Error at Login - "The action you requested is not allowed |
I recently copied my website from one domain to another. Unfortunatley, login does work anymore. In the session dir, I can see this the ci_session txt file:
__ci_last_regenerate|i:[snip number];error|s:40:"The action you requested is not allowed.";__ci_vars|a:1:{s:5:"error";s:3:"new";} Not sure how to debug this or the meaning of the error message. Any pointers appreciated. When I moved over the site, I did delete all session ids. Running https only on both sites.
It is the error message when CSRF token check fails.
See https://codeigniter4.github.io/CodeIgnit...rgery-csrf
(01-31-2023, 09:16 PM)kenjis Wrote: It is the error message when CSRF token check fails. Hi Kenjis, many thanks for that link. I have read through it again. I cannot find my error. The code is a copy from another website that works. I merely changed the domain. Both use ssl, env changed domains, deleted all session just to be safe. I checked that the forms on both sites are identical and that the token is included in the form in both sites. I only except an Api and Admin route per below. Files permissions and ownership checked and are identical (drwxr-xr-x 2 www-data www-data 1327104 Feb 2 04:29 session). Any think I am missing. Much appreciate your feedback. public $globals = [ 'before' => [ 'csrf' => ['except' => ['Api/*', 'Admin/*'], ], ], 'after' => [ 'toolbar', ], ];
When you try to login, what happens?
Unfortunately I cannot see your screen, so "login does work anymore" shows nothing to me.
(02-02-2023, 03:20 AM)kenjis Wrote: When you try to login, what happens? Here is my login form; Code: <?= $this->extend('__templates/user_public/bootswatch'); ?> This is my route; Code: $routes->match(['get', 'post'], '/login', 'User_public\Login\Login_Controller::login_create', ['filter' => 'LoggedInNoAccessFilter']); and this is my login controller; Code: public function login_create() I have just notice that this after I post the form, this appears to be false and skips it. Code: if ($this->request->getMethod() === 'post') { but no idea why :-( When I submit, it is simply redirected to / my home page. Also, when I open the page to /login, i delete the log file... then I click the login button. I placed log_message but nothing in the log file! When I initially load the page, the log shows GET. Code: public function login_create()
How did you configure CSRF protection filter?
Here is my filter:
Code: namespace Config;
You are using form_open() and global csrf filter, so CSRF token will be set automatically.
So CSRF protection should work. If you set the $redirect to false, you will see an Exception when CSRF check fails. https://codeigniter4.github.io/CodeIgnit...on-failure
of course, CI 4+ has strong CSRF capability and CSRF is not concerned with your filter. in my base opinion try to off
Code: CSRF Code: php spark cache: clear PHP Code: $routes->match(['get', 'post'], 'login', 'User_public\Login\Login_Controller::login_create', ['filter' => 'LoggedInNoAccessFilter']); another way try to check PHP v. these are among gave some headaches in the past now there is also CSRF attention needed on also CI 4.3.1 I have recently faced the same on this new version with its shield Auth Codeigniter First, Codeigniter Then You!!
yekrinaDigitals
Many thanks for your suggestions luckmoshy.
This worked!! :-) php spark cache: clear It is stange because sometimes login and sometimes now. As the above command worked, will monitor it to see when/why *if* fails again. When you say, turn off CSRF, you mean it would be better to implement manually? You mean I should also try by *adding* // in front of the route and not using routing, as a test? |
Welcome Guest, Not a member yet? Register Sign In |