Recent Topics

Varnish Cache / Uploading image to post logs out, gives incorrect crumb error every time

started by on Jul 04, 2016 – Last touched: Jul 07, 2016

Jul 04, 2016 20:46    

Using b2e 6.7.4 stable. PHP 5.6, MySQL 5.5. Using in latest Chrome (no updates pending at the time of writing this) on Win 10.

I have just the basic new installation running with sample content. Trying to add a post to Blog A with an image (will be cover if it ever works). Every time I try to upload the image (613KB jpg image) I get the "Incorrect crumb received. Did you wait too long to upload the file?" message. Problem is, it happens again 2 minutes later after I've been forced to log back in, navigate to the drafted post, and try to upload the image again.

If I don't try to upload an image, I'm able to navigate the back office and stayed logged through various settings changes, so cookies/sessions are working fine. Also tried clearing all caches through the maintenance settings; no help.

BUT ... if I go to Files -> Advanced Upload, no problem uploading to Blog A. Also, if I use the "Quick Upload" feature from the post, it tends to work (but throws off all file organization, obviously).

I consider myself a fairly advanced user (PHP, HTML, CSS skills), but I cannot figure out how the nonce is getting lost or expiring so fast. I've tested the above issue through 5 immediate upload attempts (including the forced login and navigation back to the post) and it never fails. What's more, this is happening with a level 10 user (user ID 1, actually).

Honestly forgot about b2e since my last look at it (around 2008), but found it was still active and very well suited to replacing the bloatware WordPress for my primary sites, but this issue obviously kills any potential of making the switch (publisher, images are required for every post in a mag style layout). Any help is appreciated.

Jul 06, 2016 02:52

You say Advanced Upload works, Quick upload works, so which case exactly does not work?

Have you tried the same action on our demo server?

Jul 06, 2016 03:48

I get this every time: http://prntscr.com/bpbre1

Doesn't matter what type of image, the size, how long I've been logged in or had the page sitting idle (90 seconds to over 48 hours tested so far, same crumb error either way).

Jul 06, 2016 13:47

Tried it on the demo server please.

Did you make any special configuration to your time zone or anything related in your b2evolution and or PHP install?

What about drag & drop in the file manager (and not in the context of a post)?

Jul 06, 2016 16:27

Works fine on demo server. And no changes to PHP or any time zone settings (server is already set at the right TZ and b2e read that automatically). Also checked the page reload timeout, which was set at 1 hour, and upped it to 1 day. No help. Checked cache settings, all were default anyway, but disabled and no help. Reverted JS forms for logged in users (what does this even mean?) to unchecked (I checked it), no help. File permission settings are all default. Not finding any other sort of session settings. System status shows green and black text down the list (no errors, invalid settings, or missing modules). Install folder is deleted.

But remember, this isn't just an upload issue. I'm logged out the second that crumb error is received. I only get the crumb error on upload. The drag and drop editor (accessed from the Files menu) locks Chrome 51 for Win 10 (have to end task on system and relaunch browser).

Secondary issue noticed: The page reload timeout setting accepts the normal time ranges used elsewhere in the system, but is limited to 99999 seconds if you try to save for 1 month (like I'd prefer). The input should be limited to 27 days (when 99999 seconds hit).

When I clear full page caches, I get this error along with a success message: Could not delete general cache: [removing this bit for security]/public_html/_cache/general. But the blog caches clear fine.

Found this section under collection URLs for Blog A unset: http://prntscr.com/bpj16q. But adding the basic options for each does nothing to help. I've changed permalinks for this blog to use "Extra path on base URL" and I do have mod_rewrite enabled on the server (works fine on WP).

No clue what else to check or try. Hosted on Cloudways D.O. VPS (Supports WordPress, Bolt CM, Pagekit, Drupal, Joomla, and others straight out of the box). Seems to support b2e as well, if not for this one issue.

Jul 06, 2016 16:29

Oh yeah, everything else seems to be working fine (aside from the above) except the autolinks feature. Set it up through the back office settings according to docs (target word;;;urltoinsert.com), but it doesn't link anything on test posts. Maybe that's relevant.

Jul 06, 2016 16:52

Super weird. Here are my suggestions:

  • try with a different browser
  • use the browser developer tools to check the cookies being sent
  • try on your local machine
  • try on a different web host - this would really help isolate the problem
  • check that your webhost doesn't use some horribly overzealous "security" scheme like mod_security. this would be my #1 suspicion

Jul 06, 2016 17:40

Found the issue. On a hunch, checked if Varnish was on for this application (default by host). It was, so I turned it off, refreshed the page, uploaded two files without issues from the post editor. Actually, one had a filename that was too long (can I change this setting because sports photo filenames tend to be quite long on average).

So the issue is support for Varnish. (Cloudways runs a VMAN stack (Varnish, MySQL, Apache, Nginx)).

Jul 06, 2016 17:44

Never mind that about filenames. Read the error wrong. I see that it shortened it automatically (really love some the features of b2e).

Not using Varnish is not a deal breaker for me, either. I'd like it, but it's not crucial. Very excited about digging into b2e now. Thanks for your help, Francois!

Jul 07, 2016 02:10

Well, I didn't try it, but I would guess it's not an incompatibility between b2evolution and Varnish but rather about how varnish is configured in this particular instance.

When caching is set up just a little bit too aggressive, it can break the whole interaction for logged-in users.

We'll try to find some time testing Varnish after release of b2evo v7.

Jul 07, 2016 02:15

That's possible. Since it only occurred on image upload from a single script, it's less likely. In any case, the Varnish setup has been well tested by me (while searching for a replacement for WordPress... I hate that bloated, laggy software) and no issues were found with any others. But to each its own. Looking forward to the v7 release.

Should I start new threads for the other questions pending?

One was a note on the page reload setting allowing input (via pre-populated select fields) beyond the range of accepted parameters.

The other was a question about auto-links definitions not working. Links fine for tags, but isn't working with single words or words with spaces (with or without single quotes).

Thanks.

Jul 07, 2016 03:02

Also, if we want to replicate your setup on Cloudways, what should we do?

Choose Digital Ocean as Infrastructure provider and then choose "PHP Stack" as an application?

Thank you.

Jul 07, 2016 03:18

Yes, exactly. D.O. and PHP Stack. Installed b2evo at the application's root from there and used the MySQL database provided in the PHP Stack setup. Straight-forward.


Form is loading...

blog software – This forum is powered by b2evolution CMS, a complete engine for your website.