Locked Pages & Firefox
Autor: Paul Clarke
Visited 1917,
Followers 2,
Udostępniony 0
Hi
I am using X5 v11 Pro.
I have a site set up and have a locked page. I have uploaded it to the server and the locked pages work fine in IE & Chrome, but not in FireFox. Viewed from behind my firewall I get a server error, and from external I get a login loop.
The page is LOCKED and HIDDEN
The server supports PHP and SESSIONS and BOTH pass in the admin panel.
Does anybody have any idea as to why this is happening?
Posted on the
Hello Paul,
I can't say for certain but this does sound very similar to an issue that I ran into last year, which was also restricted to Firefox only.
I had a website built with Evolution 10 which contained a members area with locked and hidden pages. Access worked fine as normal. I then upgraded the project to Professional 10 and discovered that I could no longer access the members area, but ONLY on Firefox... all other browsers were fine.
I'm not quite sure why this happened, and could only surmise that it had something to do with the way in which Firefox handled the login cookies differently.
The solution in my case was to remove the 'locks' from all protected pages, then do a fresh upload to the server... having done that I then reapplied the locks and uploaded yet again.
I also cleared cookies and cache on the Firefox browser, but I have to say I do NOT think that was part of the cure, as it had been tried first and did not help.
Is this an existing site which you have recently upgraded? Have you been using Firefox to view and access the protected pages whilst making changes? If so then I have a hunch that you may eradicate the problem by following the steps I took.
I would also do a 'CTRL' preview within X5 before each upload, just for good measure.
In my case it was a puzzling problem, and I never quite understood what caused it.
I do feel that it was a 'Firefox' anomaly, as opposed to an X5 one.
Kind regards,
Paul
Autor
Hi
I have tried what you suggest and I still keep getting a login page even after entering the details.
I get the "Normal" login page fine, and then I get a second login page. This second page is the kind of page I would expect from attempting to open the /admin page.
Could you post a link to your web site, please?
Many thanks!
Paul
Autor
https://www.st-thomasmore.cheshire.sch.uk
Click the padlock at the top of the screen:
Username: incomedia
Password: 18i2nt30
Autor
It seems it is the same problem with Safari on a Mac.
Paul
Thanks for the link, Paul.
I can access the locked page in Chrome, Firefox and IE first time without any issues (see screenshot for Firefox) - whilst that is good news I was kind of hoping to get the 'second' login page, as I feel that holds the key to your issue.
Could you be so kind as to post a screenshot of this second login page, showing as much detail as possible, including the URL in the address bar of your browser?
Many thanks!
Paul
Autor
I have attached the screen shot. I could not see your screen shot.
Autor
I do not get this second login from IE or Chrome, an external user has also just called to say that she could not login with Safari.
Autor
I have also just remoted into my home PC (external to our network)
I have just tried to connect using the same details as above using firefox.
I don't get the same URL as the one above, but I get
http://www.st-thomasmore.cheshire.sch.uk/imlogin.php?loginstatus=-3
Paul
Autor
Using IE on the same PC works fine.
My apologies Paul... I omitted to attach the screenshot which I had taken in my last post... I've done so now.
Could you please try creating a new 'user' in Step 4 Advanced Settings > Access Management, and then give this new user privileges to access the locked pages which you cannot access by adding the user to the Locked Page properties in Step 2 Sitemap Creation.
Please set the new user to have access to the actual page(s) you can't access, as opposed to the temporary test page you kindly sent me a link to.
Please do a full site refresh/upload to the web, then could you ask your colleague to try logging in with the newly created username and password?
Many thanks!
Paul
Autor
Yep, thats exactly what you should see.
Autor
Tried that and I got the same error.
If I create a user and assign the entrance page to the one that person should see that was created in step 2, it does not matter if the page is locked and hidden or not. I can't access it in Firefox.
I even started my ff in safe mode.
Thanks Paul... what happens when your colleague tries to access the page(s) with the new username and password? Same result?
I'm trying to take your own network out of the equation for now, to ascertain whether or not other users can log in remotely.
It would be helpful to know if someone can log in using Firefox with the new credentials from outside your own network, and without using your own Firefox browser. This will help in pinpointing what the cause is.
Autor
Well I tried remotely, connecting to my PC at home and could not get in using firefox.
The page that I created for you is exactly the same as the pages I have created for the others.
I created the page, added the content. Hid the page, then clicked the lock page button, I then chose the user that I had created in Step 4 Access Management.
In access management I created a new user in group 1, I then set the username etc. I also set the entrance page to be the page for that user.
We have multiple users with a different page that they are directed to.
Each of those pages is locked with only that particular user beign assigned.
I have now created a new user: hogmansden
Password: 8ah1ahfw
The entrance page is the same as the one for the user: incomedia
The "Incomedia" page now has TWO users ticked, incomedia and hogmansden
Thanks Paul... I will ask Claudio from Incomedia for his thoughts and comments at this point.
