Logged out after clicking any link
noid - November 11, 2007 - 18:21
Hi guys,
Yesterday, I encountered a problem with my 4.7 site http://pinoyfilm.com/ which hasn't happened before. I, or any user for that matter, get logged out whenever a link is clicked. I have three other sites with similar installations (hosted on a reseller account), but they are okay. I tried updating to the newest version 4.7.8 -- just replaced the files which needed patching in 4.7.7, which are common.inc, comment.module, and upload.module -- but same result.
Do you think I have been hacked? Should I request my web host to revert to a previous version of the database? Any ideas or similar experiences?
Thanks in advance!
Additional info
Also, it doesn't seem to be a browser problem. I usually use Firefox, and I emptied the browser cache, to no avail. Used Opera, same result.
I also tried emptying the cache and sessions table. Also deleted spam bots which registered as users (though still have to check if I was able to delete them all). These measures didn't solve the problem.
clean URLs
try turning off clean urls
How do I do this? Tried but
How do I do this? Tried but can't, using the admin page. I assume I should change the clean_url field in the variable table from s:1:"1" to s:1:"0"?
A Try
Try changing your theme to a another and test if it still does it.
I had the garland theme running and one day out of the blue, I would click my links and it would send me to my home page...... kinda the same problem I had.
So if i use any other theme, my site works perfect.......
Actually, clicking a link
Actually, clicking a link would take me to the page where I'm supposed to go, but the only difference is that I'm logged out. At any rate, how do I do this in the variable table? The theme_default variable is now s:10:"bluemarine"; Should I just change this s:10:"marvin"; for example?
I had the same problem - the
I had the same problem - the only way is to re-login, or force refresh {ctrl +F5}
it's happening on FF2.0 for me
AsidrA Society | www.AsidrA.com
What modules are installed?
What modules are installed? Do you have modules or PHP setting for auto log-out? Or try to uninstall-install log-in related modules.
Work smarter, not harder!
jeff [at] digitalsolutions [dot] ph
Solution
Hi guys,
Your comments did leave me to the correct solution. I just had to upgrade to the latest version of 4.7. What I was doing until then was just write over the files that needed patching. When I compared the files that could be affected however, like user.module, I found out that this and other files were also being updated not just the files that needed patching. So to prevent this problem, you need to write over ALL the files.
Also, before uploading all the files, I observed that even if I changed the default theme field in the variable table of the database, and enabling the various themes in the system table, my site still kept choosing the bluemarine theme as default (thus logging me out) even if I changed the default theme (using the database) say to chameleon, leading me to believe that perhaps my site has been hacked? My files folder has a 777 permission, and perhaps this is where the site is vulnerable? Per instructions in INSTALL.txt, I included this in the .htaccess files of all my sites, since I found out that the code is not in all of the aforementioned .htaccess files:
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006Options None
<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>
Do you think that indeed, this was the problem (files using 777), and that this measure is enough? Or is there any other permission I can set the files folder?
At any rate, thanks for all your help! :)