Cross Site Request Forgery (XSRF) aimed at you?

[nathan]

Hi!

This XSRF protection can cause problems if your Browser does not submit a HTTP Referer string, or you are using a proxy that is filtering this one. Or your PHP sessions are not properly installed.

Can you check that?

Regards,
Garvin

I am having the same problem and I imagine that this is what my server is doing but I am not much of a techie. Could you tell me more how to check this? My last server did not do this to me (Centos 4) but this one (Centos 5/HostInABox) seems to be.

[garvinhicking]

Hi!

Can you show me the output of a php

<?php phpinfo(); ?>

script?

Regards,
Garvin

[nathan]

Hi!

Can you show me the output of a php

<?php phpinfo(); ?>

script?

Regards,
Garvin

OK. I get:

PHP Version 5.2.1

System Linux vps.studioivey.com 2.6.18-spry2ovz028stab053.5-smp #1 SMP Fri Feb 29 09:53:44 PST 2008 i686
Build Date Feb 7 2008 03:54:19
Configure Command './configure' '--build=i686-redhat-linux-gnu' '--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-libdir=lib' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--disable-debug' '--with-pic' '--disable-rpath' '--without-pear' '--with-bz2' '--with-curl' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-png' '--with-pspell' '--with-expat-dir=/usr' '--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--enable-track-vars' '--enable-trans-sid' '--enable-yp' '--with-mcrypt' '--with-mhash' '--enable-wddx' '--with-kerberos' '--enable-ucd-snmp-hack' '--with-unixODBC=shared,/usr' '--enable-memory-limit' '--enable-shmop' '--enable-calendar' '--enable-dbx' '--enable-dio' '--with-mime-magic=/etc/httpd/conf/magic' '--without-sqlite' '--with-libxml-dir=/usr' '--with-xml' '--enable-force-cgi-redirect' '--enable-pcntl' '--with-imap=shared' '--with-imap-ssl' '--enable-mbstring=shared' '--enable-mbstr-enc-trans' '--enable-mbregex' '--with-ncurses=shared' '--with-gd=shared' '--enable-bcmath=shared' '--enable-dba=shared' '--with-db4=/usr' '--with-xmlrpc=shared' '--with-ldap=shared' '--with-mysql=shared,/usr' '--with-mysqli=shared,/usr/bin/mysql_config' '--enable-dom=shared' '--with-dom-xslt=/usr' '--with-dom-exslt=/usr' '--with-pgsql=shared' '--with-snmp=shared,/usr' '--enable-soap=shared' '--with-xsl=shared,/usr' '--enable-xmlreader=shared' '--enable-xmlwriter=shared' '--enable-fastcgi' '--enable-pdo=shared' '--with-pdo-odbc=shared,unixODBC,/usr' '--with-pdo-mysql=shared,/usr' '--with-pdo-pgsql=shared,/usr' '--with-pdo-sqlite=shared,/usr' '--enable-json=shared' '--enable-zip=shared' '--with-readline'
Server API CGI/FastCGI
Virtual Directory Support disabled
Configuration File (php.ini) Path /home/httpd/xnucniuq.com/php.ini
Scan this dir for additional .ini files /etc/php.d
additional .ini files parsed /etc/php.d/gd.ini, /etc/php.d/imap.ini, /etc/php.d/json.ini, /etc/php.d/lighttpd.ini, /etc/php.d/mysql.ini, /etc/php.d/mysqli.ini, /etc/php.d/pdo.ini, /etc/php.d/pdo_mysql.ini, /etc/php.d/pdo_sqlite.ini, /etc/php.d/zip.ini
PHP API 20041225
PHP Extension 20060613
Zend Extension 220060519
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
IPv6 Support enabled
Registered PHP Streams php, file, data, http, ftp, compress.bzip2, compress.zlib, https, ftps, zip
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, convert.iconv.*, bzip2.*, zlib.*

