I am getting problems like:
It looks like your login session is no longer active, or no longer matches with the server. Please refresh this page.
We were unable to log you in, likely due to an expired session. Please try again.
The thing is; when I try from my computer, Safari and Chrome does not give error; but Safari on my tablet or Chrome on my phone also give similar sesson problems.
Setting are:
Ubuntu 16.04; dedicated server; plesk panel; apache server, nginx proxy.
CONFIG.JSON
{
"url": "https://forum.mydomain.com",
"secret": "xxxxxxxx",
"database": "mongo",
"port": 4567,
"mongo": {
"host": "127.0.0.1",
"port": "27017",
"username": "nodebb",
"password": "xxxxxxxxxx",
"database": "nodebb"
},
"type": "literal"
}
ON PLESK PANEL:
Additional nginx directives:
location ~ / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
Additional apache directives: none
I have near zero knowledge about nginx settings; so I've copied all things that are advised in similar questions 
Thanks for your help.
the url in your config has to match the fqdn of your site. Also, I don't believe the https is necessary in that config as you are not using https in your nginx config.
{
"url": "http://the.exact.url",
"secret": "xxxxxxxx",
"database": "mongo",
"port": 4567,
"mongo": {
"host": "127.0.0.1",
"port": "27017",
"username": "nodebb",
"password": "xxxxxxxxxx",
"database": "nodebb"
},
aditional info:
I have added to plesk settings:
Additional Apache directives:
Additional directives for HTTP : RequestHeader set X-Forwarded-Proto "http"
Additional directives for HTTPS : RequestHeader set X-Forwarded-Proto "https"
Additional nginx directives:
CHANGED TO: proxy_set_header X-Forwarded-Proto https;
But still problem persists:
./nodebb log
2018-03-28T20:09:27.120Z [16310] - info: Initializing NodeBB v1.8.1 https://forum.mydomain.com
2018-03-28T20:09:27.919Z [16310] - info: [socket.io] Restricting access to origin: https://forum.mydomain.com : *
2018-03-28T20:09:28.053Z [16310] - info: Routes added
2018-03-28T20:09:28.056Z [16310] - info: NodeBB Ready
2018-03-28T20:09:28.059Z [16310] - info: Enabling 'trust proxy'
2018-03-28T20:09:28.061Z [16310] - info: NodeBB is now listening on: 0.0.0.0:4567
2018-03-28T20:14:37.264Z [16310] - error: /login
invalid csrf token
2018-03-28T20:15:56.745Z [16310] - error: /register
invalid csrf token
2018-03-28T20:18:01.983Z [16310] - error: /register
invalid csrf token
2018-03-28T20:18:06.767Z [16310] - error: /register
invalid csrf token
2018-03-28T20:20:12.421Z [16310] - error: /register
invalid csrf token
@teh_g said in fresh install, session problem:
@seyeran Whatever is in your config.json has to match the URL you are navigating to.
Thank you. I am really indebted to you. I was trying to solve it for the last 6-7 hours.
Solution worked for me is this:
Permanent 301 redirect from HTTP to HTTPS
Still, I have this problem!
server {
listen 80;
server_name disnut.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
This is my NGINX Config
