled using cookies on my server. phplist requires to have session cookies enabled otherways it ask me to login for every admin page.

It would be probably less troubles if install could have some feature to make check to server requirements for running a phplist...

But anyway, it is the first open source project I installed on my server requiring cookies enabled...wa' pity...please consider this for next versions if is it so much necessary to depend on cookies enabled.

Thank you
bryansk
phpLister
 
Posts: 6
Joined: 8:13pm, Mon 02 Nov, 2009

Re: Why does phpList ask me to login for every admin page I ...

Postby H2B2 » 6:01am, Sat 14 Nov, 2009

Suggest addition included in FAQ. Thanks for your feedback!
H2B2
Moderator
 
Posts: 7188
Joined: 1:51am, Wed 15 Mar, 2006

Re: Why does phpList ask me to login for every admin page I ...

Postby bryansk » 5:13pm, Sun 15 Nov, 2009

H2B2 wrote:Suggest addition included in FAQ. Thanks for your feedback!

Well, I just do not like FAQ formulations "This generally indicates that something is wrong with session handling in your PHP configuration"

It is nothing wrong to disable session cookie (session.use_cookies = 0) in php.ini file.

Disadvantage of cookie is, that cookie may stay in client browser, some users may believe they are logged off by closing browser window, but if you recall page, it is still logged in. This is possible safety issue.

I would strongly suggest to improve session handling at phplist scripts in closest future.

Thank you
bryansk
phpLister
 
Posts: 6
Joined: 8:13pm, Mon 02 Nov, 2009

Re: Why does phpList ask me to login for every admin page I ...

Postby jschell » 7:17am, Wed 09 Dec, 2009

I'm having this same problem. I've gone through all of the potential issues in the FAQ without success. Also, I tried saving sessions in the database and while it creates the table, no entries get created.

Is there anything I can do to try to diagnose the problem?

Thanks.
jschell
phpList newbie
 
Posts: 1
Joined: 7:07am, Wed 09 Dec, 2009

Re: Why does phpList ask me to login for every admin page I ...

Postby xrayman » 11:57pm, Mon 08 Feb, 2010

After upgrading to version 2.10.10 I started having the admin page log in problem. Until today (2-8-2010) I have not needed to send out any messages. Users were able to be added onto the list as normal. Today when I tried to save the message the page would refresh with all the message space blank. Thinking the problem could be related to the admin page log in problem I searched the FAQ section. I went through all of the potential issues in the FAQ page viewtopic.php?f=5&t=28799 without success. Also I tried saving sessions in the database and while it creates the table, no entries were created.

Bottom line, I resolved all my problems when I found on my control panel > PHP Scripting, I could switch to php5, it was set to php4. I think it was set to PHP4 as default.
A good thing to check when anyone has problems after making a version upgrade.
xrayman
phpList newbie
 
Posts: 1
Joined: 11:09pm, Mon 08 Feb, 2010

Re: Why does phpList ask me to login for every admin page I ...

Postby schkovich » 12:43am, Sat 18 Sep, 2010

Having set use secure cookies to true and phpList in subdomain caused the problem.

It would be better to create a class that will handle sessions (not only starting and destroying but getters and setters, timers, secuirty, etc) but since phpList is far, far away from OOP perhaps at list a single function that will handle starting sessions should be created. Unfortunately I did not have time to figure out where such function should be placed therefore several files need to be patched.
Code: Select all
# This patch file was generated by NetBeans IDE
# Following Index: paths are relative to: /home/schkovich/NetBeansProjects/phpList/trunk/public_html/lists/config
# This patch can be applied using context Tools: Patch action on respective folder.
# It uses platform neutral UTF-8 encoding and \n newlines.
# Above lines and this line are ignored by the patching process.
Index: config.php
--- config.php Remotely Modified (Based On HEAD)
+++ config.php Locally Modified (Based On LOCAL)
@@ -466,6 +466,11 @@
 # if you use this, you will need to teach your system regularly about patterns in new bounces
 define('USE_ADVANCED_BOUNCEHANDLING',0);
 
