Changing order of pinned topics

@julian Is there any way to do this now? Having the most recently pinned topic be first in the list seems much more logical.

@pichalite aha. My bad. I am stupid. Its a curse.

In my particular case, this seems to have been caused by one or all of:

1. Missing the following request header in Apache:

<VirtualHost *:80>
    RequestHeader set X-Forwarded-Proto "http"
    …
</VirtualHost>

I added the above apache directive and restarted apache..

2.Having the cookieDomain set in the admin panel

If you cannot log into your forum, the only way to do remove this cookieDomain value is to manually run a DB query to remove it. In my case this was Mongo and I used a GUI client to remove the value.

A raw query would look something like this:

db.objects.update({_key: "config"}, {$set: {cookieDomain: ""}});

More info here - https://community.nodebb.org/topic/9196/invalid-session?_=1470286431609&page=1

@pichalite said in Invalid session:

db.objects.update({_key: "config"}, {$set: {cookieDomain: ""}}

I have now deleted that field in the database, restarted NodeBB and this solved it.

Thanks @pichalite and @julian !!!

Please tell me where to add documentation about this so that others do not experience this pain. And trust me it was real pain. I cried into my cornflakes.

I would like to understand why having the cookieDomain set breaks things and how to integrate this into the updater - perhaps this could be my first contribution to the code? Surely if having this value set is going to render a forum unusable then it should either be fixed or the field should be removed in the most recent update script?

Thanks again.

@pichalite SSL:No is mentioned higher up in this thread

@julian said in Invalid session:

cookieDomain

Is there a way to override cookieDomain in config.json? I think I may have set this option at some point in the admin dashboard.

@jarey I restarted apache and cant see anything useful in the logs relating to that header. I've pasted the logs in a previous post

I tried some more apache debugging and am getting the following:

[Tue Aug 02 07:57:05.141920 2016] [authz_core:debug] [pid 3272] mod_authz_core.c(828): [client 86.190.168.236:50732] AH01628: authorization result: granted (no directives), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.142035 2016] [proxy:debug] [pid 3272] mod_proxy.c(1104): [client 86.190.168.236:50732] AH01143: Running scheme http handler (attempt 0), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.142077 2016] [proxy:debug] [pid 3272] proxy_util.c(2072): [client 86.190.168.236:50732] AH00944: connecting http://127.0.0.1:4566/language/en_GB/language.json?v=38efc154-50a9-4518-bac1-62d8900bc869 to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.142093 2016] [proxy:debug] [pid 3272] proxy_util.c(2206): [client 86.190.168.236:50732] AH00947: connected /language/en_GB/language.json?v=38efc154-50a9-4518-bac1-62d8900bc869 to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.142283 2016] [authz_core:debug] [pid 3166] mod_authz_core.c(828): [client 86.190.168.236:50730] AH01628: authorization result: granted (no directives), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.142375 2016] [proxy:debug] [pid 3166] mod_proxy.c(1104): [client 86.190.168.236:50730] AH01143: Running scheme http handler (attempt 0), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.142412 2016] [proxy:debug] [pid 3166] proxy_util.c(2072): [client 86.190.168.236:50730] AH00944: connecting http://127.0.0.1:4566/vendor/jquery/timeago/locales/jquery.timeago.en.js?_=1470121024713 to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.142446 2016] [proxy:debug] [pid 3166] proxy_util.c(2206): [client 86.190.168.236:50730] AH00947: connected /vendor/jquery/timeago/locales/jquery.timeago.en.js?_=1470121024713 to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.145968 2016] [authz_core:debug] [pid 3185] mod_authz_core.c(828): [client 86.190.168.236:50733] AH01628: authorization result: granted (no directives), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.146082 2016] [proxy:debug] [pid 3185] mod_proxy.c(1104): [client 86.190.168.236:50733] AH01143: Running scheme http handler (attempt 0), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.146149 2016] [proxy:debug] [pid 3185] proxy_util.c(2072): [client 86.190.168.236:50733] AH00944: connecting http://127.0.0.1:4566/socket.io/?EIO=3&transport=polling&t=LPA2fvh&sid=dEEm6u9K-ruZQXcpAAAi to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.146166 2016] [proxy:debug] [pid 3185] proxy_util.c(2206): [client 86.190.168.236:50733] AH00947: connected /socket.io/?EIO=3&transport=polling&t=LPA2fvh&sid=dEEm6u9K-ruZQXcpAAAi to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.203574 2016] [deflate:debug] [pid 3166] mod_deflate.c(849): [client 86.190.168.236:50730] AH01384: Zlib: Compressed 455 to 228 : URL /vendor/jquery/timeago/locales/jquery.timeago.en.js, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.220461 2016] [authz_core:debug] [pid 3166] mod_authz_core.c(828): [client 86.190.168.236:50730] AH01628: authorization result: granted (no directives), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.220590 2016] [proxy:debug] [pid 3166] mod_proxy.c(1104): [client 86.190.168.236:50730] AH01143: Running scheme http handler (attempt 0), referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.220627 2016] [proxy:debug] [pid 3166] proxy_util.c(2072): [client 86.190.168.236:50730] AH00944: connecting http://127.0.0.1:4566/vendor/jquery/timeago/locales/jquery.timeago.en-short.js?_=1470121024714 to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.220642 2016] [proxy:debug] [pid 3166] proxy_util.c(2206): [client 86.190.168.236:50730] AH00947: connected /vendor/jquery/timeago/locales/jquery.timeago.en-short.js?_=1470121024714 to 127.0.0.1:4566, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid
[Tue Aug 02 07:57:05.263389 2016] [deflate:debug] [pid 3166] mod_deflate.c(849): [client 86.190.168.236:50730] AH01384: Zlib: Compressed 351 to 186 : URL /vendor/jquery/timeago/locales/jquery.timeago.en-short.js, referer: http://kommunity.kickasskandy.com/login?error=csrf-invalid

