"Invalid_Session" errors

This section is for questions relating to using the forum. Announcements on updates and any issues with the forum software may also be posted here occasionally.

Moderator: Tim Green

Post Reply
User avatar
Tim Green
Site Admin
Posts: 23181
Joined: Mon Jun 24, 2002 9:11 am
Location: Bruehl, Germany
Contact:
Contact Tim Green

"Invalid_Session" errors

Unread post by Tim Green »

May 1st 2004: Forum Software Updated to 2.0.8a

The "invalid session" error problem now seems to be a thing of the past. The 2.0.8a version of the phpBB software is the most secure and stable yet and everything seems to be rock solid. I'm going to wait a couple more weeks but if no more complaints come I think I can delete the link to this thread. 8)


October 5th 2003: Forum Software Updated to 2.0.6

I just updated the phpBB forum software from 2.0.4 to 2.0.6. It's possible that this will solve the "invalid session" errors problem -- if anyone still receives an invalid session error please let me know about it. Thanks! 8)

===============================================

Important Note:
Please only mail me in response to this announcement if you are a member of the Help & Manual Forums! Some bright sparks have posted links to this announcement at other forums that use the same phpBB forum software and a lot of people clicking on these links are sending me mails about problems at the other forums.

About Invalid_Session errors:

Some users may get an "Invalid_Session" error with the new forum software when posting a longer message or reply. This is due to a new "security" feature that I'm not particularly happy about -- or rather, I'm happy about the security feature but definitely not happy about the way it's implemented.

If you are a member of the Help & Manual Forums (and only then, I will not answer mails from members of other forums) please mail me at webmaster@it-authoring.com if you are experiencing these problems. I need to know how many people are affected!

What is causing the problem:

Basically this feature protects against hacker attacks by giving every active user a Session ID, part of which is derived from your current IP address. If your Internet account uses dynamic IP addresses and a timeout so that your machine goes offline and then online again while you are composing posts your IP address will change and your Session ID will become invalid. phpBB will then assume that you're a hacker and not allow you to post.

Users of AOL worldwide and T-Online in Germany will be particularly strongly affected by this problem, as will all other users with providers who change the entire IP address every time you log on.

If you're interested in the technical details see this message from the phpBB staff:

http://www.phpbb.com/phpBB/viewtopic.php?t=69493

Workaround:

If you experience this problem while trying to post a message or reply do this:
  • 1:
    Immediately click on BACK in your browser. This will display your editing screen with the text you just entered.
    2:
    Copy all the text you wrote to the clipboard, then return to the forum and select New Message or Reply as appropriate for what you were trying to do.
    3:
    Paste the text you just copied into the editing window and immediately click on SUBMIT, while your current session is still valid.
I'm the first to admit that this is a lousy solution. I'm going to be watching the situation closely over the next few days and if a lot of users experience problems with it I'm going to have to take some radical action.

Sorry for any inconvenience. :evil:
Regards,
Tim (EC Software Documentation & User Support)

Private support:
Please do not email or PM me with private support requests -- post to the forum directly.
Top
Post Reply

Return to “Forum Issues”