Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Login loop?

edited July 2009 in Vanilla 1.0 Help
One of my users posted this: For some reason the only way I'm able to login to this place is to click the link I got in the email and login. When I just go to it just keeps looping me to the login screen. No error message or anything. I know I'm typing my password right because I do get an error when I get it wrong. Any ideas about what could be wrong here?


  • I am getting the exact same thing!! Argh Anything folks?!!
  • maybe the cookies are incorrectly set?

    do you have any extension that plays in the login process?
  • edited April 2009
    Which theme are you using? What is the value of $Configuration['FORWARD_VALIDATED_USER_URL'] in conf/settings.php?
  • Coincidence that this is happening at the same time for us? March/April? Our forum has been up and running for 3 or 4 months now w/o any issues. Had an external user report this same issue two weeks ago [enters sign-on information, hits enter/clicks submit, then page simply refreshes] but figured it was 'operator error.' Well, just had a staff person report the same problem - and she has tried from two different computers from two different locations (home, then office). Something is going on. Asked her to close browser (IE), go to Control Panel > Internet Options and delete all her cache and cookies. She then reopened her browser and tried again - still didn't work (page just refreshed). Asked her to do what Nick012 (first post) mentioned - enter her password INCORRECTLY on purpose. Sure enough, the system responded that the username/password combination was incorrect. So, we know that the database user table is being queried successfully. I haven't been able to recreate the issue myself yet, but I suspect it's just a matter of time. Hoping that by posting this here others will chime in. To answer Response # 4 by Dinoboff, I'm using a custom Theme and the 'FORWARD_VALIDATED_USER_URL' value is 'http://XYZ.COM/club/' - which appears to be correct b/c, after I'm logged in successfully, I can copy and paste that into my browser and the interface appears as expected. Thank you, in advance, for those willing to help with this.
  • Can install this script at the root of your server: And ask her to visit the page. It should test if there is a problem with your php session or cookie settings.
  • Dinoboff, thank you for your support. I uploaded the file you specified to http://XYZ.COM/club/testsession.php - and it printed "Your php session doesn't work" [the URL read http://XYZ.COM/club/testsession.php?step=1 at that point] Incidentally, I tried this from *my* computer - which hasn't had any problems, as of yet, successfully logging-into the forum (I was logged-in @ the time of this test). In a possibly related note, for the first time since I've posted this occurrence, I clicked Log Out and received two errors - one was something about not being able to write the session and to check the session.save_path variable in /tmp. [I know this is amateur-ish, but I lost the screen that had the full error messages (and I've been unable to recreate them since) because I was too busy clicking around different tabs in my browser.] ----- UPDATE. As I began to write this reply (everything above the -----) I was interrupted. Now, 2 or 3 hours later I ran the script again and this time got: "Everything is fine with your php session and cookie settings. Retry?" [w/a URL of http://XYZ.COM/club/testsession.php?step=3] I then went into the club and clicked Log Out. No errors now! Looks like I've got an intermittent problem on my hands. Unfortunately, the reporting staff member (mentioned in post 5) isn't available right now for me to have her test. I was able to recreate the issue by signing-in, waiting 1 hour 50 minutes (maybe other timeframes would work also, however), then running the script again: got the "Your php session doesn't work" error again. Then clicked Log Out - this time, no Log Out errors. Then attempted to Log back in - this time, for the first time, I experienced the "page refresh" issue.
  • For the first try, you had a problem your /tmp that your provider might fixed since. So, do I understand your php session and cookie settings are fine but you have experienced the looping issues your self?
  • edited April 2009
    If you can reproduce the bug, replace line 78 of library/People/People.Controller.SignInForm.php:Redirect($this->ReturnUrl, '302', '', 0);
    for exit('got to' . $this->ReturnUrl);

