I keep getting this message:
"Form session reuse detected. Please do not use "Back" to submit this form from browser history - it will not be accepted.
Sorry, unrecognized username or password."

My password is correct and I'm not sure what "session reuse" means since I only clicked on the login url once. I also tried logging in with another account and I got the same message. I tried two different browsers too and I got the same message.

CommentFileSizeAuthor
#10 fancy_login.js#1434162.patch3.27 KBiva2k
#4 login.jpg44.32 KBfehin

Comments

iva2k’s picture

Status: Active » Postponed (maintainer needs more info)

Please post more details:

  • I assume you are the admin of the website, is that correct?
  • OS, Browser type and version?
  • Drupal distribution and version (plain Drupal or pre-packaged)?
  • Installation history (just installed Botcha, or it stopped working after a while, or any other modules recently added)?
  • Relevant items from dblog (set botcha log level at highest)
  • Does the problem remain with latest -dev release of Botcha?
  • Does the problem remain if you clear all browser's caches?
  • Does the problem remain if you turn off form auto-fill in the browser?
fehin’s picture

I noticed that when I go directly to https://www.mysite.com/user/login, I'm able to login but when I use the login link which uses fancy login module (http://drupal.org/project/fancy_login), I get the message. Fancy login keeps you on the same page after you login using a url like this https://www.mysite.com/user/login?destination=catalog/1006 while the regular login url (https://www.mysite.com/user/login) takes one to account page. When I use the login link, it takes me to the https://www.mysite.com/user/login screen but displays the url https://www.mysite.com/user/login?destination=catalog/1006 or any page I was on and then display the error message. Even on this page, I'm still not able to login unless I remove ?destination=catalog/1006 from the url.

So I'm assuming this module doesn't mesh well with fancy login module. This problem doesn't occur all the time but when it does almost impossible to login unless you know the direct url to the login page or request a new password. My concern is my users won't know what to do.

iva2k’s picture

Title: Can't login » Can't login when fancy_login module is used
Status: Postponed (maintainer needs more info) » Active

Thanks for the info - it is very helpful.
Quick fix is to remove login form from Botcha.
Botcha is very efficient during registration, and further protection on login form is only an added layer if protection from small amount of spammers who do manual registration, but then send bots to login and spam.

fehin’s picture

Title: Can't login when fancy_login module is used » Can't login
Status: Active » Postponed (maintainer needs more info)
StatusFileSize
new44.32 KB

I have attached an image to show that even on the login page, with ?destination=catalog/1006 attached to it, I'm not able to login. It worked only if I directly visit https://www.mysite.com/user/login.

fehin’s picture

Title: Can't login » Can't login when fancy_login module is used

Thanks for the tip. I thought of doing that earlier but the options were user_login and user_login_block. I thought since I was using a link, it didn't apply to me. I removed from user_login and it works now.

fehin’s picture

Status: Postponed (maintainer needs more info) » Closed (fixed)
iva2k’s picture

Status: Closed (fixed) » Active

I still want to take a look at what conflict fancy_login module creates and possibly improve Botcha.

iva2k’s picture

Title: Can't login when fancy_login module is used » Can't login when fancy_login module is used with BOTCHA
Project: BOTCHA Spam Prevention » Fancy Login
Status: Active » Needs review
Issue tags: +botcha

I investigated what is going on, and found the source of the problem in fancy_login/scripts/fancy_login.js.

In a nutshell, fancy_login.js, when displaying the login dialog popup, replaces the form action attribute and discards all query values added by BOTCHA. It breaks BOTCHA functionality which exhibits as the posted error.

There is nothing that can be done in BOTCHA to fix that. But fortunately there is very simple patch for fancy_login.js, which I included here. It essentially merges all query elements already present in the form action attribute into the new action URI that is generated from the link. It works nicely with BOTCHA and have no effect without BOTCHA.

Moving to fancy_login.module queue for attention of community - please review and post your RTBC for the maintainer to commit.

I suspect it will also fix same problem that probably exists in 7.x-1 branch.

iva2k’s picture

Issue tags: +compatibility issues

updating tags

iva2k’s picture

StatusFileSize
new3.27 KB

Patch escaped from the post #8. Here it is.

jaypan’s picture

Issue summary: View changes
Status: Needs review » Fixed

Thank you for the patch. However, I've decided to drop support of Version 6.x-1.x in favor of version 6.x-2.x which is a backport of version 7.x-3.x.

The method I've used for setting up the module should integrate better with other modules, so this issue should have been fixed. Please upgrade and test again. If the issue is not fixed, please re-open and set the version to 6.x-2.x.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.