Notice

The forum is in read only mode.

Support Forum

Welcome! Support Forums have been reactivated
Welcome the Technical Support section. Help us in assisting you by providing us with a concise and descriptive elaboration of your issues. Be specific and if possible, provide us with a step-by-step instruction in replicating your problem.

User security - registration process issue - user not logged out

1 year 3 months ago
Licenses:
JomSocial Active GURU Active Publisher Active AdAgency Active iSEO Active Socialize Active

Hi
The issue is from Joomla language select. I disabled auto language select, and it's working fine.
please check the issue now and update.

Regards

1 year 3 months ago
Licenses:
JomSocial Active iSEO Active Socialize Active

Hi Pankaj,
just to clarify this so that I am not on wrong assumptions.

So you are stating that the failing logout issue is from Joomla language select and you have disabled auto language select and in your case logout process and session termination is working fine.

Can you confirm on which environment you did run this test ? Was it on test.seniors-meet-seniors.com/administrator/index.php ?

Are you talking about 'System - Language Filter' and disabling 'Automatic Language Change' in the plugin or is it about disabling module 'Language Switcher ' - or even both ?
I checked on test.seniors-meet-seniors.com/ and did run another test with both disabled.

See recording here:

No differences at all. The logout process and session termination simply does not work. Sometimes you are in internal area of the side by clicking only once on the JomSocial frontpage link ...
in other cases you have the impression it finally worked fine but after clicking 2-3 times then suddenly your are again back in.
In the backend of Joomla there is no user logged in but in reality I can navigate through the system and do whatever I want.

Have you discussed this case with your development team already ?
Considering the issue would have been fixed with disabling auto language select....this would be not an acceptable solution since this is core Joomla functionality and should not impact the
Jomsocial logout process.
It is Jomsocial who then would need to fix this issue so it is properly working with core Joomla.

But as you can see I can still reproduce the issue any time !!!!
drive.google.com/open?id=1oNrmxp71qIblO_dJNlKAEsPtgnG401Tv

1 year 3 months ago
Licenses:
JomSocial Active GURU Active Publisher Active AdAgency Active iSEO Active Socialize Active

Hi
The issue is really strange and only on your site.
please provide FTP details test site, via extension its hard for the developer to debug the issue properly.
Kindly provide FTP for test site.

Regards

1 year 3 months ago
Licenses:
JomSocial Active iSEO Active Socialize Active

Hello Pankaj,

yes, this issue is very very strange and it is becoming now more and more critical....I will explain you why.

We are using a fully supported platform with mySQL version 5.6.38, PHP 7.1.12 and Apache webserver based on a MAMP installation Release 4.0.
All pre-requisites for Joomla installation are met and all was green when we installed Joomla.

Unfortunately we cannot provide any FTP access just because there are not FTP services running at all and ports 21 and 22 are closed.
FTP is considered as very insecure.
But with component eXTplorer installed on test.seniors-meet-seniors.com/administrator.de you should be in a position really to investigate this as you have full access
to the file system for this subdomain and you can do pretty much everything.

Alternatively I can make a DB dump and zip the filesystem and provide you the entire installation so that you can test locally.
I could upload to Google drive. Let me know if required.

Please note that this issue has even another impact and even worse:

Considering that the logout process does not work and user session is still active, I have now experienced the following scenario on top:
This is on the current production and development environment where we have defined multi profiles - but I was able to reproduce this case with a simple setup on the
test environment just with Joomla, the template JA BIZ from Joomlart and Jomsocial installed.

We have a free account which does not require an approval from side admin and can be registered straight away.
Then we have profile which need to be first approved by a side admin.
When I now navigate to Jomsocial front-page and select change profile, I get presented the available profiles.
I then select the profile that needs to be approved by admin and then submit. I will get presented on next page a message
that I will be automatically logged out and correct and expected information that the site admin first need to approve before I can use new profile.
In addition the site admin got the expected email notification that says that an admin need to approve the profile change request
and that the user can only login again, when the account has been activated.
I checked in backend on the Joomla User management and can indeed see that the user is not released and logged out.

Now what happens:
When I click on the link that navigates me to homepage I am redirected to Jomsocial front-page in logged in status.
When I check the profile I have now the new one assigned and can fully benefit from this profile without any admin approval and can use the entire system !!!!
And in backend this user is not visible as an active user and site owner can be in believe that the user is logged out.

You can see the impact is very very severe and so critical that we are completely stucked with the project under those critical conditions.
This is showstopper situation.

See my recorded screencast for this scenario.
drive.google.com/open?id=1RddTYtdl_Cc9rLUpD1QEyhgrpVqmSvDi

I have really no idea what is causing all this pain.

Thanks and regards
Markus

1 year 3 months ago
Licenses:
JomSocial Active GURU Active Publisher Active AdAgency Active iSEO Active Socialize Active

Hi
Open joomla backend > system > global configruation > system.
Change the session handler to PHP.
It seems working fine now .
I also sent complete details in PM Please check it too.

Regards

1 year 3 months ago
Licenses:
JomSocial Active iSEO Active Socialize Active

Hi Pankaj,
this seems to have indeed fixed the issues with logouts and session handling.
I tested it on another environment with our complete set of components and configurations and switched from
'Alternative PHP' to 'PHP' and it worked fine. I was not longer in a position to reproduce the issue not being able to logout.
Then I tested same with 'Database' and it seems to be ok. also.
I did not test with 'Memcached' as this is experimental.

I will keep the ticket open for some time and do some further stress testing to be 100% sure all is fine, because it happened that
in some cases I had to consecutively click 3-4 times on Community link and I was then back in internal area without login.

What I think is very important in this case is that you guys need to make sure that the Jomsocial documentation has a
note about this and that 'Alternative PHP' should not be used at all in order to avoid this issues as this is severe security issue.
But I would expect that Jomsocial should fix the issue midterm so that also 'Alternative PHP' can be used since this is core Joomla
functionality and the logout process is working fine with core Joomla but not with Jomsocial.

Please comment.

Thanks for all your time and efforts on this case
Markus

Moderators: Piotr Garasiński
Powered by Kunena Forum

Join 180,000 websites creating Amazing communities

JomSocial is the most complete, easy-to-use addon that turns Joomla CMS into a
full -fledged, social networking site

TRY NOW BUY NOW