OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



Your session has expired. Please login again.

Are you an Editor, Author, or Journal Manager in need of help? Want to talk to us about workflow issues? This is your forum.

Moderators: jmacgreg, michael, vgabler, John

Forum rules
This forum is meant for general questions about the usability of OJS from an everyday user's perspective: journal managers, authors, and editors are welcome to post questions here, as are librarians and other support staff. We welcome general questions about the role of OJS and how the workflow works, as well as specific function- or user-related questions.

What to do if you have general, workflow or usability questions about OJS:

1. Read the documentation. We've written documentation to cover from OJS basics to system administration and code development, and we encourage you to read it.

2. take a look at the tutorials. We will continue to add tutorials covering OJS basics as time goes on.

3. Post a question. Questions are always welcome here, but if it's a technical question you should probably post to the OJS Technical Support subforum; if you have a development question, try the OJS Development subforum.

Your session has expired. Please login again.

Postby santy » Thu Jun 10, 2004 11:42 am

I am using OJS version 1.30 2003/07/13.

All seemed to be ok, but since we moved OJS to an SSL secure directory of our HTTP server, quite a few users (editors, authors or reviewers) cannot login at all. It is very strange problem and I cannot see the cause.

It works great most of the time, but every now and then a user will be assigned a new session id, between the re-direction from the login page to the correspondent user page, and consequently they see the error msg: “Your session has expired. Please login again.” I do not know how to help these users that before were able to login and now not. Please any clue?
santy
 

Postby kevin » Thu Jun 10, 2004 9:17 pm

I'm not sure where you got that version number from; it looks like a CVS revision number for one particular file, which has no relation to the actual version of OJS.

But anyways, you may want to try this patch for include/common.php , as prior to this patch OJS did not behave well when it could be accessed under multiple domains or through both HTTP and HTTPS.
kevin
 
Posts: 338
Joined: Tue Oct 14, 2003 8:23 pm

Your session has expired. Please login again.

Postby santy » Sun Jun 13, 2004 2:38 am

Thank you Kevin. The OJS scripts that I sue include in the top:
// $Id: common.php,v 1.30 2003/07/13 23:33:24 kevin Exp $
//
// Open Journal Systems 1.1
// (c) The Public Knowledge Project 2003
// http://www.pkp.ubc.ca

I have applied the patch, but with not too much luck. Users still getting “Your session has expired. Please login again.” I can see that the SID is generated and an entry is added in the tblsessions table and after login the user is really redirect to the user or editor page, but at the end his login is refused. Anyway, thank you for your help.
santy
 

Postby kevin » Sun Jun 13, 2004 1:19 pm

Are you redirected to a different hostname when this happens? E.g., you login at "www.pkp.ubc.ca" but are redirected to "pkp.ubc.ca" after login and then get the "session expired" error?
kevin
 
Posts: 338
Joined: Tue Oct 14, 2003 8:23 pm

Postby Santy » Mon Jun 14, 2004 9:50 am

Mmm.. I was suspecting something about that.. I would say that we are not re-directing to other URL, but I will investigate further to make sure. Thank you Kevin. I will let you know the outcome. (But I am still wondering why this happens with only a very few number of our users?)
Santy
 

Postby kevin » Mon Jun 14, 2004 7:28 pm

If the problem only occurs with a small number of users, are these users using AOL or another dynamic proxy such that their IP address changes during a session?

There is a security measure in OJS to help prevent session hijacking that will expire a session if a user's IP address changes. You may try disabling this check with a change like:

Code: Select all
-               if($session_ip != $ip) {
+               if(0 && $session_ip != $ip) {


in include/session.inc.php
kevin
 
Posts: 338
Joined: Tue Oct 14, 2003 8:23 pm

Postby Santy » Tue Jun 15, 2004 5:55 am

Thank you Kevin for your reply.

We are contacting affected users to find out if they are using dynamic proxy.

Some of them have reported us that they are able to login after a few intents using different PCs

Thanks
Santy
 


Return to OJS Editorial Support and Discussion

Who is online

Users browsing this forum: Exabot [Bot], Google [Bot] and 4 guests