OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



Login Looping

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
What to do if you have a technical problem with OJS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a development question, try the OJS Development subforum.

Login Looping

Postby radjr » Fri Mar 01, 2013 10:38 am

We are experiencing the login looping problem.

The installation is 2.4.1 on a godaddy VPS server.

If we go to the login page and type in the apprpropriate username and password, we come right back to the login screen.

http://www.wmpllc.org/ojs-2.4.1/index.p ... dex%2Fuser

We have tried changing the session timeout to 0 but it makes no difference. It is maddening because it will work and then some timeout will occur and magically the login works. Upon logout... we are back to the looping problem.

Any suggestions would be greatly appreciated as intermittent bugs are the worst! THank you !

The config.inc.php is below:
; <?php exit(); // DO NOT DELETE ?>
; DO NOT DELETE THE ABOVE LINE!!!
; Doing so will expose this configuration file through your web site!
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
; config.TEMPLATE.inc.php
;
; Copyright (c) 2003-2012 John Willinsky
; Distributed under the GNU GPL v2. For full terms see the file docs/COPYING.
;
; OJS Configuration settings.
; Rename config.TEMPLATE.inc.php to config.inc.php to use.
;
;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


;;;;;;;;;;;;;;;;;;;;
; General Settings ;
;;;;;;;;;;;;;;;;;;;;

[general]

; Set this to On once the system has been installed
; (This is generally done automatically by the installer)
installed = On

; The canonical URL to the OJS installation (excluding the trailing slash)
base_url = "http://www.wmpllc.org/ojs-2.4.1"

; Path to the registry directory (containing various settings files)
; Although the files in this directory generally do not contain any
; sensitive information, the directory can be moved to a location that
; is not web-accessible if desired
registry_dir = registry

; Session cookie name
session_cookie_name = OJSSID

; Number of days to save login cookie for if user selects to remember
; (set to 0 to force expiration at end of current session)
;session_lifetime = 30 Commented out to test to fix login looping.
session_lifetime = 0


; Enable support for running scheduled tasks
; Set this to On if you have set up the scheduled tasks script to
; execute periodically
scheduled_tasks = Off

; Short and long date formats
date_format_trunc = "%m-%d"
date_format_short = "%Y-%m-%d"
date_format_long = "%B %e, %Y"
datetime_format_short = "%Y-%m-%d %I:%M %p"
datetime_format_long = "%B %e, %Y - %I:%M %p"
time_format = "%I:%M %p"

; Use URL parameters instead of CGI PATH_INFO. This is useful for
; broken server setups that don't support the PATH_INFO environment
; variable.
disable_path_info = Off

; Use fopen(...) for URL-based reads. Modern versions of dspace
; will not accept requests using fopen, as it does not provide a
; User Agent, so this option is disabled by default. If this feature
; is disabled by PHP's configuration, this setting will be ignored.
allow_url_fopen = Off

; Base URL override settings: Entries like the following examples can
; be used to override the base URLs used by OJS. If you want to use a
; proxy to rewrite URLs to OJS, configure your proxy's URL here.
; Syntax: base_url[journal_path] = http://www.myUrl.com
; To override URLs that aren't part of a particular journal, use a
; journal_path of "index".
; Examples:
; base_url[index] = http://www.myUrl.com
; base_url[myJournal] = http://www.myUrl.com/myJournal
; base_url[myOtherJournal] = http://myOtherJournal.myUrl.com

; Generate RESTful URLs using mod_rewrite. This requires the
; rewrite directive to be enabled in your .htaccess or httpd.conf.
; See FAQ for more details.
restful_urls = Off

; Allow javascript files to be served through a content delivery network (set to off to use local files)
enable_cdn = On

; Set the maximum number of citation checking processes that may run in parallel.
; Too high a value can increase server load and lead to too many parallel outgoing
; requests to citation checking web services. Too low a value can lead to significantly
; slower citation checking performance. A reasonable value is probably between 3
; and 10. The more your connection bandwidth allows the better.
citation_checking_max_processes = 3

; Display a message on the site admin and journal manager user home pages if there is an upgrade available
show_upgrade_warning = On

