45 lines
1.7 KiB
Markdown
45 lines
1.7 KiB
Markdown
I keep getting:
|
|
|
|
Error: Your login session has expired.
|
|
|
|
Whilst trying to edit http://hugh.vm.bytemark.co.uk/ikiwiki.cgi via OpenID. Any ideas?
|
|
|
|
|
|
iki@hugh:~$ dpkg -l | grep openid
|
|
ii libnet-openid-consumer-perl 0.14-4 library for consumers of OpenID iden
|
|
tities
|
|
iki@hugh:~$
|
|
|
|
> This error occurs if ikiwiki sees something that looks like a CSRF
|
|
> attack. It checks for such an attack by embedding your session id on the
|
|
> page edit form, and comparing that id with the session id used to post
|
|
> the form.
|
|
>
|
|
> So, somehow your session id has changed between opening the edit form and
|
|
> posting it. A few ways this could happen:
|
|
>
|
|
> * Genuine CSRF attack (unlikely)
|
|
> * If you logged out and back in, in another tab, while the edit form was
|
|
> open.
|
|
> * If `.ikiwiki/sessions.db` was deleted/corrupted while you were in the
|
|
> midst of the edit.
|
|
> * If some bug in CGI::Session caused your session not to be saved to the
|
|
> database somehow.
|
|
> * If your browser didn't preserve the session cookie across the edit
|
|
> process, for whatever local reason.
|
|
> * If you were using a modified version of `editpage.tmpl`, and
|
|
> it did not include `FIELD-SID`.
|
|
> * If you upgraded from an old version of ikiwiki, before `FIELD-SID` was
|
|
> added (<= 2.41), and had an edit form open from that old version, and
|
|
> tried to save it using the new.
|
|
>
|
|
> I don't see the problem editing the sandbox there myself, FWIW.
|
|
> (BTW, shouldn't you enable the meta plugin so RecentChanges displays
|
|
> better?)
|
|
> --[[joey]]
|
|
|
|
|
|
Thanks for you excellent analysis. The bug was due to old pre-3.0 **templates** laying about. After deleting them, ikiwiki defaults to its own templates. Clever. :-)
|
|
|
|
[[bugs/done]]
|