Manaus Posted April 1, 2016 Posted April 1, 2016 Hi, I downloaded a module (in this case AutoFbPost). After finishing the download I've been logged out, and when I try to log in I get a 'This request was aborted because it appears to be forged.' I cannot find the module within /site/modules/, where is it? Thanks!
BitPoet Posted April 1, 2016 Posted April 1, 2016 (edited) This sounds more like a stale frontend-proxy or session caching issue than something caused by module installation. Try setting $config->protectCSRF = false; in site/config.php, then you should be able to log in again and can dig deeper into the root of the problem. Edit: meant setting it to false, of course. Edited April 1, 2016 by BitPoet
Manaus Posted April 1, 2016 Author Posted April 1, 2016 Thanks BigPoet, put the string in the config, but nope, still alarmed for forgery... I also deleted an recreated /logs /sessions and /cache, to no avail...
BitPoet Posted April 1, 2016 Posted April 1, 2016 Did you see my correction (I had initially written "true", which, of course, doesn't change anything).
Manaus Posted April 1, 2016 Author Posted April 1, 2016 Ah! Thats it! Well forgery is gone, but I cannot login via usual credentials. Should I change pass uploading some temp code? Setting debug to true I see the error resides in session_start(), No such file or directory (2) in /var/www/[...]/web/site/modules/AutoFbPost/AutoFbPost.module Failed to write session data.
BitPoet Posted April 1, 2016 Posted April 1, 2016 Could it be that you replaced your site/config.php and changed $config->userAuthSalt? If yes, restoring the old value for userAuthSalt would be the preferred way to go.
Manaus Posted April 1, 2016 Author Posted April 1, 2016 The salt is the same on both local and remote (I upped the whole bunch)...
BitPoet Posted April 1, 2016 Posted April 1, 2016 Ah, I see that only now. You should be able to comment out the require_once and session_start lines in AutoFbPost.module and change the autload property in line 40 to false to stop it from interfering with your session.
Peter Knight Posted April 1, 2016 Posted April 1, 2016 I get that a lot when trying to sign in via some automatic password apps. I think it's also because some of my sites are based on similar setups and share AuthSalt keys. Same here?
Manaus Posted April 1, 2016 Author Posted April 1, 2016 Can't say why, but the downloaded module has weird owner and group, probably the admin, can't say. Wrote to the provider, whose services I am starting to understand less...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now