@pichalite

where do we set SSL:no. Can you paste your config.json?

@julian I would check the cookie domain settings if I could log in - which I can't.

I am still stuck on this :(. What does this particular http header even do and how does it relate to sessions / csrf tokens?

If anyone is willing to help please PM me. It's getting urgent and I might just have to abandon NodeBB entirely which I would rather not do.

@julian I would attach apache debug logs but I dont have enough privileges

@julian

Unfortunately this hasn't resolved things. Do I need the SSL virtualhost?

I'm getting a 403 response header from Apache when a user tries to log in:

403 Forbidden
Connection: Keep-Alive
Content-Length: 9
Content-Type: text/plain; charset=utf-8
Date: Tue, 26 Jul 2016 08:34:17 GMT
Etag: W/"9-cilpV3qWyjlT6E49lJ3ugQ"
Keep-Alive: timeout=5, max=100
Server: Apache
Set-Cookie: express.sid=s%3AK71RmAAIHxT272nf0UmW0VjrVspvtzjb.z%2BNP27jVVBPjm7IGebypmqLqKlWNQuOpVQY6lKat2RA; Domain=domain.deleted.com; Path=/; Expires=Tue, 09 Aug 2016 08:34:17 GMT; HttpOnly
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Powered-By: Express
access-control-allow-origin: null

NodeBB version is 1.0.3

The user facing login screen shows:

Failed login attempt, please try again.

Forbidden

The NodeBB log shows:

26/7 09:31 [26144] - error: /login
 invalid csrf token

I have tried:

Restarting nodebb & apache
Adding the following to apache config:

RequestHeader set X-Forwarded-Proto 'https'

where do we set SSL:no. Can you paste your config.json?

@chrismccoy did you resolve this? If so, can you post a working apache config? Thanks!

@julian I'm getting this too. Please can you / someone post a working config for apache2?

My apache version is:

Server version: Apache/2.4.7 (Ubuntu)

Apache config:

<VirtualHost *:80>
 
        ServerAlias mydomain.com
        ServerName mydomain.kickasskandy.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www

        ErrorLog ${APACHE_LOG_DIR}/kommunity.error.log
        CustomLog ${APACHE_LOG_DIR}/kommunity.log combined

ProxyRequests off

<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

RewriteEngine On

RewriteCond %{REQUEST_URI}  ^/socket.io            [NC]
RewriteCond %{QUERY_STRING} transport=websocket    [NC]
RewriteRule /(.*)           ws://127.0.0.1:4566/$1 [P,L]

ProxyPass / http://127.0.0.1:4566/
ProxyPassReverse / http://127.0.0.1:4566/

</VirtualHost>```

@julian yes.

I'm getting this error in the nodebb log when I try and create a new post/topic:

warn: [socket.io] Empty method name

I recently moved the forum between servers. When I hit submit on the new post/topic, the submit button dims to a lighter blue and becomes disabled but the post is not created.

Does anyone have any ideas how I can troubleshoot this further?

I am using the redactor composer v 1.3.6. NodeBB version is 0.9.0 (I plan to upgrade soon but would like to fix this first)

composer default is disabled - I have a dim memory that this was required in order to use the redactor composer.

Would be grateful for any ideas on what might be causing this as I am crying into my cornflakes

Thanks for the replies. I would say that I will write the end user documentation but experience tells me that this will never happen

I also dont think I would be able to create a video for every single admin option, user-interface button etc.

Would this be something the community could do? i.e create a list of all features and people could commit to documenting / recording one feature? We would need to standardise on the recording process.