Forums

ChronoForms v8 is now WordPress ready, ChronoMails is out

The JED needs volunteers!

[Support] Users being auto logged out of form.

as
ascwash 19 Sep, 2010
hi guys,

I am having a problem with the session on the forms.

I keep getting the error.
"* Your session has expired. Please log in again.
There is no form with this name or may be the form is unpublished, Please check the form and the url and the form management"


In an attempt to bypass this problem I started making users register before being able to access the forms. However I'm still randomly getting the error...but only when mysteriously users are being forced to logout for no apparent reason. After all this I was worried my site may be compromised so I installed RSFirewall, scans show no php files have been compromised.

check token is OFF
session is set to 15 minutes (in global configuration backend)

Advice?
nm
nml375 19 Sep, 2010
Hi Andrew,
This is a combination of a few factors, though the main issue is the 15min session expire.
What happens, is that ChronoForm uses the Joomla! tokencheck feature, which is intended to prevent robots from spamming the form. A token is added to the form, and checked upon submission. Part of this check, is to verify that the session has not yet expired (the 15 min limit). If it has, the user is logged out, and the logon form is shown.

Your options are somewhat limited:
[list]
  • Increase the session timeout to a large enough value

  • Add the Keepalive javascript to your form:
    <?php echo JHTML::_('behavior.keepalive'); ?>

  • Edit ChronoForms to disable the tokencheck, you'll find a few threads of mine on the forum with details on how to fix this.
    • [/list]

    /Fredrik
    as
    nm
    nml375 19 Sep, 2010
    Hi Andrew,
    That is odd. What kind of session storage do you use?

    /Fredrik
    as
    nm
    nml375 19 Sep, 2010
    Hi Andrew,
    Hmm.. I can only see two causes for a session expiring early; The session cookie sent to the browser is lost or corrupted, or the session record stored on-site is lost or corrupted.
    If you had been using the file storage ('none'), then I would have suspected this, as some serveradmins are very keen on clearing temp-files. Any record in the DB however, should persist, so I doubt this is the issue.

    That means we are most likely looking at the client cookies. Do you know if the issue is bound to a limited set of your visitors? (always happens to the same visitors)

    /Fredrik
    as
    ascwash 19 Sep, 2010
    I have 5 different computers here all are experiencing the same problem.

    IPhone, Firefox, IE and Chrome. My client base is small I generally handle attorneys so I really can't give you more than that.

    I've inserted keep alive, the forms haven't broke yet but the error was randomly occurring anyway. Maybe 1 out of 10 submissions.

    The problem only persists if the user is forced to logout. Then the form fails.

    Oh one other thing if I force a menu link to open in the new window (not tab) to a chronoform the glitch occurs more often.

    Brb going for a smoke. Thank you Fredrik
    as
    ascwash 19 Sep, 2010
    Ok. now it's failing even with the "keep alive" code.

    Randomly kicking the user session, forcing logout or something... and failing the form.

    I should have to have users register to try go around this session problem..but w/e lol.

    I'm beginning to believe this is the problem as discussed here: CLIENT COOKIE

    Found this bug post in Joomla Dev. possible connection? Read Adddate: 2010-09-09 14:39:05
    http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=20255

    Article covering 1.5.20
    http://www2.pixellight.com/solutions/joomla_session.php

    nm
    nml375 19 Sep, 2010
    Hi Andrew,
    That looks very interresting! A simple way of testing this, would be to try and use Firefox instead of IE and see if the issue disappears.

    /Fredrik
    as
    ascwash 19 Sep, 2010
    Fredrick

    Could you help me apply this patch here and maybe document it in this thread?

    Firefox is breaking, every broswer I use breaks the session randomly.

    One fix they were saying was:
    libraries/joomla/application/application.php line 533 to comment out
    	//		$session->fork();
			$this->_createSession($session->getId());


    But I'm not sure if they mean this will open the door for fixation attacks or stop them.

    ...and that fixes the problem, then this will take care of it without potentially opening your users to session fixation attacks



    what does the word "[this]will take care of" mean.

    the reason its so confusing is it appears they go into another fix to the situation without commenting this line out and by completely rewriting the application.php

    They're explanation to apply this patch seems to be solely directed at IE, and in my humble opinion they do not explain on a tinkerer level how to correct the problem effectively without knowing how to code.

    And I'm not experiencing this in IE, but in all browsers. And for the record I don't use IE unless I have to. I use Firefox.

    If your willing please take a look at it.
    nm
    nml375 19 Sep, 2010
    Hi Andrew,
    If you check the first link you posted, just beneath the patch-file, there's a file to a complete session.php file. Download this file.
    Start your favorite ftp client, and head to .../libraries/joomla/session/ - where ... is the path to the root of your website.
    Rename the session.php file to session.old.
    Upload the session.txt file.
    Rename the session.txt file to session.php.
    See if this solves the issue.

    /Fredrik
    as
    ascwash 19 Sep, 2010
    Downloaded session.txt
    Used Filezilla navigated to /libraries/joomla/session/
    renamed session.php to xsession.php
    renamed session.txt to session.php

    In Firefox first submit attempt failed after user login. User was forced to logout.

    Logged in 1st attempt / failed
    Logged in 2nd attempt / successful
    Logged in 3rd attempt / successful
    Logged in 4th attempt / successful
    Logged in 5th attempt / failed
    Logged in 6th attempt / successful
    Logged in 7th attempt / successful
    Logged in 8th attempt / successful
    Logged in 9th attempt / successful
    Logged in 10th attempt / successful
    Logged in 11th attempt / successful
    Logged in 12th attempt / successful
    Logged in 13th attempt / successful
    Logged in 14th attempt / successful
    nm
    nml375 19 Sep, 2010
    Hi Andrew,
    That would suggest the issue lies elsewhere :/
    I'm afraid I'm running low on ideas at the moment. You could still resort to the hack I've posted earlier regarding disabling the tokenCheck, although it's perhaps not the ideal solution.

    /Fredrik
    as
    ascwash 19 Sep, 2010

    searching...
    disabling the tokenCheck
    Disable tokenCheck
    Chrono forums point only to this post.

    searching...
    tokenCheck
    found 11 posts mainly pointing to this thread. Other post do not apply?



    Please post direct link.

    Also where can I change text of the error messages I've been getting? As I'd like to inform the user of the issue in the event of occurrence.

    I've also created a post on the main Joomla! forums in an effort to get more information.
    Please see: http://forum.joomla.org/viewtopic.php?f=432&t=550268
    nm
    This topic is locked and no more replies can be posted.