blob: b993cd8e73c8fc98e9d70d294cf77c8e30b39636 (
plain)
I keep getting:
Error: Your login session has expired.
Whilst trying to edit http://hugh.vm.bytemark.co.uk/ikiwiki.cgi via OpenID. Any ideas?
iki@hugh:~$ dpkg -l | grep openid
ii libnet-openid-consumer-perl 0.14-4 library for consumers of OpenID iden
tities
iki@hugh:~$
This error occurs if ikiwiki sees something that looks like a CSRF
attack. It checks for such an attack by embedding your session id on the
page edit form, and comparing that id with the session id used to post
the form.
So, somehow your session id has changed between opening the edit form and
posting it. A few ways this could happen:
- Genuine CSRF attack (unlikely)
- If you logged out and back in, in another tab, while the edit form was
open.
- If
.ikiwiki/sessions.db was deleted/corrupted while you were in the
midst of the edit.
- If some bug in CGI::Session caused your session not to be saved to the
database somehow.
- If your browser didn't preserve the session cookie across the edit
process, for whatever local reason.
- If you were using a modified version of
editpage.tmpl, and
it did not include FIELD-SID.
- If you upgraded from an old version of ikiwiki, before
FIELD-SID was
added (<= 2.41), and had an edit form open from that old version, and
tried to save it using the new.
I don't see the problem editing the sandbox there myself, FWIW.
(BTW, shouldn't you enable the meta plugin so RecentChanges displays
better?)
--[[joey]]
Thanks for you excellent analysis. The bug was due to old pre-3.0 templates laying about. After deleting them, ikiwiki defaults to its own templates. Clever. :-)
Great, this saved me big time! It is a google 1st hit. I had the same with accidentally using old templates. Thanks! --[[cstamas]]
[[bugs/done]]
|
