Moodle in English: 1.5 upgrade cant login session timeout

i have upgraded from 1.3.5 to 1.5

Had to create new moodle directory and cvs all new as update wouldnt work.

This went ok. Database was upgraded.

I copied my old config.php and datafiles across

But I cant login. Keep getting message saying session has timed out.

I ran moodle/lib/session-test.php and it says sessions are working ok.

Any ideas.

Also when page first loads the javasript error message appears

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Thursday, 7 July 2005, 2:44 PM

Session-test.php is not working correctly, there might be problem with access rights in moodledata directory. Could you send me a link to you site, maybe I could help.

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by simon hull - Friday, 8 July 2005, 8:02 AM

Thanks Peter you were right.

Both the moodledata and sessions folder had owner of root. Changing this resolved the problem.

Though now i have another small one to look into

Thanks again

Simon

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Charles McNulty - Friday, 8 July 2005, 9:14 AM

I'm experiencing the exact same problem. Changing ownership of moodledata didn't change anything. Giving full permission to it didn't help. session files are being created without a problem in the session folder. From what I can tell the problem seems to be that the cookie is not deleted or cleared when it is supposed to be. Namely the report_session_error function in moodlelib.php doesn't seem to be doing it's job. Of course I could be off. Have other people experienced this? What have others done to resolve the problem?

http://linuxdev.uua.org:8080/cmcnulty/moodle

-Charles

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Charles McNulty - Friday, 8 July 2005, 9:24 PM

I just ran session-test.php and found that my sessions do not appear to be working. Here is the output:

No session found - starting a session now.

Reload this page

----
in a loop. You can see here:

http://linuxdev.uua.org:8080/cmcnulty/moodle/lib/session-test.php

There is a class going on right now and I'm pretty desparate for a solution. Help or ideas would be really appreciated.

-Charles

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Friday, 8 July 2005, 9:53 PM

You server sends expired session cookie, it can not work this way - fix your php (or apache?) configuration first. Do not ask me how, I am no expert on Red Hat

Date: Fri, 08 Jul 2005 13:50:05 GMT
Server: Apache/2.0.46 (Red Hat)
Accept-Ranges: none
X-Powered-By: PHP/4.3.2
Set-Cookie: MoodleSession=c077e727d86c479143a9eaad203f60ef; expires=Sat, 01-Apr-1905 16:04:24 GMT; path=/
MoodleSessionTest=1eQ0sFeVfG; path=/
MOODLEID_=deleted; expires=Thu, 08-Jul-2004 13:50:04 GMT; path=/
MOODLEID_=%25ED%25C3%251CC%25B7d; expires=Tue, 06-Sep-2005 13:50:05 GMT; path=/
Cache-Control: private, pre-check=0, post-check=0, max-age=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

200 OK

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Charles McNulty - Friday, 8 July 2005, 10:48 PM

Thank you so much for your help. I think I can fix this with a little research, but how did you get that information (all of the headers).

-Charles

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Friday, 8 July 2005, 11:36 PM

Web Developer Toolbar - Information/View Response Headers (Swiss knife for web developers)
Add & Edit Cookies - Cookies Editor - for easy messing with cookies

The hard way is the use a packet sniffer (such as Ethereal) and inspect the actual packets...

skodak

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Charles McNulty - Friday, 8 July 2005, 11:42 PM

Thank you so much for all of your help. I've been meaning to get the web developer toolbar. I solved the problem! It turns out that trans_sid was turned off and needed to be on. Thank you all for your help.

-Charles

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Friday, 8 July 2005, 11:45 PM

Glad to hear that

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Charles McNulty - Monday, 11 July 2005, 8:09 PM

Damn, sorry to reopen this thread, but the fix I thought I had - changing the trans_sid setting didn't work. It turns out that stopping and then starting apache is what really got it working again and the trans_sid setting was a red herring. Unfortunately the problem is recurring. After a certain amount of time - around a day or so - logins stop working and I get the sessions bug again. apachectl -k graceful causes it to work again fine, but it's not really a great fix to have to restart apache every so often. So once again, I'm open to suggestion as to what the problem could be.

(http://linuxdev.uua.org:8080/cmcnulty/moodle)

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Troy Beglinger - Monday, 25 July 2005, 10:37 AM

First, I'd like to say that I too am apologetic over having to reopen this post, but I too am having rather severe issues with my site's logins. In fact, not only can I not login as an administrator, but I cannot even sign on as a guest.

I have gone through all of the usual checks, and everything seems to be just fine. I have even added my site to my firewall, and even allowed it through my internet settings, but to no avail. Originally I had 1.4.5+, and started having this problem once I upgraded to 1.5.; then, thinking that the problem might be fixed in the new patch/upgrade, I have now done that, and still have the same issue. Further, it tells me that there is no session, and it will start one, but never does, the frontpage's forum before I upgraded from 1.5 to 1.5+ no longer worked, and it doesn't send a password reminder for the login page either.

