Premature Session Expiry
Posted: Thu Sep 21, 2006 7:36 pm
Script URL: http://82.0.56.5/hesk/
Version of script: 0.93.1
Hosting company: Self
URL of phpinfo.php: http://82.0.56.5/hesk/phpinfo.php
URL of session_test.php: http://82.0.56.5/hesk/session_test.php
What terms did you try when SEARCHING for a solution:
session expired, failed administrator login, php5
Write your message below:
Hesk version 0.93.1
Self Hosted: http://82.0.56.5/hesk/
System - (SuSE 10.1)Linux 2.6.16.13-4-default kernel
PHP Version 5.1.2
Apache/2.2.0 (Linux/SUSE)
MySQL 5.0.18 running on localhost
I have a working phpMyAdmin which I used to change Hesk Administrator password to 'wasp'
I also have a working Gallery2 @ http://82.0.56.5/gallery2/
Script URL:
http://82.0.56.5/hesk/
http://82.0.56.5/hesk/phpinfo.php
http://82.0.56.5/hesk/session_test.php (success!)
http://82.0.56.5/hesk/session_test2.php ($_SESSION['test'] is set to: TRUE)
Using the URL http://82.0.56.5/hesk/ with debugging on I get the 'open new ticket/view ticket' page but with the following notice (not important but...);
Notice: Undefined index: a in /srv/www/htdocs/hesk/index.php on line 43
However I can add and view tickets.
Using the URL http://82.0.56.5/hesk/admin.php with debugging on I get the 'admin login' page but with the following notices (not important but...);
Notice: Undefined index: a in /srv/www/htdocs/hesk/admin.php on line 43
Notice: Undefined index: notice in /srv/www/htdocs/hesk/admin.php on line 104
Notice: Undefined index: goto in /srv/www/htdocs/hesk/admin.php on line 140
Using the correct password 'wasp' I get 'Your session has expired, please login using the form below.'
However if I use the wrong password, the script processes this and tells me of the error (MySQL is working) providing a link back to the 'Admin Login' page this time without the 'notices'. (indexes are defined in URL)
I have tried, thanks to these forum threads;
1. Checked scripts have the permission to read and write to the sessions folder.
2. Deleted the cookie delivered by Hesk and restarted browser (firefox & IE)
3. Changed Administrator password directly in MySQL Datbase (Using phpMyAdmin)
4. Tried d24's workaround;
In admin.php, under do_login() function,
Comment off the codes below,
Code:
if ($url=hesk_input($_REQUEST['goto'])) {
Header("Location: $url");
} else {
Header("Location: admin_main.php");
}
to,
/*
if ($url=hesk_input($_REQUEST['goto'])) {
Header("Location: $url");
} else {
Header("Location: admin_main.php");
}
*/
and include in this line right below the commented codes:
echo "<a href = 'admin_main.php'>Admin Main Page</a>";
5. Tried changing line 70;
session_regenerate_id();
to
//session_regenerate_id();
Noticed typo @ line 119/admin.php - 'contact_webmsater', should it be 'contact_webmaster'?
6. Downloaded and tried php5_test_1.zip and php5_test_2.zip - no success.
7. Just been revisiting /var/lib/php5/ double checking permissions and noticed the following;
When I use session_test.php the session file, in this case;
/var/lib/php5/sess_h20e2epl4d7lgv0ueolavce176 gets written to (ie; 16 bytes)
however when I use admin.php the session file /var/lib/php5/sess_msq43qdcdkaabh3updsk09q9q5 remains unwritten to (ie; 0 bytes)
don't know if this helps.
Any help greatly appreciated, this script looks perfect for our school intranet
_jimf_
Version of script: 0.93.1
Hosting company: Self
URL of phpinfo.php: http://82.0.56.5/hesk/phpinfo.php
URL of session_test.php: http://82.0.56.5/hesk/session_test.php
What terms did you try when SEARCHING for a solution:
session expired, failed administrator login, php5
Write your message below:
Hesk version 0.93.1
Self Hosted: http://82.0.56.5/hesk/
System - (SuSE 10.1)Linux 2.6.16.13-4-default kernel
PHP Version 5.1.2
Apache/2.2.0 (Linux/SUSE)
MySQL 5.0.18 running on localhost
I have a working phpMyAdmin which I used to change Hesk Administrator password to 'wasp'
I also have a working Gallery2 @ http://82.0.56.5/gallery2/
Script URL:
http://82.0.56.5/hesk/
http://82.0.56.5/hesk/phpinfo.php
http://82.0.56.5/hesk/session_test.php (success!)
http://82.0.56.5/hesk/session_test2.php ($_SESSION['test'] is set to: TRUE)
Using the URL http://82.0.56.5/hesk/ with debugging on I get the 'open new ticket/view ticket' page but with the following notice (not important but...);
Notice: Undefined index: a in /srv/www/htdocs/hesk/index.php on line 43
However I can add and view tickets.
Using the URL http://82.0.56.5/hesk/admin.php with debugging on I get the 'admin login' page but with the following notices (not important but...);
Notice: Undefined index: a in /srv/www/htdocs/hesk/admin.php on line 43
Notice: Undefined index: notice in /srv/www/htdocs/hesk/admin.php on line 104
Notice: Undefined index: goto in /srv/www/htdocs/hesk/admin.php on line 140
Using the correct password 'wasp' I get 'Your session has expired, please login using the form below.'
However if I use the wrong password, the script processes this and tells me of the error (MySQL is working) providing a link back to the 'Admin Login' page this time without the 'notices'. (indexes are defined in URL)
I have tried, thanks to these forum threads;
1. Checked scripts have the permission to read and write to the sessions folder.
2. Deleted the cookie delivered by Hesk and restarted browser (firefox & IE)
3. Changed Administrator password directly in MySQL Datbase (Using phpMyAdmin)
4. Tried d24's workaround;
In admin.php, under do_login() function,
Comment off the codes below,
Code:
if ($url=hesk_input($_REQUEST['goto'])) {
Header("Location: $url");
} else {
Header("Location: admin_main.php");
}
to,
/*
if ($url=hesk_input($_REQUEST['goto'])) {
Header("Location: $url");
} else {
Header("Location: admin_main.php");
}
*/
and include in this line right below the commented codes:
echo "<a href = 'admin_main.php'>Admin Main Page</a>";
5. Tried changing line 70;
session_regenerate_id();
to
//session_regenerate_id();
Noticed typo @ line 119/admin.php - 'contact_webmsater', should it be 'contact_webmaster'?
6. Downloaded and tried php5_test_1.zip and php5_test_2.zip - no success.
7. Just been revisiting /var/lib/php5/ double checking permissions and noticed the following;
When I use session_test.php the session file, in this case;
/var/lib/php5/sess_h20e2epl4d7lgv0ueolavce176 gets written to (ie; 16 bytes)
however when I use admin.php the session file /var/lib/php5/sess_msq43qdcdkaabh3updsk09q9q5 remains unwritten to (ie; 0 bytes)
don't know if this helps.
Any help greatly appreciated, this script looks perfect for our school intranet
_jimf_
Too bad I can't access your intranet (IP) to check for myself, but it must be a problem with Hesk writing sessions as the session file remains 0bytes. What to try? 