• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.

request denied when logging out and other issues

Status
Not open for further replies.
Jailer

Jailer

Chevereto Member
Website URL
<private>

Chevereto version
3.10.4

Description of the issue
I can't seem to log out without getting the "Request denied you do not have permission to access this page or the link has expired" error.

I also seem have issues opening my albums. When clicking Images link in the header I get a page of the most recent images but can't view any others. When I click the next arrow at the bottom of the screen it just reloads the same page. When I click on an album it's the same thing, it only displays the most recent images and won't load any more with the "spinning icon" at the footer of the page.

I've tried enabling debugging level 3 and I don't get any errors displayed with these behaviors. The server logs don't show any errors either.

I'm running a self hosted site on FreeBSD and nginx as the web server. I've tried the rules listed in the Chevereto install folder and all I get with that is the nginx landing page and the site won't load.

Is this something you can help me with or does this just sound like a misconfiguration issue that I'm going to have to figure out on my own?
 
I don't have caching enabled as it caused issues with the forum I host. I'm behind a nginx reverse proxy as well if that matters.
 
In that case, I will try to indicate what could go wrong since it seems not feasible to look it on my own.

1. A request denied error when logging out or listing content is frequently related to how sessions are working in your webserver. Check if session permissions are good, obviously don't cache session variables and make sure that PHP has access to the general-purpose folders like /tmp, /session, etc.

2. Cache can be applied in different "layers" and you should check if some cache is messing with sessions and/or session variables. Neither should be cached and Chevereto uses sessions to check CSRF so if sessions gets wiped or something, it will lose the check and it will yield an error.

3. Logs aren't bad-config aware and webserver settings that can conflict each other. You will find that is very hard to detect that stuff because it is supposed that when we touch that thing we know absolutely everything. I've worked on this long enough and I can barely remember just a few.
 
Last edited:
OK I'll keep plugging away at it and see if I can get it figured out. At least the plugin is still working for my forum members and that's the important part.
 
Can I do a duplicate install of my site offline for testing purposes (sandbox) or does the installer/site have to authenticate online?
 
You don't need to authenticate anything. Make sure that you use the same settings, issues like this are on the server settings.
 
OK test site is up and a vanilla installation works fine. Copy over just my nginx.conf from the live site and the problems show up so it's definitely a configuration issue.

I'll get it figured out, sorry to have bothered you.
 
If you want some piece of advice, try to always use a well-tested configuration file. This kind of issues happens when you use beta stuff or production env stuff. Happens all the time.
 
Thanks for the advice and you are absolutely correct. The fix was replacing everything in my server block between the server declaration and the php configuration with the rules from the nginx file in the Chevereto download folder. Works great now.
 
Status
Not open for further replies.
Back
Top