Jump to content
ragnarokkr

[Partially Solved] Unable to login: "This request was aborted because it appears to be forged."

Recommended Posts

Hi all guys! I've a BIG problem here and hope you can help me to solve it.

Suddenly yesterday my PW installation stopped letting me to log in.

I can access the front-end, but each time i try to log into the back-end it gives me "This request was aborted because it appears to be forged."

I already have searched into the forum and tried every possible solution, without any result :'(

In order:

  • site/config.php is readable
  • site/assets/{cache,logs,sessions} is present and 0755 (and setting them to 0777 doesn't make any difference)
  • tried to backup site/assets/sessions directory and make another new empty one
  • nothing is changed with user:group permissions
  • setting $protectCSRF, $sessionChallenge, and $sessionFingerprint to false the error disappears but the login page still remains
  • making the sessions table empty doesn't make any difference
  • enabled/disabled the www. redirection in .htaccess, just in case but nothing
  • enabled $debug and no error
  • removed cookies
  • restarted the server

Anybody has an idea? :-[

Share this post


Link to post
Share on other sites

No solution still, the only thing I've been able to do is to programmatically uninstall the SessionHandlerDB module.

Now I've got again the access to the back-end.

 

  • Like 1

Share this post


Link to post
Share on other sites

Are you using a VPN or anything that is changing your IP Address? I normally see this when my IP address has changed and I try to login to the backend again.

  • Like 1

Share this post


Link to post
Share on other sites
On 5/3/2017 at 2:51 AM, FrancisChung said:

Are you using a VPN or anything that is changing your IP Address? I normally see this when my IP address has changed and I try to login to the backend again.

I'm not using any VPN or anything else that could change my IP. The only thing I could think to is that something in SessionHandlerDB's tables/data has been corrupted for some reason and didn't allows me to login.

Since I'm still not migrated to the lastest 3.x version, I'll take my time to do an as clean as possible migration, trying to remove every possible troubles maker thing.

Share this post


Link to post
Share on other sites
On 22/03/2017 at 4:13 AM, ragnarokkr said:

The only thing I could think to is that something in SessionHandlerDB's tables/data has been corrupted for some reason and didn't allows me to login.

Since I'm still not migrated to the lastest 3.x version

If you are using an older version of PW and have Tracy Debugger installed together with SessionHandlerDB you can end up with truncated session data, which causes a CSRF error.

See this post (and the thread in general) for more:

 

  • Like 1

Share this post


Link to post
Share on other sites

Hi @Robin S,

I don't use Tracy Debugger so I can't give you any response about the issue you mentioned above but thanks for the link, just in case it will happens with some old PW version :biggrin:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By jploch
      Hey folks,
      Iam working on a new Admin Theme, based on AdminThemeReno, which I would like to release for the public soon.
      Now I want to style the login page to fit the look and feel of the backend.

      After some research, I found out that I have to set the "$config->defaultAdminTheme = 'AdminThemeName' " inside my site config.php file to load all the styles from my admin theme on the login page instead of the default ones.
      Is it possible to set this via api from my Admin Theme settings, without the need of editing the config file?
       
    • By DanielKit
      Hi. I'm currently stuck at the login page in my project. Once I enter my admin username and my password and press login, nothing happens. The page just reloads. However, the URL changes from http://myipaddress/processwire to http://myipaddress/processwire/?login=1. I've checked all of my server settings, and to my knowledge, all seems to be fine there. I don't know where to go from here.. Thanks in advance!
    • By Greg Lumley
      Hi, this has me stumped, please help. 😳

      I'm using a field 'page_body' in a page-template as well as a blog-template. 
      HannaCodeDialogue is enabled for the field page_body.
      HannaCode works perfectly in Pages but not in Posts. 

      The dropdown is visible in the pages edit template but not in the posts edit template. 
      If I manually put the code into the Posts Template i.e. : [[YouTubeVideo videoName="my_vid"]] it simply displays the tag. 
      I'm quite sure this is a config error of some sort but for the life of me, I can't find it. 
       
      Thank you. 
       
      Greg. 
    • By Tyssen
      I have a client who is reporting that in the last couple of days they can no longer login to their site with their normal browser (Chrome). Using another browser or an incognito window works.
      I've tried logging into the site using the same login details in my usual browser (Firefox) and have had no problems.
      The site is a membership site and today other members are reporting the same problem.
      The site is running 3.0.148 and has the session handler DB and login throttle modules installed. It was recently upgraded to 3.x from 2.x. But no changes have been made to the site between the time when they were able to login OK and when the problem started happening.
    • By Guy Incognito
      What's the best process for adding another user with TfaTotp 2FA? Just using it for the first time.
      Should I supply them with them with the secret when I first create their account? Seems like a security risk?
      Otherwise how do I create a 2FA user and let them login for the first time?
×
×
  • Create New...