Unfortunately, I do not have the ability to restart my server, seeing as my site is externally hosted. However, I am luckily without any students or courses, etc. at the present time, so if need be, I can simply remove the databases, and do a clean install if absolutely needed. I would much prefer to simply "fix what's broken" though, as opposed to sitting through my third installation process for this program in under a week. It all worked just fine on 1.4.5 from what little I saw of it, but now it's not even usable...lol

Please help ;) (in case you're wondering, it can be found at www.consultantsea.com/school/index.php)

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Don Schwartz - Sunday, 31 July 2005, 11:59 PM

having the same issue periodically so I looked at the response headers with Firefox and it does appear that my new VPS expired the cookies 24 years ago.

Does anyone with a Cpanel/WHM VPS know how to fix?

Quote my headers below >>>

Date: Sun, 31 Jul 2005 15:49:56 GMT
Server: Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.7e
X-Powered-By: PHP/4.3.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

200 OK

<<<<

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Don Schwartz - Monday, 1 August 2005, 12:55 AM

Just wondering. could this issue be caused by RoboForm mishandling cookies?

I use it for all my logins.

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Markus Hagman - Friday, 5 August 2005, 7:58 AM

I updated our universitys Moodle yesterday. Now I'm facing this same problem.

"Your session has timed out" and cant get rid of it. This is very urgent and must be solved quickly.

Had no problems with Moodle 1.4.1

Upgrading to 1.5 caused the problem

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Markus Hagman - Friday, 5 August 2005, 9:30 AM

OK,

I got problem solved (for now?) in our Moodle. It was all about disk space. There zero bytes space left, cause I had taken all the backups to the same harddrive I was installing.

I made some disk space, and no more "Your session has timed out" messages. It really seems that this caused the problem for me.

Sorry for my hesitation in this matter. I'll have to still maintain my focus in this case, cause I can't imagine that all you guys have runned out of disk space.

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Troy Beglinger - Tuesday, 16 August 2005, 3:20 AM

Although that may have worked in your case, it simply wouldn't make any sense in my own. For starters, I am using a hosted service, and am only using up MAYBE 3% of my 5gb allotment thus far. It is interesting however to see that I am not the only one having this issue still. I wonder if this problem has been patched yet....

You would think that with an issue this troublesome, a dev's answer would have appeared after all this time. Then again, I more than understand how busy they must be tracking down and repairing the numerous bugs that have been found with this latest version, especially since this is a volunteer only proposition.

I refuse to lose faith in a product that has this great of a potential, and will check in from time to time to see what's going on, as I would REALLY love to get this program fully functional as soon as humanly possible. Luckily, I'll be busy doing a complete rewrite of my site as it is...all 35 (planned) pages. lol

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Tuesday, 16 August 2005, 5:16 AM

hi Troy!

Your problem is incorrect address, you have set your www root in config.php to "http://consultantsea.com/school/", but you are using "http://www.consultantsea.com/school/".

This is not possible! You have to use only one of them, IMO you should set a redirect for the other one - see what happens when you enter http://www.moodle.org/doc.

I do not know how to do the redirect, ask your server admin to do it

skodak

Average of ratings: Useful (1)

Re: 1.5 upgrade cant login session timeout

by Carl Keil - Tuesday, 16 August 2005, 8:15 AM

Hey,

I need to do the same thing. The redirect. Can someone explain how to do it in apache?

I've added Redirect permanent / http://foobar.org to my virtualhost in httpd.conf, but it's not working. I'm getting an error message in firefox about too many redirects, possibly due to cookies being blocked and a blank page in IE.

What's the proper syntax/way to do this.

Thanks,

ck

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Carl Keil - Tuesday, 16 August 2005, 8:58 AM

Nevermind. I figured it out.

Gotta have:
<VirtualHost *:80> Servername foobar.org </VirtualHost> before the: <VirtualHost *:80> Servername www.foobar.org ServerAlias * Redirect permanent / http://foobar.org/ </VirtualHost> ck

Average of ratings: -

Re: 1.5.2 upgrade can't login session timeout

by Jamey Barber - Monday, 22 August 2005, 8:31 AM

I am hosting my Moodle site locally for now. I have a site on a Mac OS X 10.4 PowerBook in 1.5. I had the same problem with looping "Your session has times out. Please login again." that everyone else is discussing. I reinstalled Moodle on another computer using 1.5.2. It is worse now! I cannot even save the Configurations. All of the table set up, etc., came up fine. I'm due to start training on how to use the site on August 28!

It doesn't seem to have anything to do with the sessions in my moodledata. THis problem has been lurking on the forums for awhile now. Please help!

Jamey

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Jeff Wood - Thursday, 1 September 2005, 4:46 AM

This was my problem.

my config.php was set for www.mysite.com

after changing it to mysite.com

all was fine.

Sometimes the simplest of solutions is the hardest to find.

J

Now if only I could figure out why I am getting cookies from both mysite.com and www.mysite.com mixed

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Michael Kowalczyk - Saturday, 19 November 2005, 12:49 AM

Hi, i´ve the same Problem now.. did You manage to fix it ? If yes what was the Problem
Michael

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Jeff Wood - Tuesday, 30 August 2005, 7:16 PM

I just noticed I have this problem too.

