SOLVED: Looping 'Invalid Session'

Solved Technical Support
  • Overnight, the admin got logged out as expected but this morning, I was able to log back in as normal on Chrome.

    However, firefox continues to do the same thing even after clearing the cache and restarting it. This made me think it was a browser issue so I fired up Tor again and logged in as a user. No issues but as soon as I logged out, same popup over and over.

    Something to do with manually logging out.

  • This morning, I cleared everything in firefox, closed and restarted it then was able to log in as usual. As soon as I logged out, I was stuck in the loop again. This time, I cleared the last hour of history and then was able to get in again.

    What's going on? I obviously cannot clear my cache every time I want to use this board.

    Just to be clear, when I entered the cookie, I entered the full site domain as in I use a lot of sub domains for the main domain so thought I should use the full FQDN.

  • I followed the notes here and added some nginx headers but still getting the same problem.

    Why does no one seem to know what is causing this? It's not my imagination :).

  • @nodeham is this a new install or did it only start after changing the cookie domain setting?

  • Hi, same install I've been working with since the phpbb conversion.

    Yes, it happened right after I enabled the cookie. That's why I immediately thought it might have something to do with the cookie being set but even after disabling it, it kept going on.

    After all this time, it is still happening today.

    Another change I think I've noticed is that I'm no longer getting automatically logged in. I've had the admin user logged in for days and it's never been auto logged out. However, as soon as I log out, then I have to close the tab, restart the browser and clear the history before I can log in again.
    Using Tor, I can simply close Tor, restart it and can get in again since nothing is saved. I've been testing this on Chrome, Firefox and Tor.

    Update: I just tried the following.
    -Opened window to forums using firewall, Get popup.
    -Closed browser, re-opened, cleared last hour history. Opened new tab to forums. Get popup.
    -Cleared one hour history then closed tab and closed browser. Re-started browser, opened new tab. Get popup.
    -Closed tab, cleared ALL history in FF. Opened new tab to forums. Now it works, I can log in but clearing all history is not a good option as now I'm logged out of dozens of tabs I have open working on other things.

    Went back to Chrome. Found admin auto logged out after all. Logged back in no problem. Logged out and got the popup, could not log in again.
    Cleared last hour of history without restarting Chrome and was able to log in again.

  • FYI in Firefox if you go to settings -> Privacy and Security -> Cookies and Site Data -> Manage Data you can clear cookies and data for specific sites.

  • @pitaj said in Looping 'Invalid Session':

    FYI in Firefox if you go to settings -> Privacy and Security -> Cookies and Site Data -> Manage Data you can clear cookies and data for specific sites.

    Oh, out of everything I tried, I didn't think about that.
    The fact that Tor, which is FireFox based was working if I restarted, because it doesn't keep any data, should have told me to look for the cookie in regular firefox.

    Now it's finally back to normal.

    So, while I'm here and in case someone reads this, what should the correct cookie be?

    In my case, the domain is used with sub domain names for many things. The forums are for example, the wordpress site is, etc. What should I use as a cookie for the nodebb forum? The name or just the name?

  • Is there a specific reason you're setting the cookie domain? Otherwise I'd just leave it unset if that works for you.

  • @pitaj No specific reason other than saving some use session things. We also had it set in phpbb which we converted from.

    I've not had the time to read up on the benefits of enabling cookies with nodebb.

  • Afaik if you don't set it manually we still create a cookie with a domain derived from the url value in config.json

Suggested Topics