Zend logo This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

PHP Credits
Configuration
PHP Core
Directive Local Value Master Value
allow_call_time_pass_reference Off Off
allow_url_fopen On On
allow_url_include Off Off
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors Off Off
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl On On
error_append_string no value no value
error_log no value no value
error_prepend_string no value no value
error_reporting 6143 6143
expose_php On On
extension_dir /usr/lib/php/modules /usr/lib/php/modules
file_uploads On On
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors On On
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path .:/usr/share/pear:/usr/share/php .:/usr/share/pear:/usr/share/php
log_errors On On
log_errors_max_len 1024 1024
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.force_extra_parameters no value no value
max_execution_time 30 30
max_input_time 60 60
memory_limit 32M 32M
open_basedir no value no value
output_buffering 4096 4096
output_handler no value no value
post_max_size 8M 8M
precision 14 14
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv Off Off
register_globals Off Off
register_long_arrays Off Off
report_memleaks On On
report_zend_debug On On
safe_mode Off Off
safe_mode_exec_dir no value no value
safe_mode_gid Off Off
safe_mode_include_dir no value no value
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 2M 2M
upload_tmp_dir no value no value
user_dir no value no value
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
zend.ze1_compatibility_mode Off Off

bz2
BZip2 Support Enabled
Stream Wrapper support compress.bz2://
Stream Filter support bzip2.decompress, bzip2.compress
BZip2 Version 1.0.3, 15-Feb-2005

calendar
Calendar support enabled

cgi-fcgi
Directive Local Value Master Value
cgi.check_shebang_line 1 1
cgi.fix_pathinfo 1 1
cgi.force_redirect 1 1
cgi.nph 0 0
cgi.redirect_status_env no value no value
cgi.rfc2616_headers 0 0
fastcgi.logging 1 1

ctype
ctype functions enabled

curl
cURL support enabled
cURL Information libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

date
date/time support enabled
Timezone Database Version 2006.16
Timezone Database internal
Default timezone America/New_York

Directive Local Value Master Value
date.default_latitude 31.7667 31.7667
date.default_longitude 35.2333 35.2333
date.sunrise_zenith 90.583333 90.583333
date.sunset_zenith 90.583333 90.583333
date.timezone no value no value

exif
EXIF Support enabled
EXIF Version 1.4 $Id: exif.c,v 1.173.2.5.2.11 2007/01/23 00:23:17 iliaa Exp $
Supported EXIF Version 0220
Supported filetypes JPEG,TIFF

filter
Input Validation and Filtering enabled
Revision $Revision: 1.52.2.38 $

Directive Local Value Master Value
filter.default unsafe_raw unsafe_raw
filter.default_flags no value no value

ftp
FTP support enabled

gd
GD Support enabled
GD Version bundled (2.0.28 compatible)
FreeType Support enabled
FreeType Linkage with freetype
FreeType Version 2.2.1
GIF Read Support enabled
GIF Create Support enabled
JPG Support enabled
PNG Support enabled
WBMP Support enabled
XBM Support enabled

gettext
GetText Support enabled

gmp
gmp support enabled

hash
hash support enabled
Hashing Engines md2 md4 md5 sha1 sha256 sha384 sha512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru gost adler32 crc32 crc32b haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5

iconv
iconv support enabled
iconv implementation glibc
iconv library version 2.5

Directive Local Value Master Value
iconv.input_encoding ISO-8859-1 ISO-8859-1
iconv.internal_encoding ISO-8859-1 ISO-8859-1
iconv.output_encoding ISO-8859-1 ISO-8859-1

imap
IMAP c-Client Version 2004
SSL Support enabled
Kerberos Support enabled

json
json support enabled
json version 1.2.1

libxml
libXML support active
libXML Version 2.6.26
libXML streams enabled

mcrypt
mcrypt support enabled
Version 2.5.8
Api No 20021217
Supported ciphers cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes
Supported modes cbc cfb ctr ecb ncfb nofb ofb stream

Directive Local Value Master Value
mcrypt.algorithms_dir no value no value
mcrypt.modes_dir no value no value

mhash
MHASH support Enabled
MHASH API Version 20060101

mime_magic
mime_magic support enabled

Directive Local Value Master Value
mime_magic.debug Off Off
mime_magic.magicfile /etc/httpd/conf/magic /etc/httpd/conf/magic

mysql
MySQL Support enabled
Active Persistent Links 0
Active Links 0
Client API version 5.0.45
MYSQL_MODULE_TYPE external
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_INCLUDE -I/usr/include/mysql
MYSQL_LIBS -L/usr/lib/mysql -lmysqlclient