;;;;;;;;;;;;;;;;;;;;;
; Database Settings ;
;;;;;;;;;;;;;;;;;;;;;

[database]

driver = mysql
host = localhost
username = pkpuser
password = [REMOVED]
name = ojsdata

; Enable persistent connections
persistent = Off

; Enable database debug output (very verbose!)
debug = Off

;;;;;;;;;;;;;;;;;;
; Cache Settings ;
;;;;;;;;;;;;;;;;;;

[cache]

; Choose the type of object data caching to use. Options are:
; - memcache: Use the memcache server configured below
; - xcache: Use the xcache variable store
; - apc: Use the APC variable store
; - none: Use no caching.
object_cache = none

; Enable memcache support
memcache_hostname = localhost
memcache_port = 11211

; For site visitors who are not logged in, many pages are often entirely
; static (e.g. About, the home page, etc). If the option below is enabled,
; these pages will be cached in local flat files for the number of hours
; specified in the web_cache_hours option. This will cut down on server
; overhead for many requests, but should be used with caution because:
; 1) Things like journal metadata changes will not be reflected in cached
; data until the cache expires or is cleared, and
; 2) This caching WILL NOT RESPECT DOMAIN-BASED SUBSCRIPTIONS.
; However, for situations like hosting high-volume open access journals, it's
; an easy way of decreasing server load.

web_cache = Off
web_cache_hours = 1


;;;;;;;;;;;;;;;;;;;;;;;;;
; Localization Settings ;
;;;;;;;;;;;;;;;;;;;;;;;;;

[i18n]

; Default locale
locale = en_US

; Client output/input character set
client_charset = utf-8

; Database connection character set
; Must be set to "Off" if not supported by the database server
; If enabled, must be the same character set as "client_charset"
; (although the actual name may differ slightly depending on the server)
connection_charset = Off

; Database storage character set
; Must be set to "Off" if not supported by the database server
database_charset = Off

; Enable character normalization to utf-8 (recommended)
; If disabled, strings will be passed through in their native encoding
; Note that client_charset and database collation must be set
; to "utf-8" for this to work, as characters are stored in utf-8
charset_normalization = Off

;;;;;;;;;;;;;;;;;
; File Settings ;
;;;;;;;;;;;;;;;;;

[files]

; Complete path to directory to store uploaded files
; (This directory should not be directly web-accessible)
; Windows users should use forward slashes
files_dir = "/var/www/vhosts/wmpllc.org/files"

; Path to the directory to store public uploaded files
; (This directory should be web-accessible and the specified path
; should be relative to the base OJS directory)
; Windows users should use forward slashes
public_files_dir = public

; Permissions mask for created files and directories
umask = 0022


;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Fileinfo (MIME) Settings ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;

[finfo]
mime_database_path = /etc/magic.mime


;;;;;;;;;;;;;;;;;;;;;
; Security Settings ;
;;;;;;;;;;;;;;;;;;;;;

[security]

; Force SSL connections site-wide
force_ssl = Off

; Force SSL connections for login only
force_login_ssl = Off

; This check will invalidate a session if the user's IP address changes.
; Enabling this option provides some amount of additional security, but may
; cause problems for users behind a proxy farm (e.g., AOL).
session_check_ip = On

; The encryption (hashing) algorithm to use for encrypting user passwords
; Valid values are: md5, sha1
; Note that sha1 requires PHP >= 4.3.0
encryption = sha1

; Allowed HTML tags for fields that permit restricted HTML.
; For PHP 5.0.5 and greater, allowed attributes must be specified individually
; e.g. <img src|alt> to allow "src" and "alt" attributes. Unspecified
; attributes will be stripped. For PHP below 5.0.5 attributes may not be
; specified in this way.
allowed_html = "<a href|target> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <b> <i> <u> <img src|alt> <sup> <sub> <br> <p>"

; Prevent VIM from attempting to highlight the rest of the config file
; with unclosed tags:
; </p></sub></sup></u></i></b></dd></dt></dl></li></ol></ul></code></cite></strong></em></a>


