Actually, it appears that more generally, this version refuses to keep me logged in - I just created my first post with the new version and nearly (but not always) every time I tried to save what I was doing - every five minutes or so - it would log me out. If I logged back in, it took me to the dashboard. If I just clicked on the post that I had been editing, the work was gone (i.e., no save occurred). If I hit back multiple times in the browser and got back to the screen before I tried to save and then hit save again, I got the bad crumb message and the option to resubmit. If I did that, the work was saved.

Other blog software is starting to look better all the time...

Hi @jjenal,

I visited your site and sent a comment there, I also was kicked off as you mentioned. I think this is an issue at your side because such an error like that is almost impossible to go unnoticed in our stable release. Then I presume a problem with sessions (cookies ?), maybe due your URL, but I can't give you a precise answer without have reproduced the error in my local machine, then please let me do it and come back to you.

Thanks.

Hi jjenal,

I sent you a test comment, and I got the following error:

Incorrect crumb received! [comment]
Your request was stopped for security reasons.
Have you waited more than 120 minutes before submitting your request?
Please go back to the previous page and refresh it before submitting the form again.
Received crumb:752rl3E5yDjQCqFSj5lNbkrHJIurltM5
Latest saved crumb:
Previous saved crumb:

But the message was sent successfully.

"Your message has been sent."

@mgsolipa
Once in a while, I get this message too. Is there a way that we can increase the limit of the session?

Just an idea: Did you change your time / timzeone settings in b2evolution settings?

Hi @jjenal,

Please check this page: http://b2evolution.net/man/advanced-topics/troubleshooting/cookies-don-t-hold and tell us if it's useful. Also, verify the value of $cookie_expired looks like this: $cookie_expired = time() - 86400; at /blogs/conf/_advanced.php.

Finally, I'm still unable to reproduce your issue in a test environment. Please also check the @fplanque suggestion and make sure your server is correctly managing the date/time (you could do it by going to the System >> Status tab at the back-offcie).

Thanks.

I think the time is set correctly - here is what I see on the Status tab:

Server time
01/10/14 - 06:45:43 am
GMT / UTC time
01/10/14 - 02:45:43 pm
b2evolution time
01/10/14 - 06:45:43 am

As for the baseurl question on the linked to page, my path to the blog is:

http://runonsun.com/~runons5/blogs/

And the line from _basic_config.php is:

$baseurl = 'http://runonsun.com/~runons5/blogs/';

When I look at the cookie session_b2evo_runonsun_com, I see:

Domain: .runonsun.com
Path: /~runons5/blogs/

I don't see anything odd there.

Finally, the cookie_expired appears to be correct as well:

$cookie_expired = time() - 86400;

I cleared all of my b2 cookies and logged in again. Still see the same behavior of getting logged out when trying to submit a comment.

i seem to experience a similar problem, maybe someone can take a closer look into this behaviour.

my b2e sits on /home/blog

i refer to 2 blogs, both set up as subdomains, while one is subdomain of home/ and the other is subdomain of another domain (forestguardians.net). with help of manuel (http://forums.b2evolution.net/blog-url-issue-in-5-0-6) i got the first case fixed (due after upgrade to 5.06). it is about how to connect the subdomain to the blog base and about choosing the right blog base url

we found that connecting the subdomain to /home and set the base url as
Absolute URL = http://sub1.home/blog/ or in real http://palmnix.wald.org/blog/
is a way of doing it.

doing the same with the second domain (which is blog.forestguardians.net), results in what jjenal describes above: i loose my logged in status when switching from admin to blog and once someone comments, it results in error as described above.

setup in this case is: connect subdomain 2 to /home and set base url to
Absolute URL = http://sub2.home/blog/ or in real http://blog.forestguardians.net/blog

further testing brought me to set up a forestguardians subdomain to wald.org (which is the blog base) and try this arrangement. in this case i do

connect subdomain 3 to /home and set base url to
Absolute URL = http://sub3.home/blog/ or in real http://forestguardians.wald.org/blog

and in this case, everything works out well again.

question remains: what do i have to do to get a system set up, which works well and documents forestguardians.net/blog or blog.forestguardians.net as url in the browser? the answer probably solves jjenal's problem also ... very strange.

@jjenal Can you try to temporarily set your b2evolution time to the same as your server time, then logout / login and see if it fixes the crumb issues?

@fplanque - aren't they already the same? GMT is different, but as reported in my post above, both b2 time and server time were the same. Or am I missing something?