    Then login and check which url it displays.
  • Yes, Dinoboff, I experienced the looping issues myself... but now, 2 days later, I'm able to log-in w/o a problem - w/o having made any changes! I've tried to reproduce the issue by doing what I suggested in response 7, but I don't experience any problems EXCEPT for when I click 'Log Out' I do get a "Some problems were encountered - Can you please confirm your would like to sign out?" message. But, I'm able to successfully sign out after confirming that I do, indeed, wish to Log Out. Strange. The staff member from my original post (response 5) is still having troubles. I will make the change you suggested in response 9 and report back what she experiences. In general, it seems as though you're thinking the problem is related to the Redirect URL. True? Could there also be an issue w/our provider's ( /tmp directory (or another server session-related issue)?
  • To fix the log-out issue, you probably need to update your theme. For the loop, I don't don't. Is your forum private?
  • A session problem is possible, but it is more likely to be a cookie problem only affecting one of your member browser. 1. A user enter the correct credentials. 2. Vanilla redirect to the discussions pages. 3 The page load; vanilla look for the session cookie or the "remember me" cookies but don't find them (the browser for some reason didn't save them). If the forum is private it redirect the user to the login page. So you need check that: 1. Vanilla authenticated the user with his/her credentials. 2. It redirect the user to the good pages. 3. The browser did save the cookie(s). 4. Vanilla authenticated her/his with his/her cookie(s) Replace line 78 of library/People/People.Controller.SignInForm.php should should test 1 and 2 For 3, your staff member have to got to the testsession.php page on your server or check that the php session cookie doesn't change on each load. For 4, let me think.
  • Similar problem here: * Log in * [siteURL]/people.php 'Page not found' - refresh * Log in again * 'You are successfully logged in, continue to the blah blah blah' The fix, for me, was to double-check FORWARD_VALIDATED_USER_URL in conf/settings.php, but also to check the various _PATHs at the top of that file. Some of them had set themselves to include my host's filesystem part - a common problem with scripts like this on Dreamhost shared servers. So URLs were of the form: /home/.eliasblender/[user name]/[domain name]/[path to vanilla] Setting these to: /home/[user name]/[domain name]/[path to vanilla] appears to have solved my problems. Fingers crossed.
  • I am getting the error message "Your cookie settings don't work, retry?" Looks like either the settings.php or browsers - FF, Camino, Safari, cannot save cookies.. Any advice guys? Many thanks! Jim C.
  • I've just installed 1.1.10, and I get exactly the same problem.
    When I try to login it silently redirects back to the home page without logging in and still shows "Not signed in" at the top right.

    I tried the 'testsession.php' test, and it says the session creation failed.
    I tried changing line 78 of /library/People/People.Controller.SignInForm.php as suggested, and got: "http://localhost/vanilla/"

    This is running on a local server via 'localhost'. Mac OS X 10.5.8, PHP 5.2.11 and MySql 5.0.82, in Safari, Firefox and Opera.

    Any ideas?
  • Cookie issue on non FQDN, IIRC.
    I'm pretty sure it has already been covered somewhere, either in the doc or in the forum here.
    Try searching for it, or wait somebody who remembers exactly :).
  • Oops, it was my fault!

    I was running on my localhost server, but I had entered the cookie domain as the real domain of my live forum into the settings. (i.e. incorrectly as "").

    I entered "localhost" into the COOKIE_DOMAIN in settings.php using a text editor, and then logins worked correctly.

    However, if I then try to edit other settings on the "Application Settings" page from inside Vanilla, it complains when I press the "Save" button, with:
    You did not supply a properly formatted value for Cookie domain

    In the end I tried making the COOKIE_DOMAIN blank in the "Application Settings" page, and that let me save the other settings, and the cookie still seemed to work when I tried logging on again (i.e. I didn't get the original problem of it never letting me log on).

    Not sure I understand what is exactly happening there, but it now works OK enough for me to continue benchmarking Vanilla!

  • edited February 2010
    You should leave the cookie domain setting empty if there is a problem; it will let the browser set the cookie domain. You only need to fiddle with that when you need to use Vanilla login on more than one domain.

    We should remove that setting from the installation process; It's just confusioning and not that useful at that stage.
Sign In or Register to comment.