[solved] "Invalid Session" problem

Pappmann

There is a new Problem in Nodebb 1.0.3 latest master installed on linux based root server with apache 2.4. and mongodb

Some user have now "invalid session" (csrf-invalid) problem and cannot login. On Google Chrome i have this problem too. Delete, Cache, Cookies... does not help.

Anyone have an idea to fix it?

Pappmann

anyone can help?

it looks like only one user have this problem, since i login with username an password of that user, i have the same problem, and now i cant login with my admin account on this browser (chrome).

./nodebb reset -a -> does not help
mongo: db.sessions.remove() -> does not help too, nobody can login (invalid session)

is there any opportunity to reset the sessions for the affected user?

Julian Lam

Hi @Pappmann! This is an unfortunate breaking change that was introduced and affects users using nginx as a reverse proxy.

https://docs.nodebb.org/en/latest/configuring/proxies/nginx.html

Specifically, you will need this new directive added: proxy_set_header X-Forwarded-Proto $scheme;

I put it after the X-Forwarded-For line, though it can go anywhere in that server/location block, really.

Pappmann

@julian said in "Invalid Session" problem:

Hi @Pappmann! This is an unfortunate breaking change that was introduced and affects users using nginx as a reverse proxy.

https://docs.nodebb.org/en/latest/configuring/proxies/nginx.html

Specifically, you will need this new directive added: proxy_set_header X-Forwarded-Proto $scheme;

I put it after the X-Forwarded-For line, though it can go anywhere in that server/location block, really.

U mean i have to change my webserver from apache to nginx?

Julian Lam

Oh, Apache... in that case, I'm not sure of the syntax, but you'll need to have Apache pass in the X-Forwarded-Proto header to NodeBB as well.

Julian Lam

@Pappmann:

<VirtualHost *:80>
    RequestHeader set X-Forwarded-Proto "http"
    …
</VirtualHost>

<VirtualHost *:443>
    RequestHeader set X-Forwarded-Proto "https"
    …
</VirtualHost>

Pappmann

Ok thanks i have to enable some apache mods?

Pappmann

solved

can anyone add it to official documentation?
https://docs.nodebb.org/en/latest/configuring/proxies/apache.html

Thanks

[solved] "Invalid Session" problem

Suggested Topics

NGINX config problem ?
Technical Support • • assamese

SOLVED Invalid CSRF token & "Failed login attempt" errors
Technical Support • • A Former User

[Solved] Error During Install of NodeBB to DigitalOcean: Cannot find module 'nconf'
Technical Support • • c.k. lester

[SOLVED] Edit profile; losed fields
Technical Support • upload image button • • ramon lopez

Problem config.json
Technical Support • • Hope33

[solved] "Invalid Session" problem

Suggested Topics

NGINX config problem ? Technical Support • • assamese

SOLVED Invalid CSRF token & "Failed login attempt" errors Technical Support • • A Former User

[Solved] Error During Install of NodeBB to DigitalOcean: Cannot find module 'nconf' Technical Support • • c.k. lester

[SOLVED] Edit profile; losed fields Technical Support • upload image button • • ramon lopez

Problem config.json Technical Support • • Hope33

NGINX config problem ?
Technical Support • • assamese

SOLVED Invalid CSRF token & "Failed login attempt" errors
Technical Support • • A Former User

[Solved] Error During Install of NodeBB to DigitalOcean: Cannot find module 'nconf'
Technical Support • • c.k. lester

[SOLVED] Edit profile; losed fields
Technical Support • upload image button • • ramon lopez

Problem config.json
Technical Support • • Hope33