👏 Well done, that's some thorough investigating @Dravere !
Unsolved Login session error popup loop
-
@mattdjuk Bizarre. I actually get the same issue in Edge when accessing your site.
-
@phenomlab You're right - as soon as I logged out from Edge, it started doing the same thing.
-
@mattdjuk There's something else going on here. Happy to help, but will likely need direct access to your site, and the VPS hosting it.
-
I've just noticed this in when I run the site as dev...
info: NodeBB is now listening on: 0.0.0.0:4567
In the Nginx config, it has
proxy_pass http://127.0.0.1:4567
Any connection do you think?
-
@mattdjuk No. Mine is the same.
-
I've now set up a completely fresh install on another VM. I have removed the domain for now and I'm running it on the IP address only and its not having similar issues. Once the dns resolves to the new location, I'll try and get it working with the domain.
-
@mattdjuk And now with the domain name, it doesn't work.
Trying to login, I see /login?error=csrf-invalid
-
@mattdjuk If the domain name does not resolve to the correct IP address, then yes, I'd expect the CSRF issue to be prevalent.
-
@phenomlab It seems to have resolved for me but I'll set it aside until tomorrow and see what happens. So far I have managed to get it logged in using an incog browser, but not through Chrome in a regular way.
-
@mattdjuk Unfortunately the problem remains - a constant loop of session error warning messages. This is across all browsers - I did originally believe Edge was unaffected.
I've tried clearing cache
I've run though the list of things in this thread
I've rebuild completely on a new VMNone of these things resolve this problem.
Further, I have now removed the SSL and am accessing it on http. I no longer see the session error message on a loop, but I am unable to login, getting...
http://forum.************.co.uk/login?error=csrf-invalid
Does anyone have any suggestions that I haven't tried? This is running on V2.0
-
@mattdjuk the system does not give permission to try and enter for a while by banning your ip adress in wrong attempts. Could your problem be caused by this?
-
@cagatay My colleague is having the same issue too, on a different IP
-
@mattdjuk if you are using ssl pls correct confing.js http to https
-
@cagatay Done that. config.json is...
{
"url": "https://forum..co.uk",
"secret": "",
"database": "mongo",
"mongo": {
"host": "127.0.0.1",
"port": "27017",
"username": "nodebb",
"password": "********",
"database": "nodebb",
"uri": ""
},
"port": "4567"
} -
@mattdjuk This could be something (clutching at straws a bit here)...
I was just looking in the cookies, I see these:
It has 2 express.sid cookies
1 is for forum.$$$$$$$.co.uk and the other is for .$$$$$$$.co.uk
