SOLVED: Looping 'Invalid Session'

Solved Technical Support
  • Quick overview of what happened.
    I set the cookies in nodebb and suddenly, every time I logged out, I would get 'invalid session' popping up non stop and could no longer log in. I removed the cookie but continued to have the problem.
    I finally removed the cookie from the browsers and all was fine.
    It seems nodebb may already set a cookie based on config.json so when I added one, it caused the problem until I removed the current cookie from the browsers.
    Thanks to PitaJ for the help and solution.

    Original post
    I enabled the cookie earlier, putting the full domain name of the board in the config ( and at that point, after logging out, I could no longer log back in.

    I just get a pop up saying;
    "Invalid Session
    It looks like your login session is no longer active. Please refresh this page."

    And on the page itself, I get;
    "Looks like your connection to Information and Support was lost, please wait while we try to reconnect."

    I've restarted the board, rebuilt it, rebooted the server just in case it was something else but nothing, I still get 'Invalid session'.

    I found I could log in as admin using Tor so I removed the cookie and cleared the sessions but am still getting looping Invalid Session as soon as I log out.

    I found some old threads about this loop but nothing that fixes the problem for me. Anyone have any thoughts?
    I'm running the latest version with the latest mongodb.

  • N NodeHam deleted this topic on
  • N NodeHam restored this topic on
  • Afaik if you don't set it manually we still create a cookie with a domain derived from the url value in config.json

  • @nodeham
    It's odd, it is still doing the same, many hours later. Thought maybe it would clear up by now.

  • Try clearing your cookies.

    The "your connection has been lost" is a websocket issue which may be related. Double check that your url in config.json matches exactly the url at which you access your forum in your browser, including protocol.

  • @pitaj Hi,

    I had checked the config.jason based on other posts I found and it is good.

    Yes, clearing the browser cache works until I log off, then it's caught in the same loop each time.

    I have read countless posts but really don't know where the problem is to even start fixing it.

  • @nodeham Can you confirm in the databse that cookieDomain is cleared? It might not be, and you may need to do so from the database, and then restart NodeBB.

  • @julian I was wondering that but could not find a post or article explaining how to do it. I know mysql/mariadb qiute well but mongo is totally new to me. I don't want to trash the database.

    I found this but not sure it's the same problem;

  • @nodeham In mongo, you'll want to run use dbName, where dbName is your database's name (check config.json

    Then db.objects.update({ _key: "config" }, { $set: { cookieDomain: '' } }, { upsert: true, w: 1 });

    Then confirm the change with db.objects.find( { _key: "config" }, { "cookieDomain": 1 });

  • @julian

    use nodebb
    switched to db nodebb

    db.objects.update({ _key: "config" }, { $set: { cookieDomain: '' } }, { upsert: true, w: 1 });
    WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 0 })

    db.objects.find( { _key: "config" }, { "cookieDomain": 1 });
    { "_id" : ObjectId("607f46bb617bf066a8e439e5"), "cookieDomain" : "" }

    Cleared the cache in the browser for the last hour and same thing is happening.

  • Overnight, the admin got logged out as expected but this morning, I was able to log back in as normal on Chrome.

    However, firefox continues to do the same thing even after clearing the cache and restarting it. This made me think it was a browser issue so I fired up Tor again and logged in as a user. No issues but as soon as I logged out, same popup over and over.

    Something to do with manually logging out.

  • This morning, I cleared everything in firefox, closed and restarted it then was able to log in as usual. As soon as I logged out, I was stuck in the loop again. This time, I cleared the last hour of history and then was able to get in again.

    What's going on? I obviously cannot clear my cache every time I want to use this board.

    Just to be clear, when I entered the cookie, I entered the full site domain as in I use a lot of sub domains for the main domain so thought I should use the full FQDN.

  • I followed the notes here and added some nginx headers but still getting the same problem.

    Why does no one seem to know what is causing this? It's not my imagination :).

  • @nodeham is this a new install or did it only start after changing the cookie domain setting?

  • Hi, same install I've been working with since the phpbb conversion.

    Yes, it happened right after I enabled the cookie. That's why I immediately thought it might have something to do with the cookie being set but even after disabling it, it kept going on.

    After all this time, it is still happening today.

    Another change I think I've noticed is that I'm no longer getting automatically logged in. I've had the admin user logged in for days and it's never been auto logged out. However, as soon as I log out, then I have to close the tab, restart the browser and clear the history before I can log in again.
    Using Tor, I can simply close Tor, restart it and can get in again since nothing is saved. I've been testing this on Chrome, Firefox and Tor.

    Update: I just tried the following.
    -Opened window to forums using firewall, Get popup.
    -Closed browser, re-opened, cleared last hour history. Opened new tab to forums. Get popup.
    -Cleared one hour history then closed tab and closed browser. Re-started browser, opened new tab. Get popup.
    -Closed tab, cleared ALL history in FF. Opened new tab to forums. Now it works, I can log in but clearing all history is not a good option as now I'm logged out of dozens of tabs I have open working on other things.

    Went back to Chrome. Found admin auto logged out after all. Logged back in no problem. Logged out and got the popup, could not log in again.
    Cleared last hour of history without restarting Chrome and was able to log in again.

  • FYI in Firefox if you go to settings -> Privacy and Security -> Cookies and Site Data -> Manage Data you can clear cookies and data for specific sites.

  • @pitaj said in Looping 'Invalid Session':

    FYI in Firefox if you go to settings -> Privacy and Security -> Cookies and Site Data -> Manage Data you can clear cookies and data for specific sites.

    Oh, out of everything I tried, I didn't think about that.
    The fact that Tor, which is FireFox based was working if I restarted, because it doesn't keep any data, should have told me to look for the cookie in regular firefox.

    Now it's finally back to normal.

    So, while I'm here and in case someone reads this, what should the correct cookie be?

    In my case, the domain is used with sub domain names for many things. The forums are for example, the wordpress site is, etc. What should I use as a cookie for the nodebb forum? The name or just the name?

  • Is there a specific reason you're setting the cookie domain? Otherwise I'd just leave it unset if that works for you.

  • @pitaj No specific reason other than saving some use session things. We also had it set in phpbb which we converted from.

    I've not had the time to read up on the benefits of enabling cookies with nodebb.

  • Afaik if you don't set it manually we still create a cookie with a domain derived from the url value in config.json

Suggested Topics