+/**
+ * Cookie domain, for example 'www.php.net'. To make cookies visible on all
+ * subdomains then the domain must be prefixed with a dot like '.php.net'.
+ */
+define("COOKIE_DOMAIN", ".yourdomain.tld");
 
 /*
 

# This patch file was generated by NetBeans IDE
# Following Index: paths are relative to: ${HOME}/NetBeansProjects/phpList/trunk/public_html/lists/admin/commonlib/lib
# This patch can be applied using context Tools: Patch action on respective folder.
# It uses platform neutral UTF-8 encoding and \n newlines.
# Above lines and this line are ignored by the patching process.
Index: userlib.php
--- userlib.php Remotely Modified (Based On HEAD)
+++ userlib.php Locally Modified (Based On LOCAL)
@@ -15,7 +15,7 @@
   }
 //  $_SESSION["session"] = $GLOBALS["PHPSESSID"];
   // What should it be??
-    $_SESSION["session"] = $_COOKIE["PHPSESSID"];
+    $_SESSION["session"] = $_COOKIE[md5("phplist")];
 }
 
 function getEveryoneGroupID() {

# This patch file was generated by NetBeans IDE
# Following Index: paths are relative to: ${HOME}/NetBeansProjects/phpList/trunk/public_html/lists/admin/FCKeditor/editor/filemanager/connectors/phplist
# This patch can be applied using context Tools: Patch action on respective folder.
# It uses platform neutral UTF-8 encoding and \n newlines.
# Above lines and this line are ignored by the patching process.
Index: connector.php
--- connector.php Remotely Modified (Based On HEAD)
+++ connector.php Locally Modified (Based On LOCAL)
@@ -33,8 +33,10 @@
 
 if ( !$Config['Enabled'] )
    SendError( 1, 'This connector is disabled. Please check the "editor/filemanager/connectors/php/config.php" file' ) ;
-
-@session_start();
+session_name(md5("phplist"));
+session_set_cookie_params(3600, "/", COOKIE_DOMAIN, false);
+session_cache_limiter('nocache');
+session_start();
 if (empty($_SESSION['logindetails'])) {
    SendError( 1, 'Access Denied' ) ;
 }

# This patch file was generated by NetBeans IDE
# Following Index: paths are relative to: ${HOME}/NetBeansProjects/phpList/trunk/public_html/lists/admin
# This patch can be applied using context Tools: Patch action on respective folder.
# It uses platform neutral UTF-8 encoding and \n newlines.
# Above lines and this line are ignored by the patching process.
Index: languages.php
--- languages.php Remotely Modified (Based On HEAD)
+++ languages.php Locally Modified (Based On LOCAL)
@@ -46,7 +46,10 @@
 if (!empty($GLOBALS["SessionTableName"])) {
   require_once dirname(__FILE__).'/sessionlib.php';
 }
-@session_start();
+session_name(md5("phplist"));
+session_set_cookie_params(3600, "/", COOKIE_DOMAIN, false);
+session_cache_limiter('nocache');
+session_start();
 
 if (isset($_POST['setlanguage']) && $_POST['setlanguage'] && is_array($LANGUAGES[$_POST['setlanguage']])) {
   $_SESSION['adminlanguage'] = array(

# This patch file was generated by NetBeans IDE
# Following Index: paths are relative to: ${HOME}/NetBeansProjects/phpList/trunk/public_html/lists/admin
# This patch can be applied using context Tools: Patch action on respective folder.
# It uses platform neutral UTF-8 encoding and \n newlines.
# Above lines and this line are ignored by the patching process.
Index: sidebar.php
--- sidebar.php Remotely Modified (Based On HEAD)
+++ sidebar.php Locally Modified (Based On LOCAL)
@@ -5,6 +5,9 @@
 
   global $pixel,$tables,$require_login;
   if ($require_login) {
+    session_name(md5("phplist"));
+    session_set_cookie_params(3600, "/", COOKIE_DOMAIN, false);
+    session_cache_limiter('nocache');
     session_start();
   }
   $_SESSION["sidebar_enabled"] = "yes";

