Your session has expired. Please sign in again

Using Concrete / Help
1

Hello Team,

we are using Cloudflare and Ezoic caching system over the website, but we are not able to make any changes to the site using the Primary domain as when we try to log in it gives the error “Your session has expired. Please sign in again.”

We have already installed CloudFlare IP Proxy v.1.0.0 to solve the issue but it is not working out and we are still facing the same issue.

Also, I checked the time zone status and it says " Success. These time zone values match."

We contacted Cloudflare and they are asking about the token which is set when the user tries to log in, it is ccm_token.

Can you please help me out solve this issue?

Below is concrete5 information

concrete5 Version

Core Version - 8.5.4
Version Installed - 8.5.4
Database Version - 20200609145307

Database Information

Version: 10.3.30-MariaDB
SQL Mode: STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

concrete5 Packages

CloudFlare IP Proxy (1.0.0), Easy Image Gallery (1.4.2), Fruitful (1.2), HTML5 Audio Player Basic (2.0.5), Hutman Ads (1.1.4), Login Dialog (0.9.8), Responsive Embed (1.0.0), Spacer (0.9.3), Speed Analyzer (1.2.5), Thumbnail Generator (11.0.0), Touch Gallery 3 (3.2.8), Website Optimizer (1.0.4)

concrete5 Overrides

blocks/image/templates/gif_passthrough.php, blocks/image/templates, blocks/image/view.php, blocks/image, blocks/videotoken/add.php, blocks/videotoken/controller.php, blocks/videotoken/db.xml, blocks/videotoken/divSizer.js, blocks/videotoken/edit.php, blocks/videotoken/expired.mp4, blocks/videotoken/modalViewer.js, blocks/videotoken/norange.mp4, blocks/videotoken/sqldenied.mp4, blocks/videotoken/videoTokenCss.css, blocks/videotoken/view.php, blocks/videotoken, controllers/single_page/samplepage.php, controllers/single_page, js/redactor.js, single_pages/admin_4cd6_fcb707193226.php, single_pages/samplepage.php

concrete5 Cache Settings

Block Cache - Off
Overrides Cache - Off
Full Page Caching - Off
Full Page Cache Lifetime - Every 6 hours (default setting).

Server Software

Apache

Server API

cgi-fcgi

PHP Version

7.3.29

PHP Extensions

cgi-fcgi, Core, ctype, curl, date, dom, fileinfo, filter, ftp, gd, hash, iconv, imap, json, libxml, mbstring, mysqli, mysqlnd, openssl, pcntl, pcre, PDO, pdo_mysql, pdo_sqlite, Phar, posix, readline, Reflection, session, SimpleXML, SPL, sqlite3, standard, tokenizer, wddx, xml, xmlreader, xmlwriter, xsl, zip, zlib

PHP Settings

max_execution_time - 2000
log_errors_max_len - 1024
max_file_uploads - 20
max_input_nesting_level - 64
max_input_time - 1000
max_input_vars - 2000
memory_limit - 6096M
post_max_size - 1000M
upload_max_filesize - 2000M
mbstring.regex_stack_limit - 100000
mysqli.max_links - Unlimited
mysqli.max_persistent - Unlimited
pcre.backtrack_limit - 1000000
pcre.recursion_limit - 100000
session.cache_limiter - no value
session.gc_maxlifetime - 7200

2

What shows up in the logs? Either the security or authentication channels might have some entries. For example, if your session is terminated due to inactivity, you’ll see an entry like:

authentication.NOTICE: Session Invalidated. Session was inactive for more than 3600 seconds

3

I think you can add trusted proxys in the dashboard to get the site working with Cloudflare without using the Cloudlare addon:

image
image509×641 36.2 KB

4

I am getting this error on 2 Concrete installations, due to my ISP only assigning an IPV6 address. Had same problem with cPanel WHM, and was able to tell it to ignore IP checking. How can I do same with Concrete CMS installations? In whm, it is Cookie IP Validation that has to be loose. Is there a known similar setting somewhere in Concrete CMS current version?

6

Hi Geotex,

It might be a good idea to start a new thread and reference this one since this one’s about a year old - that way more folks will see it and likely respond. Hope that helps :+1:

7

I know this is a really old thread, but I’ve just had the exact same issue and fixed it by adding this to application/config/concrete.php

<?php
return array(
  'security' => array(
    'session' => array(
      'invalidate_on_ip_mismatch' => false,
    ),
  ),
);

Though it would be useful to add here for anyone else having the same problem.

1 Like