Session or Cookies

7 months 1 week ago - 7 months 1 week ago #334533 by XBOOMX
Session or Cookies was created by XBOOMX
Hello,
I'm not sure if it has something to do with the community builder. I've been getting this message for a while:

Session has expired or cookies are not enabled on the browser used. Please reload this page and allow the storage of cookies in your browser.

I have checked my browser settings. The problem exists in Firefox, Chrome and Edge browsers. I haven't tested others.
Where can the problem be, I have no idea where to start looking. Could your antispam plugin have anything to do with it?
In the backend I can always log in/log out as often as I want. But it doesn't work in the frontend. Seems like a time limit to me, because after a few minutes (empty cash, reload) the login in the frontend behaves normally.

I run another site, also with CB, logging in there is no problem.
I'm grateful for every solution.
Thomas
Attachments:

Please Log in to join the conversation.

7 months 1 week ago #334535 by Scottux
Replied by Scottux on topic Session or Cookies
Hello,
I think that I have the same problem.
See here :
www.joomlapolis.com/forum/192-cb/245990-connexion-par-module-cb-login#334467

Please Log in to join the conversation.

7 months 1 week ago #334546 by krileon
Replied by krileon on topic Session or Cookies
We use form tokens. Those form tokens prevent spoof attacks. Also know as a CSRF token. Those tokens are provided entirely by Joomla's API. When the login form is rendered it generates one. On login it validates the token. The token is stored in your Joomla session. Now onto how this can fail. There are a few ways as follows.

1. Caching. If the module or page is cached the cache will serve an expired token. We'll be looking into ways to avoid this by loading in the token via JS after the page loads, but for now caching can cause a big problem for form tokens as it would anywhere that depends on form tokens.
2. Joomla session was tampered with. This can happen when an extension messes with the Joomla session during the login process.
3. Joomla session expired. This can happen if you visit the site, walk away for awhile, and come back to login. If the session expires during the login process the token is no longer valid (because it no longer exists).

Usually it's caused by 1 or 2. If you've no caching configured then it's probably 2, which is fixed by increasing your session time (setting this to 24 hours is usually a good approach).

An additional note for 2 Joomla has a keepalive script that'll keep refreshing the token behind the scenes and will review adding that. This should then avoid sessions expiring on pages with a form.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

7 months 1 week ago - 7 months 1 week ago #334548 by krileon
Replied by krileon on topic Session or Cookies
Have created a bug ticket to always load in Joomla's keepalive js when we output a form token. This will at least solve the issue of tokens expiring while the user is still on the site.

forge.joomlapolis.com/issues/9223

I don't have a solution for caching as that needs to be handled on a case by case basis by whatever caching method you're using. As for session tampering there's nothing I can do about that.

Once the fix is reviewed and merged will release a new CB build release with the fix.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
The following user(s) said Thank You: XBOOMX

Please Log in to join the conversation.

7 months 6 days ago #334556 by krileon
Replied by krileon on topic Session or Cookies
Latest CB build release implemented support for Joomla's keepalive for any HTML output form token within CB. This should avoid sessions expiring on any page where a form token is output. Please let me know if your issue persists.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

7 months 1 day ago #334647 by XBOOMX
Replied by XBOOMX on topic Session or Cookies
The problem persists. I use CB version: 2.8.0+build.2023.07.26.22.45.22.f8ec2a4c2
Joomla: 4.3.3

Please Log in to join the conversation.

Moderators: beatnantkrileon
Time to create page: 0.265 seconds