I get randomly logged out in laravel. After trying to login again I randomly get the page reloaded or a Token Mismatch (or logged in).
After changing to the Session Database Drive (Problem still persisting) I've noticed that it creates new sessions for every login try. It also creates a session when logging out... But not when moving pages.
I noticed that alot of my session rows contain NULL for the user_id.
Does anyone know what could be causing this problem?
Related
We are using Identity Server 4 in an aspnetcore server app with oidc-client.js lib in an angular client. There is a 15 minute token refresh. This is mostly working very well.
Hopwever, for a subset of users when the refresh activity takes place there is a "login_required" response. I am assuming this is because the ID4 server thinks the session cookie has expired? However, the user had just logged in 15 minutes prior and the cookie should have a lifetime of 10 hours (ID4 default setting).
Does anyone have an idea of what may be causing this? Alternatively is there any logging setting I can use to get more debug info?
Thank you!
We tried various browsers and logins but the behaviour is consistent for these users.
refresh token flow so you may be using code flow with angular
so you have one client also for angular for login.
I faced this same issue because the same user logged in with multiple pc so when anyone logged out of his session all same users also logged out in the code flow.
I have some users that have had no problems at all in the past. All of a sudden they can't log in anymore. Nothing has changed in the OUs in Active Directory. All other users can log in, no problem. It's just these two. The only thing I can see is in the 'field_data_ldap_user_current_dn' table their 'ldap_user_current_dn_value' got set to null. I manually set this in the db back to the correct dn, but this didn't help. How can I get these users their access back?
Edit:
Whenever cron gets run these two users get their DNs nullified.
I don't know if there is another solution, but I had to delete the users account and assign their content to anonymous. Then they logged in using LDAP credentials and the account was created successfully. Then I just had to assign their content back to them.
I recently, refreshed my sandbox. and logged out. The next time I tried to log in, it did not let me log in. Also, there was an email notification for new security token (which was neither requested nor the password was changed). How can this be? And how can I start logging in again.
Thanks
Refreshing your sandbox will effectively create a new Salesforce org with a new unique OrgId.
Part of this process modifies all the user names that were copied form production to be unique as well. As these are all new users they get new security tokens to be distinct from the production users. The password immediately after refresh will be the same as production.
See Knowledge Article: Sandbox login and password
So I have moved a good number of DNN database/websites and not encountered the following issue.
After moving and getting the site back up and running, when I try to log into the site with either a Super User or typical user account the following happens:
if I type in the wrong password I get an expected wrong password error
if I put in the correct password the EventLog table shows a successful login, but I am not logged in and it redirects me to the login page.
I have checked that in deed it does not see that I am logged in by going to areas that I can't without it requesting me to login.
I moved the DNN database the same way I have a number of times: backed up database and restored it on the new SQL host server. Updated the portalAlias table entries. The site is obviously up as I can get to it.
Any suggestions?
I would try clearing your browser cache. I have at times had the browser cache freeze the cookie and apparently keep me from logging in or at times from logging out.
I those cases I clear the cache and all temporary files. Then if that still doesnt fix it i break out the virtual machine and try it from a broser on another machine.
I am using CakePHP for my application and I was able to integrate the Paypal hosted solution. Users are successfully redirected to Paypal to complete their payment. Once they have completed, they are returned to my website.
At first, it was taking the user to the login page (as the session was getting removed). To prevent this, I have opened the Paypal page in a new window. Now they are not being asked to login again and keeping the $this->Session->read('Auth.User') intact. However, it is not remembering any other session data. For example, I had a session variable 'invoice_number' which is not available after they are returning from the Paypal website.
I have noticed that the session id doesn't stay the same before and after they completed the payment.
I have changed the core.php to reduce the session security by setting it to low, increased the session time, and I have also modified so that it will only start the session if no session id was found (saw this on a CakePHP ticket/bug).
Interestingly, no in Chrome, it remembers all the session variable, the session ids are same and works fine. But in Firfox, it's not working!
Is there anyway to keep the session alive with the same id/ session variables alive so that even after the payment when they are returning, my application knows what the invoice number for this payment was.
Any help would be really appreciated.
Kind regards,
Tasin
try turn off referer checks in core.php, that should do the trick.
Try setting Security.level to something other than high in core.php.
As I wasn't able to find a suitable solution for this problem, I had to find a work around for this.
As I mentioned, when redirecting, the 'Auth.User' information was still intact. I used this to retrieve information which I stored into the database before sending the users to the PayPal website.
Once the payment is completed and the user is returned to the confirmation page on my site, I am retrieving the data from the database based on 'Auth.User' session data.
Not the perfect solution, but for the time being, it is kind of working.
If welcome any solution that is better than this. Please let me know.
Many thanks,
Tasin