;Is implicit authentication enabled or not

;implicit_auth = On

;Implicit Auth Header Variables

;implicit_auth_header_first_name = HTTP_GIVENNAME
;implicit_auth_header_last_name = HTTP_SN
;implicit_auth_header_email = HTTP_MAIL
;implicit_auth_header_phone = HTTP_TELEPHONENUMBER
;implicit_auth_header_initials = HTTP_METADATA_INITIALS
;implicit_auth_header_mailing_address = HTTP_METADATA_HOMEPOSTALADDRESS
;implicit_auth_header_uin = HTTP_UID

; A space delimited list of uins to make admin
;implicit_auth_admin_list = "jdoe@email.ca jshmo@email.ca"

; URL of the implicit auth 'Way Finder' page. See pages/login/LoginHandler.inc.php for usage.

;implicit_auth_wayf_url = "/Shibboleth.sso/wayf"



;;;;;;;;;;;;;;;;;;
; Email Settings ;
;;;;;;;;;;;;;;;;;;

[email]

; Use SMTP for sending mail instead of mail()
; smtp = On

; SMTP server settings
; smtp_server = mail.example.com
; smtp_port = 25

; Enable SMTP authentication
; Supported mechanisms: PLAIN, LOGIN, CRAM-MD5, and DIGEST-MD5
; smtp_auth = PLAIN
; smtp_username = username
; smtp_password = password

; Allow envelope sender to be specified
; (may not be possible with some server configurations)
; allow_envelope_sender = Off

; Default envelope sender to use if none is specified elsewhere
; default_envelope_sender = my_address@my_host.com

; Enable attachments in the various "Send Email" pages.
; (Disabling here will not disable attachments on features that
; require them, e.g. attachment-based reviews)
enable_attachments = On

; Amount of time required between attempts to send non-editorial emails
; in seconds. This can be used to help prevent email relaying via OJS.
time_between_emails = 3600

; Maximum number of recipients that can be included in a single email
; (either as To:, Cc:, or Bcc: addresses) for a non-priveleged user
max_recipients = 10

; If enabled, email addresses must be validated before login is possible.
require_validation = Off

; Maximum number of days before an unvalidated account expires and is deleted
validation_timeout = 14


;;;;;;;;;;;;;;;;;;;
; Search Settings ;
;;;;;;;;;;;;;;;;;;;

[search]

; Minimum indexed word length
min_word_length = 3

; The maximum number of search results fetched per keyword. These results
; are fetched and merged to provide results for searches with several keywords.
results_per_keyword = 500

; The number of hours for which keyword search results are cached.
result_cache_hours = 1

; Paths to helper programs for indexing non-text files.
; Programs are assumed to output the converted text to stdout, and "%s" is
; replaced by the file argument.
; Note that using full paths to the binaries is recommended.
; Uncomment applicable lines to enable (at most one per file type).
; Additional "index[MIME_TYPE]" lines can be added for any mime type to be
; indexed.

; PDF
; index[application/pdf] = "/usr/bin/pstotext -enc UTF-8 -nopgbrk %s - | /usr/bin/tr '[:cntrl:]' ' '"
; index[application/pdf] = "/usr/bin/pdftotext -enc UTF-8 -nopgbrk %s - | /usr/bin/tr '[:cntrl:]' ' '"

; PostScript
; index[application/postscript] = "/usr/bin/pstotext -enc UTF-8 -nopgbrk %s - | /usr/bin/tr '[:cntrl:]' ' '"
; index[application/postscript] = "/usr/bin/ps2ascii %s | /usr/bin/tr '[:cntrl:]' ' '"

; Microsoft Word
; index[application/msword] = "/usr/bin/antiword %s"
; index[application/msword] = "/usr/bin/catdoc %s"


;;;;;;;;;;;;;;;;
; OAI Settings ;
;;;;;;;;;;;;;;;;

[oai]

; Enable OAI front-end to the site
oai = On

; OAI Repository identifier
repository_id = "ojs.www.wmpllc.org"

; Maximum number of records per request to serve via OAI
oai_max_records = 100

;;;;;;;;;;;;;;;;;;;;;;
; Interface Settings ;
;;;;;;;;;;;;;;;;;;;;;;