I use FF to do all my moodle work, but decided to try using IE and IE gives me the session timed out error.

When I ran the /lib/session-test.php test no errors are reported.

Ideas?

Jeff

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Jeff Wood - Tuesday, 30 August 2005, 8:55 PM

Noticed my sessions folder permission is 777 but ALL files in it are 600.

Each new session is set to 600... is this the problem?

IE seems to make 600 files and FI makes 644.

Jeff

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Urs Gattiker - Tuesday, 6 September 2005, 3:50 PM

I have the same problem, however, I did not upgrade but installed the 1.5 version about 10 days ago.

Suddenly this morning it tells me

Your session timed out. Please login again

Continue

I click on Continue.... but login does not work... I do not think its Cookie problem but I am a novice at this and may had made a mistake.

The site is at

http://CyTRAP.org/training

Any idea how I can fix that one?
Thanks

urs

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Tuesday, 6 September 2005, 5:14 PM

Is is not a Moodle problem, check the time on your server - it is sending expired cookies.

skodak

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Nick Richmond - Tuesday, 6 September 2005, 10:40 PM

Hi,

same problem here, with litlle to add other than running session-test.php initially shows no session before starting sessions and then finding them. But session timeout and login difficulties remain

Tried most of the suggestions on this thread and turned the firewall off, still Stumped.

Going for a reinstall of Fedora 4 and a previous version of Moodle - 1.4

Nick

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Jeff Wood - Wednesday, 7 September 2005, 4:57 AM

Hi Nick,

Have you tried using foxfire? My problem was only with IE.

How about changing www.yoursite to just yoursite in the config.php file?

Jeff

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Nick Richmond - Wednesday, 7 September 2005, 12:45 PM

Morning Jeff,

I did a clean install of both FC4 and Moodle 1.4 and this problem didn't show itself. Feeling heartened, I tried another 1.5 and it returned, but sooner as the sessions timed out during the initial, setting up of the course.

I've only used foxeyfire and checked that the session.auto_start is set to 0 in php.ini. With it being configured to host locally www.root is set to http://localhost/mymoodle with the appropriate alias set in httpd.conf.

I wonder if the "step by step installation guide for RedHat" applies to 1.5 I've come across a few typos which have made all the difference.

Nick

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Nick Richmond - Wednesday, 7 September 2005, 1:16 PM

One more thing, when I run session-test.php is reports no sessions then on reloading the page sessions are found??

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Jeff Wood - Wednesday, 7 September 2005, 6:13 PM

Sorry Nick I'm out of my league now sad

As for your session test... I'm almost sure that the first time it should report no sessions found and after you "refresh" it will find one. Anyone?

Jeff

Average of ratings: -

Re: 1.5.3 upgrade cant login session timeout

by Jean Meadows - Saturday, 7 January 2006, 11:05 AM

Hi Petr,

I am having this crazy problem. My web address is http://edu.ewebdealer.com and I was having a problem with login in after running the CRON manager. It made a few changes and then I couldn't get in.

Can you help me?

Jean Meadows

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Chris Surridge - Wednesday, 7 September 2005, 10:58 AM

Hello

I encountered the same problem this morning when I tried to log in. Everything was fine last night.

I followed all the advice on this thread, then did some digging on my own.

I discovered that my web hosting service had altered the php.ini and set the session.auto_start to ON. This may not apply to your problems, but it worked for me. I discovered the problem when I was in config>variables and made some changes. I got an error message that indicated that the session variable "must be set to OFF".

I alerted my web host and it was fixed in minutes.

I hope this helps someone.

By the way:Windows server/Moodle 1.5

Best,
Chris

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Penny Leach - Wednesday, 7 September 2005, 1:32 PM

NZVLE team have been debugging this most of today and believe that we've committed a fix to CVS now. Credit: Patrick Li!

Woohoo.

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Wednesday, 7 September 2005, 2:59 PM

I am just looking at the patch....

Hmm, it seems that the new else should be never executed, unless the first setting of the test cookie is ignored. I might have seen something about this in the PHP bug tracker, am I right?

IMO there is a problem with this patch, it disables part of the detection of switched sessions. If the first page user receives is with somebody elses cookie, no error is shown - this case was reported before. I did set the test cookie intentionally only once to prevent this.

I will think about it more today. It seems to me that most of the problems here are incorrect permissions, time setting and broken/obsole apache or php. Anyway it was the aim to detect all these situations

skodak

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Penny Leach - Wednesday, 7 September 2005, 3:53 PM

Hrmm. As far as we know, we've never seen the session switching problem.. and we've certainly had problems with 1.5 and the neverending loop -which the patch immediately stopped..

I'm pretty sure we don't have any problems with permissions or with cookies being set with the wrong date or anything...

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Wednesday, 7 September 2005, 4:11 PM

Did you try to diagnose cookies while in the loop? The best way IMO should be some packet sniffer and inspection of obtained data.

What OS, apache and PHP versions?
Could you send me a link to some looping site?

edit:

The session switching is happening on some servers only, AFAIK all of them are sending session cookie on each page, but this is not the cause itself. The only known solution is to upgrade both PHP and Apache or even better is newer distro version.

