Upload submission or save HTML redirect to userhome

I have recently noted that when author upload submission file, it redirects to userhome page. The same error is occurred when I add HTML content in the 5.4 JOURNAL PAGE FOOTER

@escijour,

The page you are redirected to is the user home or the login one? Are you still logged in after the redirection?

Regards,
Bruno

I redirect to the userhome and still logged in to my account.

@escijour,

It seems your journal setup step value might be wrong. That’s the only case in the code where a save setup form operation is handled with a redirect.

Can you paste the url that’s in your browser when you’re viewing the journal setup 5 page?

Thanks,
Bruno

When viewing the journal setup at step 5 the url is;

http://escijournals.net/index.php/phytopath/manager/setup/5

When I save it redirects to list of journals page (screenshot attached) and the URL there is;

http://escijournals.net/index.php/phytopath/manager/saveSetup/5

Hi @escijour,

It looks to me like something unusual is happening on your server. Is your host running mod_security? Occasionally that’s been known to mistakenly prevent OJS from performing certain activities. This will depend on your server, but typically cases like this will be logged somewhere.

Regards,
Alec Smecher
Public Knowledge Project Team

Thank you. That was the error and I asked my hosting provider to resolve this issue.

Dear @asmecher
Can you provide me with more information about why the mod_security will cause this problem. Our hosting provider is not keen to switch this functionality off, as they are afraid of misuse and abuse. Is their another way around this?

Hi @tretief,

You shouldn’t need to disable mod_security entirely, just check its log for the specific rule that’s getting triggered and adjust/remove that rule as needed. It may be possible to specifically exempt parts of the server from certain rules; it’s worth checking the mod_security documentation for possibilities.

mod_security works by checking requests against a series of tests that can be indicative of break-in attempts, but some of those rules can be overly general and can intervene with the normal operation of OJS. I think that’s what’s happened in this case.

Regards,
Alec Smecher
Public Knowledge Project Team

Thanks @asmecher - will report our findings.

Hi @asmecher

Spend some time investigating the rules and its behavior, however, when using the OJS Login As function (user impersonation), the impersonated user session will randomly be lost. While impersonating a user, clicking any link such as viewing the list of articles in editing stages, archived articles etc can trigger this to happen. This seems to be happening at random while impersonating a user. Any thoughts on the cause? Will send you private .gif to show you the behaviour

Hi all,

It looks like this was related to cookies; it’s possible that resetting the cookies will solve the problem, but if not, I have some further configuration ideas that may resolve it more completely.

Regards,
Alec Smecher
Public Knowledge Project Team