Directive Local Value Master Value
mysql.allow_persistent On On
mysql.connect_timeout 60 60
mysql.default_host no value no value
mysql.default_password no value no value
mysql.default_port no value no value
mysql.default_socket no value no value
mysql.default_user no value no value
mysql.max_links Unlimited Unlimited
mysql.max_persistent Unlimited Unlimited
mysql.trace_mode Off Off

mysqli
MysqlI Support enabled
Client API library version 5.0.45
Client API header version 5.0.22
MYSQLI_SOCKET /var/lib/mysql/mysql.sock

Directive Local Value Master Value
mysqli.default_host no value no value
mysqli.default_port 3306 3306
mysqli.default_pw no value no value
mysqli.default_socket no value no value
mysqli.default_user no value no value
mysqli.max_links Unlimited Unlimited
mysqli.reconnect Off Off

openssl
OpenSSL support enabled
OpenSSL Version OpenSSL 0.9.8b 04 May 2006

pcntl
pcntl support enabled

pcre
PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 6.6 06-Feb-2006

PDO
PDO support enabled
PDO drivers mysql, sqlite

pdo_mysql
PDO Driver for MySQL, client library version 5.0.45

pdo_sqlite
PDO Driver for SQLite 3.x enabled
PECL Module version 1.0.1 $Id: pdo_sqlite.c,v 1.10.2.6.2.1 2007/01/01 09:36:05 sebastian Exp $
SQLite Library 3.3.6

posix
Revision $Revision: 1.70.2.3.2.12 $

pspell
PSpell Support enabled

Reflection
Reflection enabled
Version $Id: php_reflection.c,v 1.164.2.33.2.33 2007/01/01 09:36:05 sebastian Exp $

session
Session Support enabled
Registered save handlers files user
Registered serializer handlers php php_binary wddx

Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php/session /var/lib/php/session
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0

shmop
shmop support enabled

SimpleXML
Simplexml support enabled
Revision $Revision: 1.151.2.22.2.20 $
Schema support enabled

sockets
Sockets Support enabled

SPL
SPL support enabled
Interfaces Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilterIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RegexIterator, RuntimeException, SimpleXMLIterator, SplFileInfo, SplFileObject, SplObjectStorage, SplTempFileObject, UnderflowException, UnexpectedValueException

standard
Regex Library Bundled library enabled
Dynamic Library Support enabled
Path to sendmail /usr/sbin/sendmail -t -i

Directive Local Value Master Value
assert.active 1 1
assert.bail 0 0
assert.callback no value no value
assert.quiet_eval 0 0
assert.warning 1 1
auto_detect_line_endings 0 0
default_socket_timeout 60 60
safe_mode_allowed_env_vars PHP_ PHP_
safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH
url_rewriter.tags a=href,area=href,frame=src,input=src,form=fakeentry a=href,area=href,frame=src,input=src,form=fakeentry
user_agent no value no value

sysvmsg
sysvmsg support enabled
Revision $Revision: 1.20.2.3.2.6 $

tokenizer
Tokenizer Support enabled

wddx
WDDX Support enabled
WDDX Session Serializer enabled

xml
XML Support active
XML Namespace Support active
libxml2 Version 2.6.26

zip
Zip enabled
Extension Version $Id: php_zip.c,v 1.1.2.27 2007/01/29 15:25:06 pajoye Exp $
Zip version 2.0.0
Libzip version 0.7.1

zlib
ZLib Support enabled
Stream Wrapper support compress.zlib://
Stream Filter support zlib.inflate, zlib.deflate
Compiled Version 1.2.3
Linked Version 1.2.3

Directive Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level -1 -1
zlib.output_handler no value no value