# This patch file was generated by NetBeans IDE
# Following Index: paths are relative to: ${HOME}/NetBeansProjects/phpList/trunk/public_html/lists
# This patch can be applied using context Tools: Patch action on respective folder.
# It uses platform neutral UTF-8 encoding and \n newlines.
# Above lines and this line are ignored by the patching process.
Index: index.php
--- index.php Remotely Modified (Based On HEAD)
+++ index.php Locally Modified (Based On LOCAL)
@@ -51,7 +51,10 @@
   if (!empty($GLOBALS["SessionTableName"])) {
     require_once dirname(__FILE__).'/admin/sessionlib.php';
   }
-  @session_start(); # it may have been started already in languages
+  session_name(md5("phplist"));
+  session_set_cookie_params(3600, "/", COOKIE_DOMAIN, false);
+  session_cache_limiter('nocache');
+  session_start(); # it may have been started already in languages
 }
 
 if (!isset($_POST) && isset($HTTP_POST_VARS)) {

# This patch file was generated by NetBeans IDE
# Following Index: paths are relative to:${HOME}/NetBeansProjects/phpList/trunk/public_html/lists/admin
# This patch can be applied using context Tools: Patch action on respective folder.
# It uses platform neutral UTF-8 encoding and \n newlines.
# Above lines and this line are ignored by the patching process.
Index: logout.php
--- logout.php Remotely Modified (Based On HEAD)
+++ logout.php Locally Modified (Based On LOCAL)
@@ -1,8 +1,10 @@
 <?php
-require_once dirname(__FILE__).'/accesscheck.php';
+require_once dirname(__FILE__) . '/accesscheck.php';
 
-$_SESSION["adminloggedin"] = "";
-$_SESSION["logindetails"] = "";
+$_SESSION = array();
+if (isset($_COOKIE[session_name()])) {
+    setcookie(session_name(), '', time() - 42000, '/');
+}
 session_destroy();
 ?>
schkovich
phpLister
 
Posts: 5
Joined: 11:54pm, Fri 17 Sep, 2010
Location: Belgrade, Serbia

Re: Why does phpList ask me to login for every admin page I ...

Postby H2B2 » 11:58pm, Thu 07 Oct, 2010

schkovich wrote:therefore several files need to be patched.

Thanks! I assume this is for v2.10.12, am I correct?
Related mantis report: http://mantis.phplist.com/view.php?id=15547
H2B2
Moderator
 
Posts: 7188
Joined: 1:51am, Wed 15 Mar, 2006

Re: Why does phpList ask me to login for every admin page I ...

Postby schkovich » 6:48am, Fri 08 Oct, 2010

H2B2 wrote:Thanks! I assume this for v2.10.12, correct?
Related mantis report: http://mantis.phplist.com/view.php?id=15547

You are welcome. Yes patch is for v2.10.12,
schkovich
phpLister
 
Posts: 5
Joined: 11:54pm, Fri 17 Sep, 2010
Location: Belgrade, Serbia

Re: Why does phpList ask me to login for every admin page I

Postby Gordon Sturrock » 1:11am, Thu 14 Jun, 2012

thanks for this info. Was having the same problem, worked fine on a new install a month ago, come back today and find myself getting bumped out with every new page while admin'ing. Tried two different browsers, same thing. Found this page and what ended up working for me was this "Enable this setting in config.php: $SessionTableName = "phplistsessions"; by uncommenting this line. which comes from the installation FAQ, imagine that!!!!
THANKS!
Gordon
Gordon Sturrock
phpLister
 
Posts: 7
Joined: 2:09pm, Fri 27 Jun, 2008


Return to Question & Problems - after installing

Who is online

Users browsing this forum: Google [Bot] and 2 guests