rash Posted August 10, 2021 Share Posted August 10, 2021 Hi all, on a site working flawlessly since a few years, I suddenly cannot login anymore, all I get is 'This request was aborted because it appears to be forged'. The site runs on a shared hosting server, my last active changes happened many months ago and the hosting service usually changes nothing without clearly notifying it long before. Means: I haven’t got the slightest clue where to start. Of course I’ve used the forum search, read probably all related threads and followed the most hints (some of them are pretty old, so I decided to be cautious) but no success. A few facts: - I don’t know the exact PW version as I can’t find it outside the unaccessible backend, but it should be at least 3.0.16X. - TracyDebugger is in use on this site, but not SessionHandlerDB. - I deleted /site/assets/logs, /site/assets/cache and /site/assets/session. Before I did that, all of them were writable. - I replaced index.php with the latest dev version. - When I set $config->protectCSRF to false, the message disappears, but the login page gets constantly reloaded. - Setting $config->debug to true delivers 'Deprecated: strpos(): Non-string needles will be interpreted as strings in the future. Use an explicit chr() call to preserve the current behavior in .../site/config.php on line 104', followed by warnings, that the header was already sent by. Link to comment Share on other sites More sharing options...
Pixrael Posted August 11, 2021 Share Posted August 11, 2021 check this: 2 Link to comment Share on other sites More sharing options...
rash Posted August 11, 2021 Author Share Posted August 11, 2021 @Pixrael Thanks for your help. Your thread is one of those I read before, but it didn’t lead me much further. It seems as if the error can have approximately thousand different causes and so the 127+ forum topics you mentioned are mostly guesswork with some enviably happy winners. That’s not meant sneeringly, I know that server based issues can be very hard to catch. In my case I’m not sure whether I’m struggling with a server case at all. When you go to bed with a working site and wake up the next morning with an unworking one without any changes on your system, it’s not very likely that your database acts suddenly strange or your PHP session path is not writable anymore. Furthermore I copied the site to a local environment in the meantime, where precisely the same shit happens. As far as I can see, it has to be something inside the /site/ directory or the database. As I updated to the latest dev version, /wire/, index.php and htaccess should be fine. 1 Link to comment Share on other sites More sharing options...
rash Posted August 12, 2021 Author Share Posted August 12, 2021 Not solved, just bypassed: Fresh PW install into a different root directory on the same machine, moved old /site/ directory to the new install and set config.php to the old database and user salt. After clearing the cache and session folder, everything runs fine now. Fortunately, this very obscure situation appeared on a site that is managed by myself and nobody else. To have this on customer work would probably be a nightmare. I don’t know if it’s possible or rather a security issue, but I would appreciate it very much if an error message would reveal a bit more than 'This request was aborted because it appears to be forged'. The error seems to occur repeatedly at least since 2012 without any systematic debugging strategy beyond guesswork into the blue. To hear that something went wrong is arguably better than complete silence, but a bit more information what the system doesn’t like would be helpful. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now