login loop after upgrade
magmastern
Joined: 2008-12-19
Posts: 4 |
Posted: Fri, 2008-12-19 11:15 | |||
Hello all, after upgrading my gallery installation i'm not able to do step two of the configuration wizard. The first login works, i click the "next step" button of the wizard and the login page comes back > and so on and on.... Thank's for any help! Marcus The following information is required to get an answer:
|
||||
Posts: 6818
Hi,
is this path
session.save_path = "C:\PHP\sessions"
writable for the webserver?
Jens
--
Gallery Developer
Posts: 4
yes, it is > there are a lot of "sess_*" files in the directory
I gave read/write rights to the "IUSR_" IIS Webserver Account
Posts: 7
I noticed this same thing after I upgraded too. I found that 1.5.9-b27 works and 1.5.9-b29 does not. So there appears to be a change in session handling between those two builds.
Posts: 4
Hello poxpa,
where can i get the 1.5.9-b27 version? My gallery doesn't work and i'm very interested in changing this situation...
Thank's for help!
Posts: 7
You can find the nightly G1 builds (use at your own risk) at:
http://jems.de/archive/
The root of this issue appears to be that the secure session cookie code is always enabling the PHP parameter session.cookie_secure regardless of whether you're using http or https.
Unfortunately until that is resolved, we (IIS users) may need to stay at lower versions.
Could this be addressed in Jallery? Let's hope!
Posts: 6818
Hello,
there was indeed a significant change in the session code in 1.5.9-b28. (And 1.6-RC2-svn-b25)
Unfortunately i have no IIS setup available, so i can not test this.
Jens
--
Gallery Developer
Posts: 7
I am happy to help test this for you, Jens. Is there a place in the session.php code where you test for https/http that we could enable/disable the session.cookie_secure parameter?
- Dave
Posts: 6818
Hello Dave,
thanks for the offer, but this would make it difficult for me.
I'd need a system where _i_ could do tests and development.
If you make a diff between b27 and b29 you quickly see what changed.
Jens
--
Gallery Developer
Posts: 7
Hi Jens,
I believe I have found the the issue... The $_SERVER['HTTPS'] variable is not null for a http session running through ISAPI on IIS. Here is the php manual definition:
'HTTPS'
Set to a non-empty value if the script was queried through the HTTPS protocol. Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.
So, I was able to resolve by changing the session.php function code for isHttpsConnection() as follows:
function isHttpsConnection() {
if (isset($_SERVER['HTTPS'] ) && stristr($_SERVER['HTTPS'], "on")) {
$httpType = $_SERVER['HTTPS'];
}
else {
$httpType = null;
}
return !empty($httpType);
}
Would you please consider this change for future builds?
Thanks!
- Dave
Posts: 6818
Hello Dave,
great! Thanks for the quick fix.
I will implement this in Jallery, but the lifecycle of Gallery 1.x is over.
Jens
--
Gallery Developer