Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Session data is lost in switch.php... need help.

edited December 2009 in Vanilla 2.0 - 2.8
Hey fellow vanilla'ers...

Recently jumped into a project for a client that already had Vanilla installed. 10 hours in the project personally and just need to get the issue fixed for my client.

When logged in and viewing a discussion, the option to delete a discussion is visible, and clickable, but the discussion is not actually deleted.

Being a PHP developer myself, I took a peek under the hood and basically tracked the issue back to the "/ajax/switch.php". The PostBackKey that is being passed via ajax does not match the PostBackKey that I am manually outputting in "switch.php". I commented out the checks for the CSRF key and the commented out the permission check and of course all is well. Long story short: The session is being lost from the front-end to the ajax back-end.

Vanilla forums are working like a champ as usual and I'm sure it's actually an issue with her server/site config. What I speculate is causing the issue is that under cPanel/whm the site is configured under their .org but they have a redirect to their .com. I'm guessing that the front-end is generating one session and the ajax script is generating a second session.

Any ideas?


  • Any help ladies and gents?
  • It's weird . Does the session works for the rest of the forum?
  • Yes. After the users login, they can peruse the forum and threads without falter, but they cannot use any of the links on the left side of the page, "Bookmark", "Sink", "Delete", etc...
  • Could it be a problem with the cookie settings?

    Try to reste the cookie settings in conf/settings.php:

    $Configuration['COOKIE_DOMAIN'] = ''; $Configuration['COOKIE_PATH'] = '/';
  • Thanks for the suggestion Dino...

    I set those two configurations in my /conf/settings.php file and same ol' story.

    On switch.php I am dumping out the PostBackKey that is being passed and the dumping the one that it is being generated on switch.php and of course, they are different.
  • I cannot see why session would only failed only on this page.
    Can you do the following test... open the page to start a new discussion; look for the PostBackKey in the source code and use to request the switch.php page directly (like http://localhost/Path/to/Vanilla/ajax/switch.php?PostBackKey=xxxxxxxxxxxxxxxxxxxxxxxx). It should display "Complete".
  • That's just it... it doesn't display "Complete". Is displays something to the tune of "There was a problem authenticating your post information.".
  • Can you try with ajax/blockcategory.php?PostBackKey=xxxxx, where xxxx is the PostBackKey that you get on a page like the new discussion form.

    If it works, try to reinstall ajax/switch.php, if it doesn't try to set session.save_path in your php.ini
Sign In or Register to comment.