[solved] "Invalid Session" problem
-
There is a new Problem in Nodebb 1.0.3 latest master installed on linux based root server with apache 2.4. and mongodb
Some user have now "invalid session" (csrf-invalid) problem and cannot login. On Google Chrome i have this problem too. Delete, Cache, Cookies... does not help.
Anyone have an idea to fix it?
-
anyone can help?
it looks like only one user have this problem, since i login with username an password of that user, i have the same problem, and now i cant login with my admin account on this browser (chrome).
./nodebb reset -a -> does not help
mongo: db.sessions.remove() -> does not help too, nobody can login (invalid session)is there any opportunity to reset the sessions for the affected user?
-
Hi @Pappmann! This is an unfortunate breaking change that was introduced and affects users using nginx as a reverse proxy.
https://docs.nodebb.org/en/latest/configuring/proxies/nginx.html
Specifically, you will need this new directive added:
proxy_set_header X-Forwarded-Proto $scheme;I put it after the
X-Forwarded-Forline, though it can go anywhere in that server/location block, really.
-
@julian said in "Invalid Session" problem:
Hi @Pappmann! This is an unfortunate breaking change that was introduced and affects users using nginx as a reverse proxy.
https://docs.nodebb.org/en/latest/configuring/proxies/nginx.html
Specifically, you will need this new directive added:
proxy_set_header X-Forwarded-Proto $scheme;I put it after the
X-Forwarded-Forline, though it can go anywhere in that server/location block, really.U mean i have to change my webserver from apache to nginx?
-
Oh, Apache... in that case, I'm not sure of the syntax, but you'll need to have Apache pass in the
X-Forwarded-Protoheader to NodeBB as well.
-
<VirtualHost *:80> RequestHeader set X-Forwarded-Proto "http" … </VirtualHost> <VirtualHost *:443> RequestHeader set X-Forwarded-Proto "https" … </VirtualHost>
-
Ok thanks i have to enable some apache mods?
-
solved
can anyone add it to official documentation?
https://docs.nodebb.org/en/latest/configuring/proxies/apache.htmlThanks
