Session expired or cookies are not enabled...

The users on this particular site are all network professionals. They've all tried trouble shooting the issue on their ends by using several browsers, checking their settings, changing computers etc...

I'm quite confident it's not the end users issue...

Thanks but I'll just patch the code like I mentioned before. That seemed to eliminate the issue.

Jw

From: Tony xxx [mailto:XXXXXXX]
Sent: Sunday, April 22, 2012 10:24 AM
To: Karl W. Palachuk
Subject: RE: ZDTM - Thank you for your order

Hi Karl,

Not sure if you or Manny are still maintaining the ZDTM site, but I can't get registered to download the pdf/checklists/etc. I get an error that seems to be linked to Joomla, see below screenshots. Already tried 3 browsers and 2 different computers. I really need the e-book for a migration coming up in a few days, it will really help us out.

Can you register me on there and pick a password, just forward it to me and I'll change it. Or fix the site, whatever is best.

Thx,
Tony

Don't know what to tell you without a reliable way to reproduce the issue over and over. You're welcome to PM backend super administrator issues and will see if it happens on my end and can debug further from there.

So now that I'm more thoroughly investigating this issue, it may not be the cbSpoofCheck but the cbRegAntiSpamCheck.

Since the suspect message is generated by the _cbExpiredSessionJSterminate function with an argument of 200, a find command locates two calls within the code base that generate such a call.

Line 2154 of comprofiler.class.php
and
Line 521 of plugin.foundation.php

Suspect message is on line 825 of the default_language.php file.

Looking at the code yields three conditions where this would fail.

1. cbGetRegAntiSpamCookieName returns false
2. counts of the parts !
3. or the loop doesn't validate with cbGetRegAntiSpams before i reaches 2

If the above is correct now I have something to shoot at to try and reproduce the issue.

Thanks,
Jw

P.S. cbGetRegAntiSpamCookieName can't return false since it's a one liner returning a string though there's alot of code commented out, Next...

P.SS Looking at the cbvrs cookie in Chrome doesn't yield any clues as it appears on first look that there are three parts, Next.... (Could this get corrupted so there aren't 3 parts?)

Don't know what more to tell you without a way for me to investigate the issue. Code doesn't simply sometimes work. Something is conflicting and that something has to be a common element between your users that are having problems. Typically it's browser related, maybe system related (anti-virus?), or even browser addon related (noscript, etc..). PHP doesn't discriminate, if it doesn't work then it doesn't work for everyone.

The error typically happens if Cookies are not working properly. Maybe something is rewriting live_site causing domain match to fail; check that $live_site is blank in configuration.php and disable all SEF/Cache then purge any existing cache. Another possibility is something is setting a Joomla/CB session for the user, that session expires, then they try to use that session; it'd fail as it's expired.

I can't really comment further without credentials to review the install.

krileon wrote: Don't know what more to tell you without a way for me to investigate the issue.

I wasn't asking you folks to track down what I'm getting paid to do. What I was hoping to get from the engineers here at CB is a set of scenario's in which the code could be triggered to produce that failure message.

Maybe I wasn't clear enough.

1. This has happened on multiple times with different users. There isn't any common thread I could see on first look.
2. Those users are not, "duh the 'puter, isn't working", they are network technicians and they all try multiple browsers, check the cookie settings etc...
3. Normally I get a message and I check the status page of our host to see if there's any issue, login to the admin and check the configuration. Delete my test user account and login/register.

If as you assert this is Apache/cache/live_site, I would not be able to complete the registration process. But I do.

krileon wrote: Code doesn't simply sometimes work.

Really and there's no possible scenario you can see where the code might branch to failure?

krileon wrote: Something is conflicting and that something has to be a common element between your users that are having problems.

Exactly. That's what I'm trying to determine here, what's conflicting on their end.

krileon wrote: Typically it's browser related, maybe system related (anti-virus?), or even browser addon related (noscript, etc..).

On multiple users, multiple browsers. Not likely.

krileon wrote: PHP doesn't discriminate, if it doesn't work then it doesn't work for everyone.

I have no idea what you're talking about here, PHP discriminates all the time. Every if/else, switch and string comparison is a discrimination of one set of code from another.

krileon wrote: I can't really comment further without credentials to review the install.

No further comment is needed from CB on this topic. I'm simply posting my findings for the rest of the community since there's little to no help here.

The message being displayed is _UE_SESSION_EXPIRED. Below is where it is used throughout CB. You're welcome to debug further from there.

components/com_comprofiler/comprofiler.php
- Line 1139
- Line 1224
- Line 1302

administrator/components/com_comprofiler/comprofiler.class.php
- Line 2206

administrator/components/com_comprofiler/plugin.class.php
- Line 2244

administrator/components/com_comprofiler/plugin.foundation.php
- Line 571

The message is also used in the below various spam/session check functions.

cbAntiSpamCheck
components/com_comprofiler/comprofiler.php
- Line 323

_cbExpiredSessionJSterminate
administrator/components/com_comprofiler/comprofiler.class.php
- Line 2101
- Line 2154
- Line 2181
- Line 2204

cbRegAntiSpamCheck
components/com_comprofiler/comprofiler.php
- Line 820
- Line 963
- Line 1093
- Line 1138

Lets say your session duration is 15 minutes. Simply walking away from the computer for 30 minutes then coming back to use the site again could easily cause this for any action that uses the session checking. It basically happens when their session has expired and they attempt to use it. It's nothing out of the ordinary and nothing to really be concerned with unless it happened all the time and consistently. I recommend maybe increasing session duration in Joomla global configuration to at least 3 hours giving users time to leave and come back freely.