I would like to remind you all that sesion-test.php tests general PHP sessions, not Moodle session! User cookie test was moved to login page itself. Normal PHP session is used during the first phase of installation, it is switched to Moodle session in the middle of the installation process - directory permissions might be the cause of incomplete installs here.

IMO we should remove session-test.php because it can not be fixed and add some more diagnostics to install.php...

skodka

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Penny Leach - Wednesday, 7 September 2005, 5:24 PM

> Did you try to diagnose cookies while in the loop?

We got a lot of stuff printed out to see exactly what was happpening, and the MoodleSessionTest cookie wasn't actually being set. You can see from the patch exactly the circumstances where it wasn't being set - the test for !isset($_SESSION['SESSION']) was failing and so MoodleSessionTest never got set and hence, infinite loop.

> What OS, apache and PHP versions?

Reproduced on:

* Debian Sarge, PHP 4.3.10-16, Apache 1.3.33

* Debian Sarge, PHP 4.3.8-12, Apache 1.3.31

* Debian Testing, PHP 4.3.10-15, Apache 1.3.33-6

It happens when the browser is left open longer than some cookie or session lifetime... not when browser is closed and opened again. I can login, do stuff, it's fine, go out for lunch or do something else for an hour or two and then when I start again I get into the loop. Very reproducable, although time consuming.

I've never seen the problem on moodle.org though

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Wednesday, 7 September 2005, 6:00 PM

If you leave the browser open for longer than session lifetime AND the session file is deleted, then you should get "session timed out", both cookies should be deleted and you should login again.

IMO this can be simulated by deleting the session file, no need to wait several hours.

I think that your patch is incorrect, you can not set the test cookie when it is not there - we must find out WHY it is not there.

skodak

edit:

The problem might be that on one page session is first created (sent cookie and created file) and at the same time session cookie deleted. Maybe we might use output buffering to eliminate the sending of cookies when it is not needed; or forward to another page that deletes the cookies...

edit2:

... it would explain why it works in some browsers only. Older PHPs might fail when setting+deleting cookie on one page, resulting in weird headers that only some browsers understand.

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Wednesday, 7 September 2005, 6:38 PM

Penny, could you please test the following code?

    if (!isset($nomoodlecookie)) {
        session_name('MoodleSession'.$CFG->sessioncookie);
        @session_start();
        if (! isset($_SESSION['SESSION'])) {
            $_SESSION['SESSION'] = new object;
            $_SESSION['SESSION']->session_test = random_string(10);
            //if (!empty($_COOKIE['MoodleSessionTest'.$CFG->sessioncookie])) {
                //timed out session => ignore it
            //}
            setcookie('MoodleSessionTest'.$CFG->sessioncookie, $_SESSION['SESSION']->session_test, 0, '/');
            $_COOKIE['MoodleSessionTest'.$CFG->sessioncookie] = $_SESSION['SESSION']->session_test;
        }
        if (! isset($_SESSION['USER']))    {
            $_SESSION['USER']    = new object;
        }

        $SESSION = &$_SESSION['SESSION'];   // Makes them easier to reference
        $USER    = &$_SESSION['USER'];
    }

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Penny Leach - Thursday, 8 September 2005, 4:40 AM

I tested that -- it didn't work.

The problem is that in our case, when the session is deleted (you're right, it is reproducable by deleting the session files), it doesn't get through

if (! isset($_SESSION['SESSION'])) {

so the change in the above code (the commented out part) wasn't getting executed anyway.

Are you on skype? I have a test site we can play with but it would be better if we coordinated (I can delete a session while you're on the site etc). I'm mjollnir__

Edit: the problem is that because the cookie containing the session id is set to have the lifetime until the browser closes, when the session file gets deleted, the cookie still contains the old session id.

Edit again: more debugging information. I put in an else to the above if, and did a print_r($_SESSSION) which showed:

(
[SESSION] => object Object
(
[session_test] => t5N3rEADi0
[encoding] => iso-8859-1
)

)

adding in a line in report_session_error that looks like:

unset($_SESSION['SESSION']);

fixes it also. Maybe that's a better fix.

Edit AGAIN: the problem with that is we lose logincount. Maybe we could consider putting $_SESSION['SESSION']->logincount into $_SESSION['logincount'] instead and then we don't need to worry about the repercussions of doing unset($_SESSION['SESSION']);

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Martín Langhoff - Thursday, 8 September 2005, 5:33 AM

Hi Petr,

this didn't work, unfortunately.

Part of the reason we saw this problem is that on our servers, Moodle does not control session lifetime directly. As you say, both cookies are set together, but if session lifetime is not enforced, users return to the server with a session cookie that is still valid past the expiry time we'd expect. The MoodleSessionTest cookie, on the other hand, has disappeared.

I still think the patch to setup.php is reasonable (we backed out the changes to weblib.php) -- as it won't overwrite the MoodleSessionTest if it is there; and I think that is what is worrying you. Session swap detection still works. It will restore MoodleSessionTest only if it's altogether missing.

