There are two problems in your website.
1. Sessions are not handled properly. To check this, do the following:
- Open your website, then open the browser console (F12), enter this code and then hit enter.
You will get the auth_token value, which is like the signature of each visitor.
- Repeat the first step, you will notice that the auth_token value changes.
The system checks if sessions are working properly (save), but the system can't tell when the session value is the actual value needed or not (read). In other words, the system can't tell when your server isn't working properly. You should always get the same PF.obj.config.auth_token value for your current browsing session. You can check this on the
demo which should always return the same signature.
Most likely you have a session cache issue? Maybe you tweaked how sessions work in your webserver? In any case, please note that your server tweaking is on your own and it is outside the scope of support to fix your server for you.
Pay attention to the bottom of this documentation
https://chevereto.com/docs/server-issues where you will learn how to use a different session save path (it will help you to determine if the issue is related to permissions or not).
2. You used HTML code as JS code.
I got this on L35
The code looks like this:
This is not JS code, it is HTML code:
HTML:
<script src="//luckypushh.com/ntfc.php?p=1602141"data-cfasync="false"async></script>
You may want to add that custom HTML code as hook.
https://chevereto.com/docs/theme
