11
petkove
Re: "no valid security token found in session" when posting comments.
  • 2006/6/7 11:03

  • petkove

  • Just popping in

  • Posts: 35

  • Since: 2005/6/7 2


BUMP?!

12
toddherrold
Re: "no valid security token found in session" when posting comments.

petkove. . i was in the process of responding to your "invalid session" post and then I just got frustrated to have to even think about this. then, i saw your post to my thread basically about the same thing.

you are correct. it is SAD that no one cares about this issue. But, the truth is that this is one of many things that no one cares about really. There have been bigger fish to fry over the last year and this bug, while severerly damaging to xoops, only impacts a very small percentage of sites (ergo. . you are on your own).

Part of the reason for this is that the expertise in the area of security and tokens and sessions is limited to a few (unknown) XOOPS developers. they have never publicly acknowledged this bug, even after being reported as a core bug. I reported the error in December 2005 and it was never assigned to anyone. . as is the case with most bug reports:

http://sourceforge.net/tracker/index.php?func=detail&aid=1394483&group_id=41586&atid=430840

good luck.

my advice is to try to see if it impacts different browsers or, in my case, is related to opening new browser windows or using multiple browsers at the same time (i.e., fox and explorer). then advise your users accordingly on what to avoid.

13
petkove
Re: "no valid security token found in session" when posting comments.
  • 2006/6/8 5:20

  • petkove

  • Just popping in

  • Posts: 35

  • Since: 2005/6/7 2


hello?! but i'm always using tabs and new windows?
in old xoops, or the new one, depends how you take it - 2.0.* it works fine - and don't tell me that someone didn't change anything - it had to!

tnx for reply though!

14
Chris03
Re: "no valid security token found in session" when posting comments.
  • 2006/6/8 5:31

  • Chris03

  • Quite a regular

  • Posts: 372

  • Since: 2004/2/22


Well all do respect you are using a version "NOT RECOMENDED FOR PRODUCTION USE".....

Yah 2.0.x worked its "RECOMENDED FOR PRODUCTION USE"
KickassAMD

15
toddherrold
Re: "no valid security token found in session" when posting comments.

Ok, Chris03 - you obviously haven't been paying attention in your couple of years on this site. . I will spare you the details and try to minimize my rage at your idiot post, but you clearly do not realize that the "not for production sites" is a RECENT advisement due to the unstable nature of 2.2.x and came only months after xoops.org was promoting 2.2.x upgrades.

That NOT FOR PRODUCTION SITES should actually read:

"Our sincere apologies to the thousands of Xoopsers who upgraded to XOOPS 2.2.x over the several months we were promoting it. We should never have released a product as FINAL that was not properly tested, and we realize the damage doing so has done to XOOPS user websites and the XOOPS community. We hope you will continue to bear with us as we try to fix the most egregious bugs in 2.2.x and produce an upgrade path to a stable 2.4. Be advised, however, that we're not really focusing on creating a stable 2.2.x because so many of our developers have left over the last few years in disgust. Given this resource constraint we are focusing on building an upgrade path to a stable 2.4 instead. So, if you can, you should downgrade to 2.0.x, but we understand that this is impractical for many users. Again, our apologies for this. We're doing the best we can. For new users, 2.2.x is NOT FOR PRODUCTION SITES, use 2.0.x instead."

Petkove - Yes, a lot of things changed from 2.0.x to 2.2.x and those changes are certainly the cause in some way of the errors in 2.2.x. If you have the stomach to downgrade to 2.0, that is certainly the best way to go. However, this may be impractical for hundreds and perhaps thousands of us who run highly trafficked sites and cannot risk potential additional complications or errors introduced by downgrading.

If it's a new site or a recent upgrade, I would downgrade.

16
Chris03
Re: "no valid security token found in session" when posting comments.
  • 2006/6/8 18:25

  • Chris03

  • Quite a regular

  • Posts: 372

  • Since: 2004/2/22


ok so why would you trust something BRANDNEW for a "highly trafficked" site.....

It was also said that the 2.2.x series would have issues with 3rd party modules some themes etc etc....

The 2.0.x series has been around, all modules and templates work with it.... I just dont understand why you would put faith in something that JUST CAME OUT.

That is like BETA testing a copy of windows and getting pissed when it crashes alot...well yeah its BETA
KickassAMD

17
toddherrold
Re: "no valid security token found in session" when posting comments.

It's funny you should mention Microsoft. Your analogy is understood though you state it incorrectly. It would have been more apt if you said that using Microsoft FINAL is really like testing a BETA and so no complaints if it sucks. Everyone in the world now has enough experience with Microsoft to understand this.

I would be willing to say that XOOPS had a better image than Microsoft on this front PRIOR TO 2.2. Even still, I'm sure many had second thoughts about upgrading. I certainly did. Ironically, I upgraded specifically because there was a 3rd party module that had more features for 2.2 than on 2.0. Features my users were asking for. Features that work. I've had no problems with 3rd party modules on 2.2. I made sure my modules would work. My problems have been and continue to be in the core. I cannot downgrade without losing module functionality and pissing off my users. . at least, those who haven't left because of the bugs. Belive me, I would if I could.

You can rest assured that I won't be downloading 2.4 for at least 4-6 months after its release as FINAL.

You are right about one thing. It would be stupid to trust that a XOOPS FINAL is anything other than BETA.

18
Chris03
Re: "no valid security token found in session" when posting comments.
  • 2006/6/8 18:49

  • Chris03

  • Quite a regular

  • Posts: 372

  • Since: 2004/2/22


Give me you server information, and ill check into this error. As i fixed it for my sites.
KickassAMD

Login

Who's Online

324 user(s) are online (274 user(s) are browsing Support Forums)


Members: 0


Guests: 324


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits