login problem

[coodemaster]

Hi;

i need help.
can not login my admin panel.
can not create new singup.

Request denied
You either don't have permission to access this page or the link has expired.

http://www.kodadi.red/img
http://kodadi.red/img

 

[Rodolfo]

Make sure the server is handling sessions properly. Chevereto uses a CSRF protection that uses that.

 

[coodemaster]

I'm using plesk for linux.
How to fix CSRF protection on plesk?

 

[Rodolfo]

I never said that you need to disable the protection. I said that you need to check if sessions are working properly, most likely there is an issue with the session save path.

 

[coodemaster]

I checked. Working properly
What was wrong ?

 

[Rodolfo]

I checked. Working properly
What was wrong ?

I don't know I never got access to your server.

 

[coodemaster]

my server details send you and helping me please

 

[Rodolfo]

I'm afraid that you will need to ask your hosting company about it. Chevereto uses server sessions to store an auth_token value, this value must match with the one printed in the forms. By doing this the system checks that the request comes from your website (prevents CSRF).

The problem is that in your website every new load is refreshing this auth_token value, which means that PHP isn't storing that session data so Chevereto can't check properly the auth_token value.

Chevereto Tech support doesn't cover server issues or server misconfigurations, however, I've told you what is the issue so you shouldn't have issues to get this fixed with your server administrator. Just tell him to fix the permissions in the session save path.

 

[Rodolfo]

An update on this, I've noticed that some cache system may cause conflicts with session data. Try to check if you have memcache or anything similar is affecting session storage.