Additional Modules
Module Name
readline
sysvsem
sysvshm

Environment
Variable Value
HTTP_KEEP_ALIVE 300
HTTP_USER_AGENT Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
PHPRC /home/httpd/xnucniuq.com
HTTP_HOST xnucniuq.com
SERVER_PORT 80
HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.7
DOCUMENT_ROOT /home/admin/xnucniuq/
SCRIPT_FILENAME /home/admin/xnucniuq/blooper.php
NON_RESIDENT 1
REQUEST_URI /blooper.php
SCRIPT_NAME /blooper.php
MUID 1006
HTTP_CONNECTION keep-alive
REMOTE_PORT 16035
GID 1006
PWD /home/admin/xnucniuq
REDIRECT_STATUS 200
HTTP_ACCEPT_LANGUAGE en-us,en;q=0.5
HTTP_ACCEPT text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
REMOTE_ADDR 65.88.88.45
SHLVL 0
SERVER_NAME xnucniuq.com
CONTENT_LENGTH 0
TARGET /usr/bin/php-cgi
SERVER_SOFTWARE lighttpd/1.4.18
SERVER_ADDR 0.0.0.0
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.1
HTTP_ACCEPT_ENCODING gzip,deflate
HTTP_COOKIE serendipity[userDefLang]=en; serendipity[author_token]=e3617124b5a70ae97c6d999a46c949324f61e2da; serendipity[old_session]=rfdeflunu75at27scb0hbtrrn2; serendipity[addmedia_directory]=; serendipity[only_filename]=; serendipity[only_path]=; serendipity[sortorder_ordermode]=; serendipity[sortorder_order]=; serendipity[sortorder_perpage]=; serendipity[author_information]=9847f791e25bf696a672da62fa09e531; serendipity[author_information_iv]=1YHMdujLeaE%3D; PHPSESSID=rfdeflunu75at27scb0hbtrrn2
REQUEST_METHOD GET

PHP Variables
Variable Value
_REQUEST["serendipity"]

Array
(
[userDefLang] => en
[author_token] => e3617124b5a70ae97c6d999a46c949324f61e2da
[old_session] => rfdeflunu75at27scb0hbtrrn2
[addmedia_directory] =>
[only_filename] =>
[only_path] =>
[sortorder_ordermode] =>
[sortorder_order] =>
[sortorder_perpage] =>
[author_information] => 9847f791e25bf696a672da62fa09e531
[author_information_iv] => 1YHMdujLeaE=
)

_REQUEST["PHPSESSID"] rfdeflunu75at27scb0hbtrrn2
_COOKIE["serendipity"]

Array
(
[userDefLang] => en
[author_token] => e3617124b5a70ae97c6d999a46c949324f61e2da
[old_session] => rfdeflunu75at27scb0hbtrrn2
[addmedia_directory] =>
[only_filename] =>
[only_path] =>
[sortorder_ordermode] =>
[sortorder_order] =>
[sortorder_perpage] =>
[author_information] => 9847f791e25bf696a672da62fa09e531
[author_information_iv] => 1YHMdujLeaE=
)