Thanks for your patience in the meantime.
Autor
Using the developer Console for Web and Browser on Firefox, I have the following errors listed:
Expected declaration but found '/'. Skipped to next declaration. imlogin.php:46
Expected 'none' or URL but found 'progid'. Error in parsing value for 'filter'. Declaration dropped. imlogin.php
Unknown property '-moz-border-radius'. Declaration dropped. imlogin.php:2
Expected 'none' or URL but found 'alpha('. Error in parsing value for 'filter'. Declaration dropped. imlogin.php:2
Error in parsing value for 'background'. Declaration dropped. imlogin.php:2
Unknown property 'zoom'. Declaration dropped. imlogin.php:3
The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol. imlogin.php
If they mean anything at all?
Hello Paul,
I tested both users on firefox to check the login and in both cases it was possible to login. In the firefox consolle the only message I see is the one of the fb sdk.js which has nothing to do with the login function.
Could it depend on plugins installed on firefox or on the other browser where the issue is experienced?
Can you try to see if disabling all the plugins and addons it works?
Many thanks!
Autor
I have started firefox in safemode (all addons disabled) and I get the same problem.
I am currently logged in to my pc at home via LOGMEIN and using firefox there. It is not working.
I have asked a collegue who is using a MAC with Safari and he could not get in, but could with Chrome.
Does your colleague get redirected to the 'second' login page when trying to access via Safari? In other words, this URL: http://www.st-thomasmore.cheshire.sch.uk/admin/login.php
Or does something else happen? If so, could you detail exactly what occurs when your colleague is denied access, including any error messages and the full URL in the address bar of his/her browser.
Also, your site seems to be freely mixing SSL-protected pages with standard ones... i.e. some of the links you are posting point to https:// whilst others point to http://
With this in mind can you check if you have any URL rewrite/redirect rules incorrectly configured in your .htaccess file on your web server. Especially so if any recent modifications have been made, including a change of web host or installation of an SSL certificate.
Finally, can you confirm that all affected users used Firefox and/or Safari successfully in the past to access the protected area? Or are some of these users trying to gain access for the very first time, having never visited your site in a Firefox/Safari browser before? This last point may seem trivial, but it is important.
Many thanks!
Paul
Autor
He gets - https://www.st-thomasmore.cheshire.sch.uk/imlogin.php?loginstatus=-3 as the URL, he does not get the admin login, it just keeps asking for the username and password again.
https://www.st-thomasmore.cheshire.sch.uk/imlogin.php?loginstatus=-3
The message on the screen says: To access this WebSite section you have to enter your login details.
We are hosting the site here in school on IIS 7.5
The mixing only occurs if you go to www.st-thomasmore.cheshire.sch.uk and click on the padlock.
If you go to https://www.st-thomasmore.cheshire.sch.uk then it is fine.
The external links to Facebook and Twitter are beyond my control, they may have ssl switched on in their settings?
I think the secure area should be forced to SSL.
The users have NEVER attempted to access in the past. The website was only created on the 5th November.
There are no URL Rewrite rules on the server.
Autor
Your last post gave me an idea.
In MY firefox, I deleted all the cookies for my domain. this fixed the issue.
I am wondering if it was something to do with my SSL, we rekeyed it back in October. We have other services running from the site and this new website was uploaded on the 5th November.
What I can't understand though is why other users that had not connected before via the MAC had the issue?
Paul
Claudio, is this a clue?
loginstatus=-3
With reference to x5engine.php this would suggest that for some reason the script is unable to write the $_SESSION variables, or that they are empty for some other reason? That part of the code is commented 'The session can live only in the same browser'...
I cannot think why this can be happening to only certain users on Firefox or Safari, but I do know that I do not get the extended URL (with StatusCode -3 appended) when logging in... I cannot recreate the error condition.
I notice also that the error message (which would otherwise be visible to the user) is commented out in the code... "private_area_not_allowed", "A login is required to access this page." - is that as it should be?
Thanks Claudio.
Great stuff! I did suggest that briefly in my first post, but I didn't feel it was what had caused my own issue way back... apologies if I threw you off the scent unintentionally.
However, it does make perfect sense... the login cookie already exists, so the browser is unable to write another...
I am wondering if it was something to do with my SSL, we rekeyed it back in October.
I strongly suspect that it might... I've seen issues like that before...
What I can't understand though is why other users that had not connected before via the MAC had the issue?
Unfortunately, I have no answer for that! It also threw me off track as regards cookies...
Glad it appears resolved though
Hello Paul,
loginstatus=-3 should no longer be present in Version 11 and probably not all files has been updated.
Many thanks!
I understand Claudio... thanks for taking the time to explain, I appreciate that.
Kind regards,
Paul