Invalid Session - IMPORTANT INFORMATION

Nuke Cadet Joined: Jul 06, 2003 Posts: 2

Actually I recommend leaving out the www part of the domain, that way if someone access the site with just yourdomain.com instead of www.yourdomain.com it will still work for that domain as well.

Posted: Mon Jul 07, 2003 8:40 pm

My pleasure. I also do French Smile

Corporal Joined: Jun 20, 2003 Posts: 59

Ishtaria wrote:

Here are a list of the modules where the test occurs:

posting.php
modcp.php
login.php
groupcp.php

Look for the text "Invalid_session" (use whatever text search facilities used in your text editor). Comment out the complete test like this:

Code:

// if ( $submit || $refresh )
// {
// if (!isset($HTTP_POST_VARS['sid']) || $HTTP_POST_VARS['sid'] != $userdata['session_id'])
// {
//    // I've not added this to the language set at this time ... re-releasing
//    // every single language to include this for the once in a blue moon
//    // time it will be output is just not worthwhile at present.
//    message_die(GENERAL_MESSAGE, 'Invalid_session');
// }
// }

Hope that helps...

Ish

If I do not apply the changes to modcp.php (My moderators have static ip's) will this keep that security in check for them while still allowing everyone else their freedom?

Lieutenant Joined: Jul 01, 2003 Posts: 183

ok I have a slight question.

in my cookies admin for forums.
This is how mine is setup...tell me if I did it wrong?

Cookie domain: yourdomainname.com
Cookie name: phpbb2mysql
Cookie path: /
Cookie secure: Disabled
Session length: 0

Posted: Wed Jul 30, 2003 8:35 am

Session length default of 3600 is 1 hour

Cookie name can be anything you want to call it. Name it after your website maybe (I did).

Cookie domain is okies Smile

Posted: Sat Aug 09, 2003 10:02 am

yes, i had this problem for a long time. I just had to change the cookie settings. and some people in counter it still but its because they have aol. I tell them to use internet explorer and they have fine. Thanks nuke cops

Nuke Cadet Joined: Sep 18, 2003 Posts: 9

actuly with 6.5 i went into configueration turned off the secure cookie deal enterd a specific # of seconds for each session befor it times out and it works great.

Private Joined: Sep 25, 2003 Posts: 49

I am confused. Do I need to set cookie time to 3600 AND comment out those lines? Or will just increasing the cookie time fix this problem for everyone except those with the AOL issue?

Sergeant Joined: Oct 24, 2003 Posts: 105

Has anyone ever TRULY fixed this problem. I have done everything in this post and the only thing that works is commenting out the lines. This fix is also mentioned here http://www.nukecops.com/postlite12545-invallid+session.html . But that really isnt a fix IMHO. It disables posts since last visit and disables highlighting.

Sergeant Joined: Oct 24, 2003 Posts: 105

And please don't direct me here http://www.phpbb.com/phpBB/viewtopic.php?t=69493 , that isn't a fix or answer either as it boils down to these two lines, ""What can you do about it?" you may ask, very little is the response" and "What else can we do? As I said, very little".

If no one has came up with the REAL answer yet, perhaps they can attach it to this post when it is discovered.

I have an ip that only changes about every three months on roadrunner, sometimes less, and it happens to me. As I have said the only fix so far is not really a fix either as it disables normal forum functions.

Sergeant Joined: Oct 24, 2003 Posts: 105

^^^^^bump