Of course, we are reconfiguring our servers to have the session timeouts match Moodle. But these can't be guaranteed to match because Moodle is setting the PHP session_gc timeout, but many distros (Debian derivatives at least) are doing their own GC. And on servers with a lot of traffic, you can't let PHP deal with it, so webhosting companies are likely to be doing their own session GC with a cronjob, like Debian does.

PHP's native session GC is a bit of a fragile toy, unfortunately.

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Thursday, 8 September 2005, 7:07 AM

None of the two cookies can "disappear", you have to unset it (session error, cron or logout) because there is no expiration time in them.

If you are adding "missing" session test cookies you ARE breaking the detection mechanism. It should be created/updated only when the session starts.

I think that it does not matter if you are doing session gc from cron or interal PHP, it should work the same from the programmers perspective. Well, pople might be a bit mistaken when they set timeout to 2 hours in Moodle, but the provider sets the cron job only to 30 minutes.

Anyway I think that we might get rid of the "session timed out" page - the way it was in 1.4 seems better to me.

I will work on it more tomorrow (8. Sep)

I have to get a new headset for the skyping, the old one is dead

skodak

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Penny Leach - Thursday, 8 September 2005, 7:47 AM

> have to get a new headset for the skyping, the old one is dead

We mostly use IM in Skype anyway ...

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Thursday, 8 September 2005, 4:03 PM

Hi Penny!

I am ready for the bughunt, could you please upload attached files to the root of your test site (with the old buggy setup.php)? I would like to diagnose the looping a bit myself.

skodak

sess.zip

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Friday, 9 September 2005, 8:30 PM

We have found the problem at eduforge, the problem was in custom modifications. The conclusion is that there is no known problem in normal Moodle.

I have reverted the patch in setup.php, because it was not correct - we have discussed about it with Penny and Martin L today.

I would like to commit the patch above if MD agrees, because it might solve some problems. The result is that the "session timed out" page will not be shown, instead it will behave as if user closed/opened the browser - 1.4 worked exactly this way before.

We could add some better timeout messages in 1.6 (probably integrated into login page), because it needs a lot of testing...

Index: setup.php
===================================================================
RCS file: /cvsroot/moodle/moodle/lib/setup.php,v
retrieving revision 1.123.2.10
diff -u -r1.123.2.10 setup.php
--- setup.php	9 Sep 2005 11:08:41 -0000	1.123.2.10
+++ setup.php	9 Sep 2005 12:25:59 -0000
@@ -301,12 +301,12 @@
         if (! isset($_SESSION['SESSION'])) {
             $_SESSION['SESSION'] = new object;
             $_SESSION['SESSION']->session_test = random_string(10);
-            if (empty($_COOKIE['MoodleSessionTest'.$CFG->sessioncookie])) {
-                setcookie('MoodleSessionTest'.$CFG->sessioncookie, $_SESSION['SESSION']->session_test, 0, '/');
-                $_COOKIE['MoodleSessionTest'.$CFG->sessioncookie] = $_SESSION['SESSION']->session_test;
-            } else {
-                $_COOKIE['MoodleSessionTest'.$CFG->sessioncookie] = 'error!!';
+            if (!empty($_COOKIE['MoodleSessionTest'.$CFG->sessioncookie])) {
+                //timed out session => ignore it as before in 1.4 for now
+                //define('SESSION_TIMEDOUT', 'true');
             }
+            setcookie('MoodleSessionTest'.$CFG->sessioncookie, $_SESSION['SESSION']->session_test, 0, '/');
+            $_COOKIE['MoodleSessionTest'.$CFG->sessioncookie] = $_SESSION['SESSION']->session_test;
         }
         if (! isset($_SESSION['USER']))    {
             $_SESSION['USER']    = new object;

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Martin Dougiamas - Friday, 9 September 2005, 9:09 PM

Yes, I'm all for it!

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Saturday, 10 September 2005, 4:37 AM

here is a second part, it moves the timeout message to login page and makes it possible to add it to arbitrary page. New message was added for switched sessions or other strange problems. It should help to diagnose some problems.

