Invalid session

Technical Support
Log in to reply
  • T

    I cleared the cache from Chrome and now I can't login to the forum. I can login with IE and FF, just not Chrome. I keep receiving this:

    0_1468421785441_invalid.PNG

    Anyone know how I may fix this?

    0
  • julian
    GNU/Linux Admin

    Please review this document and ensure that the X-Forwarded-Proto header is passed to NodeBB.

    T 1 Reply 0
  • T

    @julian Awesome, thanks...that fixed it.

    1
  • julian
    GNU/Linux Admin

    Glad to hear it 😄

    0
  • C

    what about for apache? i keep getting the same error

    julian C 2 Replies 0
  • julian
    GNU/Linux Admin

    @chrismccoy You'll need to pass the "X-Forwarded-Proto" header to NodeBB. Pass in http or https depending on how the user accesses the site.

    singhnsk 1 Reply 0
  • singhnsk

    @julian In the documentation, why the X-Forwarded-Proto not shown in the very first sample - Below is the basic nginx configuration for a NodeBB build running on port 4567?

    I think that is the one which anybody will notice at the first visit to that page. I was needed to use find in page to get the exact code I was needed to include into the file. Or is it so that it is only needed on HTTPS installs?

    0
  • C

    @julian I'm getting this too. Please can you / someone post a working config for apache2?

    My apache version is:

    Server version: Apache/2.4.7 (Ubuntu)

    Apache config:

    <VirtualHost *:80>
 
        ServerAlias mydomain.com
        ServerName mydomain.kickasskandy.com

        ServerAdmin [email protected]
        DocumentRoot /var/www

        ErrorLog ${APACHE_LOG_DIR}/kommunity.error.log
        CustomLog ${APACHE_LOG_DIR}/kommunity.log combined

ProxyRequests off

<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

RewriteEngine On

RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
RewriteCond %{QUERY_STRING} transport=websocket    [NC]
RewriteRule /(.*)           ws://127.0.0.1:4566/$1 [P,L]

ProxyPass / http://127.0.0.1:4566/
ProxyPassReverse / http://127.0.0.1:4566/

</VirtualHost>```
    0
  • C

    @chrismccoy did you resolve this? If so, can you post a working apache config? Thanks!

    julian 1 Reply 0
  • julian
    GNU/Linux Admin

    @codecowboy For Apache server, the additional protocol forwarding is done like so:

    <VirtualHost *:80>
    RequestHeader set X-Forwarded-Proto "http"
    …
</VirtualHost>

<VirtualHost *:443>
    RequestHeader set X-Forwarded-Proto "https"
    …
</VirtualHost>
    C 2 Replies 0
  • C

    @julian

    Unfortunately this hasn't resolved things. Do I need the SSL virtualhost?

    julian 1 Reply 0
  • C

    @julian I would attach apache debug logs but I dont have enough privileges

    0
  • julian
    GNU/Linux Admin

    @codecowboy said in Invalid session:

    Unfortunately this hasn't resolved things. Do I need the SSL virtualhost?

    If you use SSL, then yes, otherwise, no. Also ensure you haven't set cookieDomain in your NodeBB settings.

    C 2 Replies 0
  • C

    yes this resolved it for me also.

    0
  • C

    I am still stuck on this :(. What does this particular http header even do and how does it relate to sessions / csrf tokens?

    If anyone is willing to help please PM me. It's getting urgent and I might just have to abandon NodeBB entirely which I would rather not do.

    0
  • C

    @julian I would check the cookie domain settings if I could log in - which I can't.

    jarey 1 Reply 0
  • jarey

    @codecowboy can't it be specified by the config.json file? maybe you can just change it there. (i'm talkiing about the cookieDomain setting of NodeBB).

    <VirtualHost *:80>
    RequestHeader set X-Forwarded-Proto "http"

    </VirtualHost>

    After setting the RequestHeader set X-Forwarded-Proto "http" header in Apache, have you restarted the process? Do you see any errors on logs? Maybe Apache is not running correctly or something. It is rare that @chrismccoy got it fixed with that piece of config and that it is failing in your scenario.

