sirspider Posted August 25, 2020 Share Posted August 25, 2020 Hello, I seem to be encountering issues when logging into my community's admin control panel. This issue is intermittent and I'm not entirely certain what could be causing it. Sometimes I have to log in 4-5 times to the AdminCP before it will log me in. The issue seems to be because of the ref= query parameter containing the adsess= parameter when accessed. I think a way to replicate it is to: 1. log into the admin CP and navigate to some portion of the adminCP (for example users) 2. Browse the community and click the AdminCP button (this creates a new admin session) 3. Go back to the first tab that had the original admin session and try to perform an action. This brings you back to the login screen with the adsess= encoded into the ref= parameter for the login screen. You'll then have to log in several times before you're able to finally go through and properly log in without issue. 4. Closing those tabs and attempting to re-open a new AdminCP session from the community's dropdown sometimes also becomes bricked in that process and ends up in that login loop. I am running Invision Community v4.4.10 with PHP-fpm 7.2 behind nginx Is there anything I could reconfigure on my end, whether it be IPS/nginx/PHP configuration to get around this? I understand the need for administrative sessions being separate from user sessions, but I feel there are better alternatives to avoid CSRF/XSS and the likes nowadays. I'm usually all over the place and having to keep track of which tab is the up to date one can become a little tedious. Not to mention if I have been working on editing something in the admin panel and I accidentally open a new session without having saved my changes, those changes are now forever lost. I initially opened a support ticket but was referred to this forum instead. Link to comment Share on other sites More sharing options...
CoffeeCake Posted August 26, 2020 Share Posted August 26, 2020 This gets better in 4.5, and you are describing my experience in 4.4. Link to comment Share on other sites More sharing options...
Keith Clark Posted November 9, 2020 Share Posted November 9, 2020 I realize this is most likely NOT your issue, but just putting here in case it helps someone else. After logging out of my site, I saved the login page as my favorite not realizing the url was NOT https://site.com/login As a result I had issues, and ended up figuring it out myself and I updated the bookmark to not have the extra string after it. I was trippin' cuz its not unusual for me to have multiple sessions open in firefox and chrome on multiple screens. Keith Link to comment Share on other sites More sharing options...
Tom Bartels Posted November 24, 2020 Share Posted November 24, 2020 Kind of related, but do you know where to go to reset admin password. I have a working username and password, that today, for some reason does not work, but couldn't find any way to get a password reset. Anybody? Thanks Link to comment Share on other sites More sharing options...
bfarber Posted November 25, 2020 Share Posted November 25, 2020 usually sitename.com/lostpassword/. The link is on the login form. Link to comment Share on other sites More sharing options...
NoSpy Posted December 1, 2020 Share Posted December 1, 2020 (edited) Did you try to disable caches and .htaccess? Edited December 1, 2020 by NoSpy Link to comment Share on other sites More sharing options...
Recommended Posts