Index: lang/en/error.php
===================================================================
RCS file: /cvsroot/moodle/moodle/lang/en/error.php,v
retrieving revision 1.17.2.2
diff -u -r1.17.2.2 error.php
--- lang/en/error.php	15 Jul 2005 19:44:40 -0000	1.17.2.2
+++ lang/en/error.php	9 Sep 2005 20:31:17 -0000
@@ -17,6 +17,7 @@
 $string['processingstops'] = 'Processing stops here. Remaining records ignored.';
 $string['restricteduser'] = 'Sorry, but your current account \"$a\" is restricted from doing that.';
 $string['sessionerroruser'] = 'Your session has timed out.  Please login again.';
+$string['sessionerroruser2'] = 'Session error occured. Please login again or restart your browser.';
 $string['sessionipnomatch'] = 'Sorry, but your IP number seems.......'; //shortened here for web post
 $string['unknowncourse'] = 'Unknown course named \"$a\"';
 $string['usernotaddederror'] = 'User \"$a\" not added - unknown error';
Index: lib/moodlelib.php
===================================================================
RCS file: /cvsroot/moodle/moodle/lib/moodlelib.php,v
retrieving revision 1.565.2.38
diff -u -r1.565.2.38 moodlelib.php
--- lib/moodlelib.php	8 Sep 2005 23:04:10 -0000	1.565.2.38
+++ lib/moodlelib.php	9 Sep 2005 20:31:44 -0000
@@ -1323,15 +1323,18 @@
         }
         $USER = NULL;
         if ($autologinguest and $CFG->autologinguests and $courseid and get_field('course','guest','id',$courseid)) {
-            $loginguest = '?loginguest=true';
+            $params = '?loginguest=true';
         } else {
-            $loginguest = '';
+            $params = '';
+        }
+        if (defined(SESSION_HAS_TIMED_OUT)) {
+            $params = empty($params) ? '?timedoutsession=true' : $params.'&timedoutsession=true';
         }
         if (empty($CFG->loginhttps)) {
-            redirect($CFG->wwwroot .'/login/index.php'. $loginguest);
+            redirect($CFG->wwwroot .'/login/index.php'. $params);
         } else {
             $wwwroot = str_replace('http','https', $CFG->wwwroot);
-            redirect($wwwroot .'/login/index.php'. $loginguest);
+            redirect($wwwroot .'/login/index.php'. $params);
         }
         exit;
     }
@@ -6349,7 +6352,7 @@
     } else {
         set_config('session_error_counter', 1);
     }
-    redirect($FULLME, get_string('sessionerroruser', 'error'), 2);
+    redirect($FULLME, get_string('sessionerroruser2', 'error'), 5);
 }
 
 
Index: login/index.php
===================================================================
RCS file: /cvsroot/moodle/moodle/login/index.php,v
retrieving revision 1.74.2.4
diff -u -r1.74.2.4 index.php
--- login/index.php	17 Aug 2005 10:31:46 -0000	1.74.2.4
+++ login/index.php	9 Sep 2005 20:31:46 -0000
@@ -2,7 +2,8 @@
 
     require_once("../config.php");
 
-    $loginguest = optional_param('loginguest', false); // determines whether visitors are logged in as guest automatically
+    $loginguest      = optional_param('loginguest', 0, PARAM_BOOL); // determines whether visitors are logged in as guest automatically
+    $timedoutsession = optional_param('timedoutsession', 0, PARAM_BOOL);
 
     //HTTPS is potentially required in this page
     httpsrequired();
@@ -201,6 +202,10 @@
     if (empty($errormsg)) {
         $errormsg = '';
     }
+    
+    if ($timedoutsession) {
+        $errormsg = get_string('sessionerroruser', 'error');
+    }
 
     if (get_moodle_cookie() == '') {   
         set_moodle_cookie('nobody');   // To help search for cookies

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Saturday, 10 September 2005, 4:08 PM

MD's suggestion to strore the timeout info in session is IMO better, here is a new patch. The only problem left is how to call the new string in language pack.

Index: lang/en/error.php
===================================================================
RCS file: /cvsroot/moodle/moodle/lang/en/error.php,v
retrieving revision 1.17.2.2
diff -u -r1.17.2.2 error.php
--- lang/en/error.php	15 Jul 2005 19:44:40 -0000	1.17.2.2
+++ lang/en/error.php	10 Sep 2005 08:03:20 -0000
@@ -17,6 +17,7 @@
 $string['processingstops'] = 'Processing stops here. Remaining records ignored.';
 $string['restricteduser'] = 'Sorry, but your current account \"$a\" is restricted from doing that.';
 $string['sessionerroruser'] = 'Your session has timed out.  Please login again.';
+$string['sessionerroruser2'] = 'Session error occured. Please login again or restart your browser.';
 $string['sessionipnomatch'] = 'Sorry, but your IP number seems to have changed...'; //shortened for web post only
 $string['unknowncourse'] = 'Unknown course named \"$a\"';
 $string['usernotaddederror'] = 'User \"$a\" not added - unknown error';
Index: lib/moodlelib.php
===================================================================
RCS file: /cvsroot/moodle/moodle/lib/moodlelib.php,v
retrieving revision 1.565.2.38
diff -u -r1.565.2.38 moodlelib.php
--- lib/moodlelib.php	8 Sep 2005 23:04:10 -0000	1.565.2.38
+++ lib/moodlelib.php	10 Sep 2005 08:03:47 -0000
@@ -6349,7 +6349,7 @@
     } else {
         set_config('session_error_counter', 1);
     }
-    redirect($FULLME, get_string('sessionerroruser', 'error'), 2);
+    redirect($FULLME, get_string('sessionerroruser2', 'error'), 5);
 }
 