[interface]

; Number of items to display per page; overridable on a per-journal basis
items_per_page = 25

; Number of page links to display; overridable on a per-journal basis
page_links = 10


;;;;;;;;;;;;;;;;;;;;
; Captcha Settings ;
;;;;;;;;;;;;;;;;;;;;

[captcha]

; Whether or not to enable Captcha features
captcha = off

; Whether or not to use Captcha on user registration
captcha_on_register = on

; Whether or not to use Captcha on user comments
captcha_on_comments = on

; Whether or not to use Captcha on notification mailing list registration
captcha_on_mailinglist = on

; Font location for font to use in Captcha images
font_location = /usr/share/fonts/truetype/freefont/FreeSerif.ttf

; Whether to use reCaptcha instead of default Captcha
recaptcha = off

; Public key for reCaptcha (see http://www.google.com/recaptcha)
; recaptcha_public_key = your_public_key

; Private key for reCaptcha (see http://www.google.com/recaptcha)
; recaptcha_private_key = your_private_key


;;;;;;;;;;;;;;;;;;;;;
; External Commands ;
;;;;;;;;;;;;;;;;;;;;;

[cli]

; These are paths to (optional) external binaries used in
; certain plug-ins or advanced program features.

; Using full paths to the binaries is recommended.

; perl (used in paracite citation parser)
perl = /usr/bin/perl

; tar (used in backup plugin, translation packaging)
tar = /bin/tar

; On systems that do not have PHP4's Sablotron/xsl or PHP5's libxsl/xslt
; libraries installed, or for those who require a specific XSLT processor,
; you may enter the complete path to the XSLT renderer tool, with any
; required arguments. Use %xsl to substitute the location of the XSL
; stylesheet file, and %xml for the location of the XML source file; eg:
; /usr/bin/java -jar ~/java/xalan.jar -HTML -IN %xml -XSL %xsl
xslt_command = ""

;;;;;;;;;;;;;;;;;;
; Proxy Settings ;
;;;;;;;;;;;;;;;;;;

[proxy]

; Note that allow_url_fopen must be set to Off before these proxy settings
; will take effect.

; The HTTP proxy configuration to use
; http_host = localhost
; http_port = 80
; proxy_username = username
; proxy_password = password


;;;;;;;;;;;;;;;;;;
; Debug Settings ;
;;;;;;;;;;;;;;;;;;

[debug]

; Display execution stats in the footer
show_stats = Off

; Display a stack trace when a fatal error occurs.
; Note that this may expose private information and should be disabled
; for any production system.
show_stacktrace = Off

; Display an error message when something goes wrong.
display_errors = Off

; Display deprecation warnings
deprecation_warnings = Off
radjr
 
Posts: 48
Joined: Thu Jan 17, 2013 1:19 pm

Re: Login Looping

Postby asmecher » Fri Mar 01, 2013 11:04 am

Hi radjr,

Please be careful when posting configuration files -- your database password was included. I've removed it.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7731
Joined: Wed Aug 10, 2005 12:56 pm

Re: Login Looping

Postby radjr » Fri Mar 01, 2013 11:10 am

Oops..thanks! Good Security info!
radjr
 
Posts: 48
Joined: Thu Jan 17, 2013 1:19 pm

Re: Login Looping

Postby asmecher » Fri Mar 01, 2013 11:12 am

Hi radjr,

See e.g. http://pkp.sfu.ca/support/forum/viewtopic.php?f=13&t=6344 for the most likely cause of intermittent logouts.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7731
Joined: Wed Aug 10, 2005 12:56 pm

Re: Login Looping

Postby radjr » Fri Mar 01, 2013 12:57 pm

Thanks. Unfortunately setting session_check_ip = Off
does not resolve the problem.

Is it possible that the software need to be "reset" to reread the config.inc.php settings? Is there a hidden control panel to do this within OJS?

