You are viewing the PKP Support Forum | PKP Home Wiki

Your session has expired. Please login again.

Are you an Editor, Author, or Journal Manager in need of help? Want to talk to us about workflow issues? This is your forum.

Moderators: jmacgreg, michael, vgabler, John

Forum rules
The Public Knowledge Project Support Forum is moving to http://forum.pkp.sfu.ca

This forum will be maintained permanently as an archived historical resource, but all new questions should be added to the new forum. Questions will no longer be monitored on this old forum after March 30, 2015.

Your session has expired. Please login again.

Postby santy » Thu Jun 10, 2004 11:42 am

I am using OJS version 1.30 2003/07/13.

All seemed to be ok, but since we moved OJS to an SSL secure directory of our HTTP server, quite a few users (editors, authors or reviewers) cannot login at all. It is very strange problem and I cannot see the cause.

It works great most of the time, but every now and then a user will be assigned a new session id, between the re-direction from the login page to the correspondent user page, and consequently they see the error msg: “Your session has expired. Please login again.” I do not know how to help these users that before were able to login and now not. Please any clue?

Postby kevin » Thu Jun 10, 2004 9:17 pm

I'm not sure where you got that version number from; it looks like a CVS revision number for one particular file, which has no relation to the actual version of OJS.

But anyways, you may want to try this patch for include/common.php , as prior to this patch OJS did not behave well when it could be accessed under multiple domains or through both HTTP and HTTPS.
Posts: 338
Joined: Tue Oct 14, 2003 8:23 pm

Your session has expired. Please login again.

Postby santy » Sun Jun 13, 2004 2:38 am

Thank you Kevin. The OJS scripts that I sue include in the top:
// $Id: common.php,v 1.30 2003/07/13 23:33:24 kevin Exp $
// Open Journal Systems 1.1
// (c) The Public Knowledge Project 2003
// http://www.pkp.ubc.ca

I have applied the patch, but with not too much luck. Users still getting “Your session has expired. Please login again.” I can see that the SID is generated and an entry is added in the tblsessions table and after login the user is really redirect to the user or editor page, but at the end his login is refused. Anyway, thank you for your help.

Postby kevin » Sun Jun 13, 2004 1:19 pm

Are you redirected to a different hostname when this happens? E.g., you login at "www.pkp.ubc.ca" but are redirected to "pkp.ubc.ca" after login and then get the "session expired" error?
Posts: 338
Joined: Tue Oct 14, 2003 8:23 pm

Postby Santy » Mon Jun 14, 2004 9:50 am

Mmm.. I was suspecting something about that.. I would say that we are not re-directing to other URL, but I will investigate further to make sure. Thank you Kevin. I will let you know the outcome. (But I am still wondering why this happens with only a very few number of our users?)

Postby kevin » Mon Jun 14, 2004 7:28 pm

If the problem only occurs with a small number of users, are these users using AOL or another dynamic proxy such that their IP address changes during a session?

There is a security measure in OJS to help prevent session hijacking that will expire a session if a user's IP address changes. You may try disabling this check with a change like:

Code: Select all
-               if($session_ip != $ip) {
+               if(0 && $session_ip != $ip) {

in include/session.inc.php
Posts: 338
Joined: Tue Oct 14, 2003 8:23 pm

Postby Santy » Tue Jun 15, 2004 5:55 am

Thank you Kevin for your reply.

We are contacting affected users to find out if they are using dynamic proxy.

Some of them have reported us that they are able to login after a few intents using different PCs


Return to OJS Editorial Support and Discussion

Who is online

Users browsing this forum: No registered users and 3 guests