 
Index: lib/setup.php
===================================================================
RCS file: /cvsroot/moodle/moodle/lib/setup.php,v
retrieving revision 1.123.2.11
diff -u -r1.123.2.11 setup.php
--- lib/setup.php	9 Sep 2005 15:12:42 -0000	1.123.2.11
+++ lib/setup.php	10 Sep 2005 08:03:47 -0000
@@ -302,7 +302,7 @@
             $_SESSION['SESSION'] = new object;
             $_SESSION['SESSION']->session_test = random_string(10);
             if (!empty($_COOKIE['MoodleSessionTest'.$CFG->sessioncookie])) {
-                define('SESSION_HAS_TIMED_OUT', 'true');
+                $_SESSION['SESSION']->has_timed_out = true;
             }
             setcookie('MoodleSessionTest'.$CFG->sessioncookie, $_SESSION['SESSION']->session_test, 0, '/');
             $_COOKIE['MoodleSessionTest'.$CFG->sessioncookie] = $_SESSION['SESSION']->session_test;
Index: login/index.php
===================================================================
RCS file: /cvsroot/moodle/moodle/login/index.php,v
retrieving revision 1.74.2.4
diff -u -r1.74.2.4 index.php
--- login/index.php	17 Aug 2005 10:31:46 -0000	1.74.2.4
+++ login/index.php	10 Sep 2005 08:03:49 -0000
@@ -4,6 +4,14 @@
 
     $loginguest = optional_param('loginguest', false); // determines whether visitors are logged in as guest automatically
 
+/// Check for timed out sessions
+    if (!empty($SESSION->has_timed_out)) {
+        $session_has_timed_out = true;
+        $SESSION->has_timed_out = false;
+    } else {
+        $session_has_timed_out = false;
+    }
+
     //HTTPS is potentially required in this page
     httpsrequired();
 
@@ -201,6 +209,10 @@
     if (empty($errormsg)) {
         $errormsg = '';
     }
+    
+    if ($session_has_timed_out) {
+        $errormsg = get_string('sessionerroruser', 'error');
+    }
 
     if (get_moodle_cookie() == '') {   
         set_moodle_cookie('nobody');   // To help search for cookies

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Tuesday, 20 September 2005, 1:29 AM

I am going to commit the patch above tomorrow if nobody stops me

The only problem I have is the name of the new language string and if the string should go into both STABLE and HEAD. Trying to skype MD for clarification ...

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Martin Dougiamas - Tuesday, 20 September 2005, 2:41 PM

"A server error that affects your login session was detected. Please login again or restart your browser."

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Wednesday, 21 September 2005, 6:10 PM

I need one more day to commit it - reinstalling my computer again

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Martín Langhoff - Thursday, 8 September 2005, 8:02 AM

Petr -- odd! the few times we managed to repro it (and jumped into editing the code live while the browser was bouncing) we could definitely _see_ that the MoodleTest cookie was _not_ in the $_COOKIES array.

So -- that particular situation _must_ be handled by setup.php somehow... even if it is nominally impossible. Perhaps it is a better fix to force a full session reset, but right now, the logic never gets there.

Cheers! I'll be on Skype today as martin_langhoff

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Penny Leach - Thursday, 8 September 2005, 3:10 AM

> If you leave the browser open for longer than session lifetime AND the session file
> is deleted, then you should get "session timed out", both cookies should be
> deleted and you should login again.

Agreed.. but it shouldn't loop!

Anyway. I'll test the code you posted today.

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Patrick Li - Thursday, 8 September 2005, 5:17 AM

This is a quite wired problem. Penny can reproduce this every time she deletes the session file on her box, and in my test enviroment I can never go into this loop, no matter what I do. She is using a Mac + Safari and I am using Debian(Ubuntu) + Firefox. I only met the loop once on our production server.

The fix I was originally considering is unsetting $SESSION but this will break the the login count, as Penny pointed out.

I think we are in a funny situation isn't it?

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by James Robertson - Saturday, 17 September 2005, 5:17 AM

I don't know if this is the same problem or not: We've been running 1.5 since June, most recent upgrade two weeks ago to 1.5.2+, have not seen this problem at all until today. Had one copy of Moodle up in Firefox, pulled up another to check IE view, got this message:

Your session has timed out. Please login again.

(Continue)

Warning: Unknown(): write failed: Disk quota exceeded (122) in Unknown on line 0

Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/home/aimdt/moodledata/sessions) in Unknown on line 0

For over an hour I couldn't login under any name in either IE or Firefox, but I could work normally in the original copy I had up in Firefox. Starting a new browser and going to the site login page produced the timeout message (without the two warnings) very briefly before any login was attempted.

I had just finished reading this thread (trying to login at various times), and then I got in again. I am not currently seeing any problem. I am not aware of having changed anything (other than a font size change to some text in an assignment) during the entire episode, though another admin may have been creating classes and adding students during that time.

Any ideas on what might have happened? It looks OK now, but I have no idea what went wrong nor how to go about correcting it if it happens again. Fortunately no students were on this afternoon, but who knows about next time.

Linux server, Apache 1.3.33 (Unix), PHP 4.3.10, MySQL 4.1.13, Moodle 1.5.2+ v2005060222, was using WinXP and Win2k.

Thanks,

Jim.

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Petr Skoda - Saturday, 17 September 2005, 7:15 AM

This is a different problem, clean up your disk space or ask for an bigger quota.

