login loop after upgrade

magmastern

Joined: 2008-12-19
Posts: 4
Posted: Fri, 2008-12-19 11:15

Hello all,

after upgrading my gallery installation i'm not able to do step two of the configuration wizard. The first login works, i click the "next step" button of the wizard and the login page comes back > and so on and on....
I think, it is a problem with the php session management. The "check sessions" script doesn't work > but i don't know why...
Perhaps there is a mistake in my php.ini file.
What can i do?

Thank's for any help!

Marcus

The following information is required to get an answer:
Get this information from the PHP diagnostic (in the configuration wizard).
Gallery URL (optional but very useful): http:/holsties.homeip.net/gallery
Gallery version:1.6 - RC3
Apache version:IIS 5.1
PHP version (don't just say PHP 4, please):PHP 5.28
Graphics Toolkit:
Operating system:Windows XP
Web browser/version (if applicable):Firefox 3.0.4

AttachmentSize
php.ini_.txt47.86 KB
 
Tim_j
Tim_j's picture

Joined: 2002-08-15
Posts: 6818
Posted: Fri, 2008-12-19 11:21

Hi,

is this path
session.save_path = "C:\PHP\sessions"

writable for the webserver?

Jens
--
Gallery Developer

 
magmastern

Joined: 2008-12-19
Posts: 4
Posted: Fri, 2008-12-19 12:12

yes, it is > there are a lot of "sess_*" files in the directory
I gave read/write rights to the "IUSR_" IIS Webserver Account

 
poxpa
poxpa's picture

Joined: 2008-12-26
Posts: 7
Posted: Fri, 2008-12-26 17:03

I noticed this same thing after I upgraded too. I found that 1.5.9-b27 works and 1.5.9-b29 does not. So there appears to be a change in session handling between those two builds.

 
magmastern

Joined: 2008-12-19
Posts: 4
Posted: Sun, 2008-12-28 12:59

Hello poxpa,

where can i get the 1.5.9-b27 version? My gallery doesn't work and i'm very interested in changing this situation...
Thank's for help!

 
poxpa
poxpa's picture

Joined: 2008-12-26
Posts: 7
Posted: Sun, 2008-12-28 19:12

You can find the nightly G1 builds (use at your own risk) at:
http://jems.de/archive/

The root of this issue appears to be that the secure session cookie code is always enabling the PHP parameter session.cookie_secure regardless of whether you're using http or https.

Unfortunately until that is resolved, we (IIS users) may need to stay at lower versions.

Could this be addressed in Jallery? Let's hope!

 
Tim_j
Tim_j's picture

Joined: 2002-08-15
Posts: 6818
Posted: Sun, 2008-12-28 21:39

Hello,

there was indeed a significant change in the session code in 1.5.9-b28. (And 1.6-RC2-svn-b25)

Unfortunately i have no IIS setup available, so i can not test this.

Jens
--
Gallery Developer

 
poxpa
poxpa's picture

Joined: 2008-12-26
Posts: 7
Posted: Mon, 2008-12-29 01:23

I am happy to help test this for you, Jens. Is there a place in the session.php code where you test for https/http that we could enable/disable the session.cookie_secure parameter?
- Dave

 
Tim_j
Tim_j's picture

Joined: 2002-08-15
Posts: 6818
Posted: Mon, 2008-12-29 19:02

Hello Dave,

thanks for the offer, but this would make it difficult for me.
I'd need a system where _i_ could do tests and development.
If you make a diff between b27 and b29 you quickly see what changed.

Jens
--
Gallery Developer

 
poxpa
poxpa's picture

Joined: 2008-12-26
Posts: 7
Posted: Tue, 2008-12-30 03:30

Hi Jens,

I believe I have found the the issue... The $_SERVER['HTTPS'] variable is not null for a http session running through ISAPI on IIS. Here is the php manual definition:

'HTTPS'
Set to a non-empty value if the script was queried through the HTTPS protocol. Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.

So, I was able to resolve by changing the session.php function code for isHttpsConnection() as follows:

function isHttpsConnection() {
if (isset($_SERVER['HTTPS'] ) && stristr($_SERVER['HTTPS'], "on")) {
$httpType = $_SERVER['HTTPS'];
}
else {
$httpType = null;
}
return !empty($httpType);
}

Would you please consider this change for future builds?

Thanks!
- Dave

 
Tim_j
Tim_j's picture

Joined: 2002-08-15
Posts: 6818
Posted: Tue, 2008-12-30 06:00

Hello Dave,

great! Thanks for the quick fix.

I will implement this in Jallery, but the lifecycle of Gallery 1.x is over.

Jens
--
Gallery Developer