There is a new Problem in Nodebb 1.0.3 latest master installed on linux based root server with apache 2.4. and mongodb
Some user have now "invalid session" (csrf-invalid) problem and cannot login. On Google Chrome i have this problem too. Delete, Cache, Cookies... does not help.
Anyone have an idea to fix it?
anyone can help?
it looks like only one user have this problem, since i login with username an password of that user, i have the same problem, and now i cant login with my admin account on this browser (chrome).
./nodebb reset -a -> does not help
mongo: db.sessions.remove() -> does not help too, nobody can login (invalid session)
is there any opportunity to reset the sessions for the affected user?
Hi @Pappmann! This is an unfortunate breaking change that was introduced and affects users using nginx as a reverse proxy.
https://docs.nodebb.org/en/latest/configuring/proxies/nginx.html
Specifically, you will need this new directive added: proxy_set_header X-Forwarded-Proto $scheme;
I put it after the X-Forwarded-For line, though it can go anywhere in that server/location block, really.
@julian said in "Invalid Session" problem:
Hi @Pappmann! This is an unfortunate breaking change that was introduced and affects users using nginx as a reverse proxy.
https://docs.nodebb.org/en/latest/configuring/proxies/nginx.html
Specifically, you will need this new directive added:
proxy_set_header X-Forwarded-Proto $scheme;I put it after the
X-Forwarded-Forline, though it can go anywhere in that server/location block, really.
U mean i have to change my webserver from apache to nginx? 
Oh, Apache... in that case, I'm not sure of the syntax, but you'll need to have Apache pass in the X-Forwarded-Proto header to NodeBB as well.
<VirtualHost *:80>
RequestHeader set X-Forwarded-Proto "http"
…
</VirtualHost>
<VirtualHost *:443>
RequestHeader set X-Forwarded-Proto "https"
…
</VirtualHost>
Ok thanks i have to enable some apache mods?
solved
can anyone add it to official documentation?
https://docs.nodebb.org/en/latest/configuring/proxies/apache.html
Thanks