Hello everyone,

@ramadama the issue on this page is different because @jjenal is not managing multiple blogs or subdomains. Note for further readers of this post: regarding this reply http://forums.b2evolution.net/blog-url-issue-in-5-0-6#c100737, the session problem is related with a cookie created for an specific domain and working in a different one, as is explained here: http://b2evolution.net/man/installation-upgrade/advanced-setup/multiple-domains

@jjenal lets try something different because I did not find anything related with your URL and the date/time appears to be correct as well, then, we are almost shooting blindly.

Please, go to System > Maintenance > Tools at your back-office and run OPTIMIZE database tables and Prune old hits & sessions (includes OPTIMIZE), then try again. If sessions still doesn't work properly, then go to phpMyAdmin (or any other tool you use to manage your DB) and check the table evo_session is not market as "crash", "in use" or something else weird status. If you find something, run the "Repair" tool and test the effects.

Finally, be sure the table is empty by truncating all the records, and realize that one new record is created the next time you visit the site, examine that record. Then login as admin and see what happends. Only one record should has been created and the sess_start_ts field must match with the current date/time.

Please come back with the result of your tests.

Thanks.

@mgsolipa - Ok, here are results...

OPTIMIZE database tables:
Optimize MyISAM tables...
All database tables are already optimized.
Full execution time: 0.000 seconds

Optimize InnoDB tables...
Database table runons5_b2evolution.evo_comments does not support optimize, doing recreate + analyze instead
Database table runons5_b2evolution.evo_comments is optimized.
Time: 0.507 seconds

Database table runons5_b2evolution.evo_items__item does not support optimize, doing recreate + analyze instead
Database table runons5_b2evolution.evo_items__item is optimized.
Time: 0.547 seconds

Database table runons5_b2evolution.evo_items__prerendering does not support optimize, doing recreate + analyze instead
Database table runons5_b2evolution.evo_items__prerendering is optimized.
Time: 0.970 seconds

Database table runons5_b2evolution.evo_items__version does not support optimize, doing recreate + analyze instead
Database table runons5_b2evolution.evo_items__version is optimized.
Time: 7.845 seconds

Full execution time: 9.870 seconds
-----------------------------------------------------
Prune old hits & sessions...
The old hits & sessions have been pruned.
-----------------------------------------------------

After doing those two things I opened another window to the blog (still shown as admin) and clicked on leave a comment. Form opened, but I was no longer logged in. Closed that window, went back to the window where I had just run System commands and clicked Dashboard - I was taken to the login page.

Did not login - went to another browser window and started phpMyAdmin (vers 4.0.5).

Located the evo_sessions table - did not see any warnings associated with it but ran the repair command anyway - got the response, "Your SQL query has been executed successfully."

At this point, the table had ~119,000 records. I then ran a Truncate on the evo_sessions table - took a couple of tries to get an empty table. I then went to another browser window and hit the blog (but did not login). On returning to phpMyAdmin there were now 3 session records - two from my IP address, and a third from a random IP I did not recognize. The two from my IP were created 1 second apart, user ID and session data were both null.

After logging in, one of my two sessions had a user id that corresponds to me, and had session data. But now there was a *third* session id from my IP address! It had no id or data associated with it.
I tried to switch to the Dashboard and was taken to the login screen.
Looking at the sessions data - the earliest session from my IP was created but never touched by "lastseen_ts". The second session ID - which reflected my user id and had session data - was last "seen" when I logged in. The third session ID - which has data but no user ID - was seen when I tried to go to the Dashboard.

So I logged in again. The third session id was updated - now it reflected my user ID and had session data. I clicked to go to the Analytics page and check the sessions table again. There was now a fourth session ID - with user id and data both null. Curiously, the third session ID had been updated, and had the latest last seen time.
I clicked on users and was taken there. Checking the sessions table - no new session IDs were created, the third session had been updated and the session data size was now 2.3 kB.

Indeed, clicking through various tabs on the back office all worked as expected - no additional sessions were created and the third session was continually updated.

I decided to attempt to edit a draft blog post. Clicking on the post opened it for editing as it should and editing it behaved normally.

Opened a new browser window to the blog and it showed me as logged in. However, I now had a fifth session id created - without user id or data. In that second browser window I clicked to another page of blog posts - and noted that I was now logged out! I was now up to six session ids, and #3 - the one that was being updated above - was no longer being updated. Needless to say, returning to that browser window caused me to go to the login screen.

Not sure what to make of all that - it seems as if in certain settings, a new session gets created w/out checking for the existence of an existing session. Then the session id's don't match and it thinks I need to login again.

Thanks for your help with this.

@jjenal yes they are already the same. Sorry I misread your post (that's what happens when I read the forums on the iPhone ;)

I also have that crumb problem on a blog 5.0.5 with multiple domains!

on the base-URL it works, but not with the extra URLs where also the editing isn't working

I asume it is a multi domain / cookie problem! :(