    C 1 Reply 0
  • C

    I tried some more apache debugging and am getting the following:

    [Tue Aug 02 07:57:05.141920 2016] [authz_core:debug] [pid 3272] mod_authz_core.c(828): [client 86.190.168.236:50732] AH01628: authorization result: granted (no directives), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.142035 2016] [proxy:debug] [pid 3272] mod_proxy.c(1104): [client 86.190.168.236:50732] AH01143: Running scheme http handler (attempt 0), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.142077 2016] [proxy:debug] [pid 3272] proxy_util.c(2072): [client 86.190.168.236:50732] AH00944: connecting http://127.0.0.1:4566/language/en_GB/language.json?v=38efc154-50a9-4518-bac1-62d8900bc869 to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.142093 2016] [proxy:debug] [pid 3272] proxy_util.c(2206): [client 86.190.168.236:50732] AH00947: connected /language/en_GB/language.json?v=38efc154-50a9-4518-bac1-62d8900bc869 to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.142283 2016] [authz_core:debug] [pid 3166] mod_authz_core.c(828): [client 86.190.168.236:50730] AH01628: authorization result: granted (no directives), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.142375 2016] [proxy:debug] [pid 3166] mod_proxy.c(1104): [client 86.190.168.236:50730] AH01143: Running scheme http handler (attempt 0), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.142412 2016] [proxy:debug] [pid 3166] proxy_util.c(2072): [client 86.190.168.236:50730] AH00944: connecting http://127.0.0.1:4566/vendor/jquery/timeago/locales/jquery.timeago.en.js?_=1470121024713 to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.142446 2016] [proxy:debug] [pid 3166] proxy_util.c(2206): [client 86.190.168.236:50730] AH00947: connected /vendor/jquery/timeago/locales/jquery.timeago.en.js?_=1470121024713 to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.145968 2016] [authz_core:debug] [pid 3185] mod_authz_core.c(828): [client 86.190.168.236:50733] AH01628: authorization result: granted (no directives), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.146082 2016] [proxy:debug] [pid 3185] mod_proxy.c(1104): [client 86.190.168.236:50733] AH01143: Running scheme http handler (attempt 0), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.146149 2016] [proxy:debug] [pid 3185] proxy_util.c(2072): [client 86.190.168.236:50733] AH00944: connecting http://127.0.0.1:4566/socket.io/?EIO=3&transport=polling&t=LPA2fvh&sid=dEEm6u9K-ruZQXcpAAAi to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.146166 2016] [proxy:debug] [pid 3185] proxy_util.c(2206): [client 86.190.168.236:50733] AH00947: connected /socket.io/?EIO=3&transport=polling&t=LPA2fvh&sid=dEEm6u9K-ruZQXcpAAAi to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.203574 2016] [deflate:debug] [pid 3166] mod_deflate.c(849): [client 86.190.168.236:50730] AH01384: Zlib: Compressed 455 to 228 : URL /vendor/jquery/timeago/locales/jquery.timeago.en.js, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.220461 2016] [authz_core:debug] [pid 3166] mod_authz_core.c(828): [client 86.190.168.236:50730] AH01628: authorization result: granted (no directives), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.220590 2016] [proxy:debug] [pid 3166] mod_proxy.c(1104): [client 86.190.168.236:50730] AH01143: Running scheme http handler (attempt 0), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.220627 2016] [proxy:debug] [pid 3166] proxy_util.c(2072): [client 86.190.168.236:50730] AH00944: connecting http://127.0.0.1:4566/vendor/jquery/timeago/locales/jquery.timeago.en-short.js?_=1470121024714 to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.220642 2016] [proxy:debug] [pid 3166] proxy_util.c(2206): [client 86.190.168.236:50730] AH00947: connected /vendor/jquery/timeago/locales/jquery.timeago.en-short.js?_=1470121024714 to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.263389 2016] [deflate:debug] [pid 3166] mod_deflate.c(849): [client 86.190.168.236:50730] AH01384: Zlib: Compressed 351 to 186 : URL /vendor/jquery/timeago/locales/jquery.timeago.en-short.js, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
    0
  • C

    @jarey I restarted apache and cant see anything useful in the logs relating to that header. I've pasted the logs in a previous post

    0
  • C

    @julian said in Invalid session:

    cookieDomain

    Is there a way to override cookieDomain in config.json? I think I may have set this option at some point in the admin dashboard.

    pichalite 1 Reply 0

Suggested Topics

  • M

    "Failed login attempt, please try again. Invalid User Data" when attempting login as admin
    Technical Support

    21
  • T

    Invalid Array Buffer Length - Error
    Technical Support

    9
  • J

    nodebb-plugin-session-sharing broken in 1.7.2
    Technical Support

    9
  • JaredBusch

    New install leaves me with session mismatch + invalid csrf
    Technical Support

    28
  • sergej-saveljev

    Again about "invalid csrf token"
    Technical Support

    13
| |
Copyright © 2021 NodeBB | Contributors

Get Started

Resources

Company

Start Free Trial
Github Facebook Instagram Twitter
© 2014 – 2022 NodeBB, Inc. — Made in Canada.