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Trizit Benjaboonyazit - Thursday, 3 November 2005, 6:23 AM

I have encountered the same problem this morning.

I try to clear all session from the database , but not work.

I notice that the time in my pc icon tray is backdated, so I updated the time to the present day and hour, the problem is cleared, I can find my front page and login again.

I am not sure there is any link to the problem.

http://www.bangkaew.com/elearning/

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Keith Wilkinson - Sunday, 20 November 2005, 5:46 AM

I had exactly the same problem but from a different perspective.

The production version is running on a Linux box. I have some problems when backing up the entire kaboodle - moodle hangs when performing a cron job - mainly caused by my own ignorance. I need to backup the system and make it work on a new box.

I have copied the moodledata folder to a mem stick and dumped the database using mysqldump

Restoring the database and moodledata folder to a windows system gave no problems at all. Performing the same task on a new separate linux box resulted in the session time out message.

Changing the permissions for all files in the moodledata folder did the trick. It got past the message and ugraded the database as expected. Now everything is working fine - at the moment.

Any help with the cron problem would be welcome. The system stalls when performing a full backup. Silly me set the automatic backup feature, then accidentally run the cron . Smaller backups of courses seem fine . I am trying to get cron working properly and the automated backup process. Cron works fine when called - but is not running of its own accord. I tried the wget feature specified in the installation guide - and that's when my problems really manifest themselves. Now I have to shut down the box to get it all working again. Now I have to wait 2 days to get at the server to shut it down

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Thomas Horn - Friday, 24 March 2006, 5:47 AM

A relative newbie to Moodle, but am having the same session timeout problem.
Read through this thread trying some of the suggestions, but problem persists.
I've found the file permissions in moodledata/sessions are set to 0400 upon the session file creation, with the owner:group being apache:apache. Changing the permissions on the session files to 774 allows me to log in.
However, upon logging out, and closing the browser, I'm using FF, then returning to the site, I get the timeout message and am unable to login.
Have noticed that the session files are not deleted after logging out. Don't know if this is a problem?
Also apache error log shows the following:

PHP Warning: Unknown: open(/var/www/html/moodledata/sessions/sess_l3k9afvda6g7l0q9q5hhuaa840, O_RDWR) failed: Permission denied (13) in Unknown on line 0, referer: http://ciaosp.cia.edu/moodle/login/index.php
PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/www/html/moodledata/sessions) in Unknown on line 0, referer: http://ciaosp.cia.edu/moodle/login/index.php

Since this is only a test site, it's not critical. But a resolution to this issue would be MOST appreciated.

site is at http://ciaosp.cia.edu/moodle

Tom

Server: Fedora Core 4, Apache: 2.0.54, PHP: 5.0.4, MySQL: 4.1.16

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Jose Hales-Garcia - Thursday, 15 December 2005, 6:46 AM

I saw this message for the first time after upgrading to 1.5.3+ (2005060230) from 1.5.2.

I noticed the following message was being written to my Apache logs on logging out of Moodle:

[Wed Dec 14 14:39:26 2005] [error] [client 128.97.55.18] File does not exist: /Library/WebServer/Documents/moodle/favicon.ico

So I copied over to my Moodle server a favicon.ico file I happened to have on another web server and now the session timeout message is gone.

Strange.

Jose

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Brian Douglas - Thursday, 19 January 2006, 8:10 AM

After upgrading to Version 1.5 I had the same problem. Changing file permissions on the MoodleData folder did the trick.

Thanks for your help

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Alejandro Gomez - Monday, 23 January 2006, 11:54 PM

I'm not much of an expert, so despite reading the whole thread, I'd be generous sayind I understood 30%...

How can I change file permissions if I can't even log in at all niether as an admin, user, guest?

Thanks,

Alejandro

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Iñaki Arenaza - Wednesday, 25 January 2006, 7:18 AM

You have to change them at the operating system level, not from within Moodle. If you don't have local access to the moodledata directory (you'll need a shell account on Unix, a local drive or a network mapped one on Windows), you can usually use your FTP client to change them remotely.

Saludos. Iñaki.

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Roni Malek - Monday, 8 May 2006, 10:55 PM

I'd be grateful if anyone has any other solution to this problem.

I was on 1.43 and got the session timed out problem. Upgraded to 1.52 [patched-1] have set directory permissions and tried other suggestions in this thread with no luck.

I have a server account that doesn't allow me control over the php.ini settings or version (currently 5.05) but have noticed that attempts to login to moodle cause lots of 'core' files to be written, usually to the login folder.

Thanks

Roni Malek

Average of ratings: -

Re: 1.5 upgrade cant login session timeout

by Roni Malek - Thursday, 11 May 2006, 6:58 PM

Replying to my own message. Finally got a resolution to this.

My hosting company had upgraded my account from 32 bit to 64 bit server and now have moved my account back to the older 32 bit server it works fine again.

There is some problem with moodle working on the 64 bit server - this caused quite a bit of grief as all other fixes suggested in this thread obviously had no impact and this took quite a while to get to.

Roni Malek

Average of ratings: -