i had ZC 1.3.9d, and i noticed that when i try to enter my admin area with the correct username and password i got an error saying "There was a security error when trying to login."
i searched around, checked all the obvious, all my templates, etc.. everything is fine!
i figured i'd upgraded to 1.3.9g before posting a question.. and the problem persisted
not sure why i thought of trying to login with ie9 but to my surprise i got logged in right away!
tried again on chrome.. no difference.
i deleted cookies, etc.. still no difference... i can't login to admin area through chrome!
i finally went into admin/login.php and edited it around line 22 as follows:
then tried to login to figure out what's going wrong on chrome.PHP Code:
if ((!isset($_SESSION['securityToken']) || !isset($_POST['securityToken'])) || ($_SESSION['securityToken'] !== $_POST['securityToken'])) {
$message = true;
$pass_message = ERROR_SECURITY_ERROR;
//DEBUG
echo "sess - ".$_SESSION['securityToken']."<br>";
echo "post - ".$_POST['securityToken']."";
}
both parameters are set, but their value never matches if i login through chrome for some reason
everytime i hit login, a new session token was generated and the previous session token is shown as the current post token.. so the values never match
i.e: login 1:
sess - f76ced2335ff1c6078fb2bf0d09bd4a5
post - a6bc3e59c9d1b493028b3c37749008a7
login 2:
sess - c1c205b71ae87a370fce114f5d381f4f
post - f76ced2335ff1c6078fb2bf0d09bd4a5
login 3:
sess - 05dc14dce3c20a8e856aeebef8ae4722
post - c1c205b71ae87a370fce114f5d381f4f
and so on..
can anybody make sense of this? i think it's got to do with the session not persisting on form post.. but i'm not sure why this only happens on chrome
Bookmarks