I am using OJS 2.4.8, and lately some some miss-config happened in my server made me unable to login in any php script except WordPress! We noticed that when we move any php script to a new account in the server, it will run fine. So, I decided to to move the full OJS installation files and database to the new account and every thing was working great except, I am still unable to login using any valid account and there is no error message popups, OJS just redirects me to the login page. Thanks
Hi @aymen,
This sounds like a cookie problem. There are a few cookie-related settings in config.inc.php to double-check, and if you’re able to confirm that introducing Wordpress caused the problem, you might look to see whether Wordpress is doing something funky e.g. using an .htaccess file.
Regards,
Alec Smecher
Public Knowledge Project Team
Hi @asmecher,
Thanks for your reply. I have have checked config.inc.php for cookies and all was fine session_cookie_name = OJSSID and session_lifetime = 30. I have also disabled WordPress form the sever and the issue still existing. What I am seeing now, the coming cookie form the server is already expired (1971)!
Regards,
Aymen
Hi @aymen,
That expired cookie is very strange – I’d suggest adding a few error_log calls to lib/pkp/classes/session/SessionManager.inc.php where the session_lifetime variable is fetched from config and added to the cookie, in order to determine whether OJS really is sending a 1971 expiry.
Regards,
Alec Smecher
Public Knowledge Project Team
Hi @asmecher,
Here are what I came up with:
tail -10000000 /usr/local/apache/logs/error_log | grep “SessionManager.inc.php” None…
tail -1000 /var/log/php-scripts.log | grep “SessionManager.inc.php” None…
tail -1000000 /var/log/php-scripts.log | less Server info:
OS: Linux
PHP Version: 5.6.25
Apache Version: N/A
DB Driver: mysql
DB server version: 10.0.27-MariaDB
[16-Sep-2016 18:03:18 America/Denver] ojs2 has produced an error
Message: WARNING: ini_set() has been disabled for security reasons
In file: /home//public_html/journals/lib/pkp/classes/session/SessionManager.inc.php
At line: 46
Stacktrace:
Server info:
OS: Linux
PHP Version: 5.6.25
Apache Version: N/A
DB Driver: mysql
DB server version: 10.0.27-MariaDB
[16-Sep-2016 18:03:18 America/Denver] ojs2 has produced an error
Message: WARNING: ini_set() has been disabled for security reasons
In file: /home/**/public_html/journals/lib/pkp/classes/session/SessionManager.inc.php
At line: 47
Regards,
Aymen
Hi @aymen,
Ah! That ini_set warning will definitely be a problem – you’ll need to talk with your hosting provider about allowing that function so that OJS can adequately control its environment.
Regards,
Alec Smecher
Public Knowledge Project Team
Hi @asmecher,
Just I want to thank you for your tracking to my issue and I want to tell you that my problem has been resolved by editing php.ini
session.referer_check = off
Regards,
Aymen
In case anyone else finds this conversation and was not helped by the above: we were faced with this issue on a staging site on the same server as a working live site, so we knew it wasn’t a php conflict (was able to log-in fine on the live site but were redirected on the staging site.) More specifically, we couldn’t log into the staging site unless we were logged out of the live site.
Our issue ended up being a cookie conflict - giving the staging site a different cookie name than the live site solved the issue for us (for example: session_cookie_name = OJSSID_STAGING, set in config.inc.php)
Hi @freeform-sg,
Thanks for writing up the hint! In case anyone is curious, changing the session_cookie_name will mean anyone who is currently logged in will have to log in again, but there’s no other downside in changing it. If you think some people might have conflicting cookies hanging around (e.g. if you’ve changed your base path), then this is a good thing to try changing.
Regards,
Alec Smecher
Public Knowledge Project Team