bassangler Posted March 13, 2022 Posted March 13, 2022 (edited) I have the same problem, and it's prolific. Many, many users are complaining about it. Clearing cache and cookies doesn't work, nor does resetting passwords. I have a dedicated server and a CDN. I cleared and disabled cache on both to no avail. I have this in my htaccess file: ExpiresActive On ExpiresDefault A0 <FilesMatch "\.(jpg|jpeg|png|gif|js|icon|swf|flv|css|ico|mp4)$"> ExpiresDefault A2721600 FileETag All Header append Cache-Control "max-age=2721600, public, proxy-revalidate" </FilesMatch> <FilesMatch "\.(html|htm)$"> Header append Cache-Control "max-age=300, public, proxy-revalidate" </FilesMatch> Not sure if that's causing the issue. Thoughts? Edited March 13, 2022 by bassangler
Jim M Posted March 13, 2022 Posted March 13, 2022 1 hour ago, bassangler said: <FilesMatch "\.(html|htm)$"> Header append Cache-Control "max-age=300, public, proxy-revalidate" </FilesMatch> This should be caching only html/htm files but I would remove this to test.
bassangler Posted March 14, 2022 Author Posted March 14, 2022 (edited) Appreciate the suggestion. I tried it right after you posted. 4 hours later and my error logfile is filled with the same error created during the past 4 hours. So, that didn't work. I'm running 4.6.11 too. I thought the new cookie cache function would solve the problem. It did not. I'm at a loss. Seems disabling all cache has zero impact. I must be missing something, or it's not a cache issue. Edited March 14, 2022 by bassangler
Marc Posted March 14, 2022 Posted March 14, 2022 You mention you have the same issue. Are you using varnish cache? If so, please disable this as this was the cause
bassangler Posted March 15, 2022 Author Posted March 15, 2022 Nope, I do NOT have varnish cache. I meant that I have the same symptoms as the OP, but it's widespread across all users, including myself. Doesn't matter what browser or device they're using. Same user will have the same issue across desktop and mobile. Even with all cache disabled, and directives removed from htaccess, the issue persists. It's a real head-scratcher that's extremely annoying, and costing me members.
Marc Posted March 15, 2022 Posted March 15, 2022 Please could you start a new topic, and provide all information including users and exact messages (note there is a code on the error page). I am not seeing anything related in your system logs
bassangler Posted March 15, 2022 Author Posted March 15, 2022 When you're looking at my error logs, just search by the word "Wrong", and you'll see them. I don't want to post by error logs, since they show sensitive information.
Marc Posted March 15, 2022 Posted March 15, 2022 I have split this into its own topic, as mentioned above. I will take a look at this for you now
Marc Posted March 15, 2022 Posted March 15, 2022 I am seeing messages on topics, but when logging in as those users, I dont seem to be seeing any issues unfortunately.
bassangler Posted March 15, 2022 Author Posted March 15, 2022 (edited) Nope, you won't either. It's virtually impossible to replicate. It's very much hit-and-miss and sporadic But the frequency of this error is insane. Edited March 15, 2022 by bassangler
Marc Posted March 16, 2022 Posted March 16, 2022 Please contact your hosting company to double check and see if you have any caching at all on the server side. This is very likely what is causing issues, and if thats the case we could be chasing down an issue we will never find
bassangler Posted March 16, 2022 Author Posted March 16, 2022 I'll check. Meanwhile, why would IP be incompatible with something as commonplace as cache? I mean, who doesn't use cache? Seems disabling it is a hack. What is the real solution?
Management Matt Posted March 16, 2022 Management Posted March 16, 2022 That error code is caused by the CSRF key in the link or source being different from the one it is checked against in the code. The most likely cause is sessions being wiped out constantly. So the page loads, and you are issued a session ID, and the CSRF key is generated with this ID as part of the key. This key ends up in links like "do=add&csrf=<keyhere>" When you click a link or perform an action that sends a POST request, this CSRF key is checked against the one generated by the current session. If the session does not persist or is removed at the time the page is loaded, it will not match. It's obviously something that should only happen in incredibly rare circumstances. I will take a quick look at your site.
Management Matt Posted March 16, 2022 Management Posted March 16, 2022 I've had a look and can't see anything really out of the ordinary. The common theme seems to be that those affected are using an iPhone to browse the community. It's a long shot, but worth checking to see if they have private relay enabled or not (https://support.apple.com/en-us/HT212614) As mentioned above, the key issue is that for some reason, the CSRF is not persisting between clicks. I did see a session row with an ID of 0 which might possibly confuse things. I removed it. Side note, your site is getting hit pretty hard by a bot from AhrefsBot. Unsure if you are aware or not. Someone is spidering your site for SEO information.
bassangler Posted March 16, 2022 Author Posted March 16, 2022 I appreciate the detailed explanation Mark. While the iPhone hypothesis is plausible, I have been experiencing the same issue on desktop, and I don't even own an iPhone. However it seems to resolve if I log out and then back in again. I hope your code fix solves the issue. Stay tuned....
bassangler Posted March 18, 2022 Author Posted March 18, 2022 Unfortunately, the problem persists. I asked members that are experiencing the issue to check the link you provided, and all but two said they're using something other than iPhone. However one iPhone user confirmed he is using the private relay, the other iPhone user said he is not.
Marc Posted March 18, 2022 Posted March 18, 2022 Given you also have another ticket there related to uploads, I very much suspect that this is an issue server side here. Did you check with your hosting as suggested?
bassangler Posted March 18, 2022 Author Posted March 18, 2022 Host provider said it's a problem with the script, and they closed my ticket.
Marc Posted March 18, 2022 Posted March 18, 2022 You appeat to have 2 issues here. Both of which point in the direction of hosting unfortunately. As mentioned on your other topic, you would be best to contact them again, ensuring you provide the information mentioned by my colleague https://invisioncommunity.com/forums/topic/466182-upload_failure/?do=findComment&comment=2885728
bassangler Posted March 19, 2022 Author Posted March 19, 2022 (edited) Again, they blame the code. Server admins feel their server is never at fault, and coders feel their code is perfect. Meanwhile, the problem never gets solved while they point fingers at each other. It's maddening. Edited March 19, 2022 by bassangler
Marc Posted March 21, 2022 Posted March 21, 2022 While I completely understand your frustration, its always best to step back and take a look at the facts here. The reality is, you have 2 issues on your site. Both of these point toward there being an issue with the saving of information. We have thousands of people all using exactly the same software you are using yourself there, without any issues. I Would very much like to assist you here, but the reality is, we cannot provide assistance with your hosting.
bassangler Posted March 22, 2022 Author Posted March 22, 2022 Checked again, and then double-checked with a friend of mine that knows servers better than I. Aside from OPcache, there is no server-side caching that I hadn't already disabled. So re-enabled them because clearly it makes zero difference. Host provider says they have thousands of clients running the same server config without any issues, so it must be the script.
Marc Posted March 22, 2022 Posted March 22, 2022 Please also disable opcache and try it. Opcache may well be what is causing you issues. Other than that, there really is little else we are able to assist with unfortunately.
Recommended Posts