_COOKIE["PHPSESSID"] rfdeflunu75at27scb0hbtrrn2
_SERVER["HTTP_KEEP_ALIVE"] 300
_SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
_SERVER["PHPRC"] /home/httpd/xnucniuq.com
_SERVER["HTTP_HOST"] xnucniuq.com
_SERVER["SERVER_PORT"] 80
_SERVER["HTTP_ACCEPT_CHARSET"] ISO-8859-1,utf-8;q=0.7,*;q=0.7
_SERVER["DOCUMENT_ROOT"] /home/admin/xnucniuq/
_SERVER["SCRIPT_FILENAME"] /home/admin/xnucniuq/blooper.php
_SERVER["NON_RESIDENT"] 1
_SERVER["REQUEST_URI"] /blooper.php
_SERVER["SCRIPT_NAME"] /blooper.php
_SERVER["MUID"] 1006
_SERVER["HTTP_CONNECTION"] keep-alive
_SERVER["REMOTE_PORT"] 16035
_SERVER["GID"] 1006
_SERVER["PWD"] /home/admin/xnucniuq
_SERVER["REDIRECT_STATUS"] 200
_SERVER["HTTP_ACCEPT_LANGUAGE"] en-us,en;q=0.5
_SERVER["HTTP_ACCEPT"] text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
_SERVER["REMOTE_ADDR"] 65.88.88.45
_SERVER["SHLVL"] 0
_SERVER["SERVER_NAME"] xnucniuq.com
_SERVER["CONTENT_LENGTH"] 0
_SERVER["TARGET"] /usr/bin/php-cgi
_SERVER["SERVER_SOFTWARE"] lighttpd/1.4.18
_SERVER["SERVER_ADDR"] 0.0.0.0
_SERVER["GATEWAY_INTERFACE"] CGI/1.1
_SERVER["SERVER_PROTOCOL"] HTTP/1.1
_SERVER["HTTP_ACCEPT_ENCODING"] gzip,deflate
_SERVER["HTTP_COOKIE"] serendipity[userDefLang]=en; serendipity[author_token]=e3617124b5a70ae97c6d999a46c949324f61e2da; serendipity[old_session]=rfdeflunu75at27scb0hbtrrn2; serendipity[addmedia_directory]=; serendipity[only_filename]=; serendipity[only_path]=; serendipity[sortorder_ordermode]=; serendipity[sortorder_order]=; serendipity[sortorder_perpage]=; serendipity[author_information]=9847f791e25bf696a672da62fa09e531; serendipity[author_information_iv]=1YHMdujLeaE%3D; PHPSESSID=rfdeflunu75at27scb0hbtrrn2
_SERVER["REQUEST_METHOD"] GET
_SERVER["PHP_SELF"] /blooper.php
_SERVER["REQUEST_TIME"] 1219336232
_ENV["HTTP_KEEP_ALIVE"] 300
_ENV["HTTP_USER_AGENT"] Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
_ENV["PHPRC"] /home/httpd/xnucniuq.com
_ENV["HTTP_HOST"] xnucniuq.com
_ENV["SERVER_PORT"] 80
_ENV["HTTP_ACCEPT_CHARSET"] ISO-8859-1,utf-8;q=0.7,*;q=0.7
_ENV["DOCUMENT_ROOT"] /home/admin/xnucniuq/
_ENV["SCRIPT_FILENAME"] /home/admin/xnucniuq/blooper.php
_ENV["NON_RESIDENT"] 1
_ENV["REQUEST_URI"] /blooper.php
_ENV["SCRIPT_NAME"] /blooper.php
_ENV["MUID"] 1006
_ENV["HTTP_CONNECTION"] keep-alive
_ENV["REMOTE_PORT"] 16035
_ENV["GID"] 1006
_ENV["PWD"] /home/admin/xnucniuq
_ENV["REDIRECT_STATUS"] 200
_ENV["HTTP_ACCEPT_LANGUAGE"] en-us,en;q=0.5
_ENV["HTTP_ACCEPT"] text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
_ENV["REMOTE_ADDR"] 65.88.88.45
_ENV["SHLVL"] 0
_ENV["SERVER_NAME"] xnucniuq.com
_ENV["CONTENT_LENGTH"] 0
_ENV["TARGET"] /usr/bin/php-cgi
_ENV["SERVER_SOFTWARE"] lighttpd/1.4.18
_ENV["SERVER_ADDR"] 0.0.0.0
_ENV["GATEWAY_INTERFACE"] CGI/1.1
_ENV["SERVER_PROTOCOL"] HTTP/1.1
_ENV["HTTP_ACCEPT_ENCODING"] gzip,deflate
_ENV["HTTP_COOKIE"] serendipity[userDefLang]=en; serendipity[author_token]=e3617124b5a70ae97c6d999a46c949324f61e2da; serendipity[old_session]=rfdeflunu75at27scb0hbtrrn2; serendipity[addmedia_directory]=; serendipity[only_filename]=; serendipity[only_path]=; serendipity[sortorder_ordermode]=; serendipity[sortorder_order]=; serendipity[sortorder_perpage]=; serendipity[author_information]=9847f791e25bf696a672da62fa09e531; serendipity[author_information_iv]=1YHMdujLeaE%3D; PHPSESSID=rfdeflunu75at27scb0hbtrrn2
_ENV["REQUEST_METHOD"] GET

[garvinhicking]

Hi!

