Jump to content

Recommended Posts

Posted (edited)

I have the same problem, and it's prolific. Many, many users are complaining about it.  Clearing cache and cookies doesn't work, nor does resetting passwords.

I have a dedicated server and a CDN.  I cleared and disabled cache on both to no avail.

I have this in my htaccess file:

ExpiresActive On
ExpiresDefault A0
<FilesMatch "\.(jpg|jpeg|png|gif|js|icon|swf|flv|css|ico|mp4)$">
 ExpiresDefault A2721600
 FileETag All
 Header append Cache-Control "max-age=2721600, public, proxy-revalidate"
</FilesMatch>

<FilesMatch "\.(html|htm)$">
Header append Cache-Control "max-age=300, public, proxy-revalidate"
</FilesMatch>

 

Not sure if that's causing the issue.  Thoughts?

 

 

Edited by bassangler
Posted
1 hour ago, bassangler said:

<FilesMatch "\.(html|htm)$">
Header append Cache-Control "max-age=300, public, proxy-revalidate"
</FilesMatch>

This should be caching only html/htm files but I would remove this to test.

Posted (edited)

Appreciate the suggestion.  I tried it right after you posted. 4 hours later and my error logfile is filled with the same error created during the past 4 hours.  So, that didn't work.

I'm running 4.6.11 too.  I thought the new cookie cache function would solve the problem.  It did not.

I'm at a loss.  Seems disabling all cache has zero impact. I must be missing something, or it's not a cache issue.

Edited by bassangler
Posted

Nope, I do NOT have varnish cache.

I meant that I have the same symptoms as the OP, but it's widespread across all users, including myself.  Doesn't matter what browser or device they're using.  Same user will have the same issue across desktop and mobile.

Even with all cache disabled, and directives removed from htaccess, the issue persists.  It's a real head-scratcher that's extremely annoying, and costing me members.

 

Posted

Please could you start a new topic, and provide all information including users and exact messages (note there is a code on the error page). I am not seeing anything related in your system logs

Posted

When you're looking at my error logs, just search by the word "Wrong", and you'll see them.

I don't want to post by error logs, since they show sensitive information.

Posted (edited)

Nope, you won't either.  It's virtually impossible to replicate.  It's very much hit-and-miss and sporadic  But the frequency of this error is insane.

image.thumb.png.137f902d96c81c6eb1e297a3cce638cf.png

 

Edited by bassangler
Posted

Please contact your hosting company to double check and see if you have any caching at all on the server side. This is very likely what is causing issues, and if thats the case we could be chasing down an issue we will never find

Posted

I'll check.  Meanwhile, why would IP be incompatible with something as commonplace as cache?  I mean, who doesn't use cache?  Seems disabling it is a hack.

What is the real solution?

  • Management
Posted

That error code is caused by the CSRF key in the link or source being different from the one it is checked against in the code.

The most likely cause is sessions being wiped out constantly.

So the page loads, and you are issued a session ID, and the CSRF key is generated with this ID as part of the key. This key ends up in links like "do=add&csrf=<keyhere>"

When you click a link or perform an action that sends a POST request, this CSRF key is checked against the one generated by the current session.

If the session does not persist or is removed at the time the page is loaded, it will not match.

It's obviously something that should only happen in incredibly rare circumstances. I will take a quick look at your site.

  • Management
Posted

I've had a look and can't see anything really out of the ordinary.

The common theme seems to be that those affected are using an iPhone to browse the community.

It's a long shot, but worth checking to see if they have private relay enabled or not (https://support.apple.com/en-us/HT212614)

As mentioned above, the key issue is that for some reason, the CSRF is not persisting between clicks.

I did see a session row with an ID of 0 which might possibly confuse things. I removed it.

Side note, your site is getting hit pretty hard by a bot from AhrefsBot. Unsure if you are aware or not. Someone is spidering your site for SEO information.

Posted

I appreciate the detailed explanation Mark.  While the iPhone hypothesis is plausible, I have been experiencing the same issue on desktop, and I don't even own an iPhone.  However it seems to resolve if I log out and then back in again.

I hope your code fix solves the issue.  Stay tuned....

Posted

Unfortunately, the problem persists.  I asked members that are experiencing the issue to check the link you provided, and all but two said they're using something other than iPhone.  However one iPhone user confirmed he is using the private relay, the other iPhone user said he is not.

 

Posted

Given you also have another ticket there related to uploads, I very much suspect that this is an issue server side here. Did you check with your hosting as suggested?

Posted (edited)

Again, they blame the code.

Server admins feel their server is never at fault, and coders feel their code is perfect.  Meanwhile, the problem never gets solved while they point fingers at each other.

It's maddening.

Edited by bassangler
Posted

While I completely understand your frustration, its always best to step back and take a look at the facts here. The reality is, you have 2 issues on your site. Both of these point toward there being an issue with the saving of information. We have thousands of people all using exactly the same software you are using yourself there, without any issues. 

I Would very much like to assist you here, but the reality is, we cannot provide assistance with your hosting.

Posted

Checked again, and then double-checked with a friend of mine that knows servers better than I.  Aside from OPcache, there is no server-side caching that I hadn't already disabled.  So re-enabled them because clearly it makes zero difference.

Host provider says they have thousands of clients running the same server config without any issues, so it must be the script.

 

Posted

Please also disable opcache and try it. Opcache may well be what is causing you issues. Other than that, there really is little else we are able to assist with unfortunately.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...