Lastly, per the response above about security...if config.inc.php is set to 757 but is accessable from within the httpdocs folder, this would seem to be a huge security issue with OJS? That file would be readable from any web access...yes?
radjr
 
Posts: 48
Joined: Thu Jan 17, 2013 1:19 pm

Re: Login Looping

Postby asmecher » Fri Mar 01, 2013 1:06 pm

Hi radjr,

Changes to config.inc.php take effect immediately. Are you bouncing between http:// and https:// URLs? Is there any particular pattern to the logouts?

The configuration file is named .php and contains a "<?php exit(); ?>" line at the header in order to prevent it from being served to anyone who requests it remotely. As for access from someone already on the server side, a "..7" permission is insecure and shouldn't be necessary.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7731
Joined: Wed Aug 10, 2005 12:56 pm

Re: Login Looping

Postby radjr » Fri Mar 01, 2013 1:07 pm

Interestingly..this behavior is the same for both IE and Chrome browsers!
radjr
 
Posts: 48
Joined: Thu Jan 17, 2013 1:19 pm

Re: Login Looping

Postby radjr » Fri Mar 01, 2013 1:10 pm

Per your question...no, all requests are http:// . I did not configure for ssl as we just want to get this stable first. Thanks.
radjr
 
Posts: 48
Joined: Thu Jan 17, 2013 1:19 pm

Re: Login Looping

Postby radjr » Fri Mar 01, 2013 1:16 pm

Sorry, I did not answer your question "Is there any particular pattern to the logouts?"

If I wait several hours(4-8), and login, we can do everything we want..as soon as I logout..the login looping problem occurs. It does not matter if I am logged in for one minute or 60 minutes. As soon as I log out..I get back to the looping problem.

It is interesting that the URL displayed is http://www.wmpllc.org/ojs-2.4.1/index.p ... dex%2Fuser where a successful login is http://www.wmpllc.org/ojs-2.4.1/index.php/index/login
radjr
 
Posts: 48
Joined: Thu Jan 17, 2013 1:19 pm

Re: Login Looping

Postby asmecher » Fri Mar 01, 2013 1:21 pm

Hi radjr,

That sounds like a problem with the cookie path being set incorrectly. Check for multiple cookies called "OJSSID" (by default, as configured in config.inc.php) that may both be getting sent to OJS. Have you configured rewriting on your server? Any cookie handling changes to the OJS code?

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7731
Joined: Wed Aug 10, 2005 12:56 pm

Re: Login Looping

Postby radjr » Fri Mar 01, 2013 1:32 pm

Hi Alec-

We have not made any changes to the code and have not configured url rewriting. As for duplicate cookies, not sure.. none seen in Temp internet files.. I see the cookies from this support forum.

Thank you.
radjr
 
Posts: 48
Joined: Thu Jan 17, 2013 1:19 pm

Re: Login Looping

Postby radjr » Fri Mar 01, 2013 1:40 pm

So...I changed the cookie to "OJSSID1" and tested the login. I was able to login in. Then I logged out and the same issue came back with the looping login. I changed it to "OJSSID2" and again was able to login in. On log out..same problem! You are getting close! Thank you Alec!
radjr
 
Posts: 48
Joined: Thu Jan 17, 2013 1:19 pm

Re: Login Looping

Postby radjr » Fri Mar 01, 2013 2:01 pm

As a followup...I changed the cookie to "OJSSID" the original cookie and login works... and fails on logout. Not sure this helps..
radjr
 
Posts: 48
Joined: Thu Jan 17, 2013 1:19 pm

Re: Login Looping

Postby asmecher » Fri Mar 01, 2013 3:27 pm

Hi radjr,

Can you inspect the cookies OJS is generating and tell me what the path is? Again, watch out for duplicates.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7731
Joined: Wed Aug 10, 2005 12:56 pm

Re: Login Looping

Postby radjr » Fri Mar 01, 2013 3:37 pm

Thanks Alec-

Ok. I am an idiot...which cookies are you referring to? OJS side or browser side? And regardless, where would the be located?

Thank you,
Rich DeVito Jr. aka radjr
radjr
 
Posts: 48
Joined: Thu Jan 17, 2013 1:19 pm

Next

Return to OJS Technical Support

Who is online

Users browsing this forum: Google [Bot], jhallida, Yahoo [Bot] and 2 guests