Does the directory /var/lib/php/session on your server exist and is world-writable? Are files inside this directory?

I assume that your problem really is server related; you did not change anything in your browser configurtaion regarding proxies, cookies or other means?

Regards,
Garvin

[nathan]

You're an ace!

I changed chmod of session directory to 777 and it all works fine now. Thanks!

[JeffRoss]

Will custom user session handlers work with Serendipity?

I'm using the latest nightly, and a fresh install.

My phpinfo() can be found at http://www.virtualdeb.net/php_info.html

I'm using a custom session handler that has worked like a charm for a couple of years now, but I'm not able do any updates or configuration changes through the web interface because of this error.

I'm using Firefox, and the network.http.sendRefererHeader is set to 2.

Thanks,

Jeff Ross

[garvinhicking]

Hi!

Will custom user session handlers work with Serendipity?

Yes, if the custom session handlers impement all functionality properly. I suspect that your custom session handles might not implement all functionality...

Maybe you could switch to 'files' PHP sesson handler for the s9y directory? YOu should be able to instruct that via .htaccess or a VHost container...?

Regards,
Garvin

[JeffRoss]

Hi!

Will custom user session handlers work with Serendipity?

Yes, if the custom session handlers impement all functionality properly. I suspect that your custom session handles might not implement all functionality...

Maybe you could switch to 'files' PHP sesson handler for the s9y directory? YOu should be able to instruct that via .htaccess or a VHost container...?

Regards,
Garvin

I switched to files in .htaccess and that seems to have fixed the problem. Thanks!

It will be interesting to figure out what's missing, since I haven't had a problem with sessions since I switched to the postgresql based version.

Jeff Ross

[robi-bobi]

i had this problem and after debugging $_SESSION, $_POST, $_SERVER vars I found no reasons for the problem

just before I quit, i made logout+login procedure
and it works now

strange

the problem has occured after activating buletproof template

[alpay]

Hi guys... I started having this problem recently. Perhaps my webhost made some changes to PHP? I doubt it...

my session info is at http://blog.litstudios.com/session_test.php

some entries that look suspect are :
session.cookie_path /
session.save_path /services/webdata/php_sessions

these are not folders i can access. i noticed someone else did a chmod 777 and it fixed this problem for them but these paths listed above are at a higher level than the user folders on my webhosting account. any suggestions?

Thanks,
Alpay

ps: i have always been using bulletproof and have not edited my blog in ages. just started having problems. thanks again.

[Timbalu]

Hi Alpay

Hmm, this sounds more like a question to your provider, since you correctly thought they changed the session/cookie save path, or did not set it writable.

Clear this first, then add serendipity version information, etc. if still necessarry.
Edit: Serendipity v.1.3.1 is very very old. We would recommend to run an upgrade to latest version, even if this wasn't the problem you had.

[alpay]

ok, i just finished emailing them about this issue.

thanks for the speedy reply.

[kleinerChemiker]

Hi guys... I started having this problem recently. Perhaps my webhost made some changes to PHP? I doubt it...

my session info is at http://blog.litstudios.com/session_test.php

some entries that look suspect are :
session.cookie_path /
session.save_path /services/webdata/php_sessions

these are not folders i can access. i noticed someone else did a chmod 777 and it fixed this problem for them but these paths listed above are at a higher level than the user folders on my webhosting account. any suggestions?

Thanks,
Alpay

ps: i have always been using bulletproof and have not edited my blog in ages. just started having problems. thanks again.

The paths look totaly normal. Maybe read the pp docs for understanding what the paths are for.

[alpay]

Aaaah, false alarm, i figured it out. thanks for the assistance guys.

I had to post a screenshot of my error for my webhost to try to troubleshoot for me - it turned out i could not ftp the jpg file of the screenshot. duh, i figured out i was over my storage limit. i deleted a couple of gigs of unecessary files and voila, things are working again.

sooo, for others in the future, check to make sure you have enough storage space for Serendipity to make changes...

Alpay