[SOLVED] Opencart keeps logging me out | Invalid Token Session

ribalnet wrote: ↑

Tue May 25, 2021 4:58 pm

Hello. I tested the OC Demo in my home with my Internet and it keeps happening. I dont know if you guys are understanding my point, but its like, I need +2 tabs opened in opencart, because I need it to add products and it will be easier for me of course. But everytime I try to have +2 open tabs I went down ...

public function index() {

		if (!empty($this->session->data['user_token'])) {
			$this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true));
		}

by mona wrote: ↑

Tue May 25, 2021 11:42 pm

ribalnet wrote: ↑

Tue May 25, 2021 4:58 pm

Hello. I tested the OC Demo in my home with my Internet and it keeps happening. I dont know if you guys are understanding my point, but its like, I need +2 tabs opened in opencart, because I need it to add products and it will be easier for me of course. But everytime I try to have +2 open tabs I went down ...

This is because the user_token is propagated via a get variable and checked against the one stored in the session.
If you open two or more admin sessions in different tabs, your next tab will not have a get variable user_token and as such you will get that message.

You need to make sure the token is the same in both tabs in the address bar.
Then you won't even need to sign in and share the user_token between two tabs and all is fine.

You could also alter admin/controller/common/login.php

after:

Code: Select all

public function index() {

add:

Code: Select all

		if (!empty($this->session->data['user_token'])) {
			$this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true));
		}

Then you are automatically signed in on any other tab once you have signed in on the first.
Signing out on one tab signs out all tabs.


scenario:

tab1
1) go to admin and you will get the login page, no message as there is no user_token in the session yet
2) login, user_token A is set in the session and added to all urls as a get variable (check the browser address bar)

tab2
1) go to admin and you will get the login page with a message that the session token is not valid.
This is because you have a user_token A in your session but no user_token get variable in the url (they do not match)
2) login, you get a new user_token B which is stored in the session and added to the urls

tab1
1) click any link and you go to the login page again with the session token error message as your user_token in the session is now B while the user_token in the url is still A (they no longer match)
In other words, you are sharing the session and therefore the user_token in the session but you are not sharing the get variable user_token across tabs.
etc. etc. etc.

So if you make sure that you are also sharing the get variable user_token across your tabs, you can have as many admin tabs as you like.

by mona wrote: ↑

Tue May 25, 2021 11:42 pm

ribalnet wrote: ↑

Tue May 25, 2021 4:58 pm

Hello. I tested the OC Demo in my home with my Internet and it keeps happening. I dont know if you guys are understanding my point, but its like, I need +2 tabs opened in opencart, because I need it to add products and it will be easier for me of course. But everytime I try to have +2 open tabs I went down ...

This is because the user_token is propagated via a get variable and checked against the one stored in the session.
If you open two or more admin sessions in different tabs, your next tab will not have a get variable user_token and as such you will get that message.

You need to make sure the token is the same in both tabs in the address bar.
Then you won't even need to sign in and share the user_token between two tabs and all is fine.

You could also alter admin/controller/common/login.php

after:

Code: Select all

public function index() {

add:

Code: Select all

		if (!empty($this->session->data['user_token'])) {
			$this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true));
		}

Then you are automatically signed in on any other tab once you have signed in on the first.
Signing out on one tab signs out all tabs.


scenario:

tab1
1) go to admin and you will get the login page, no message as there is no user_token in the session yet
2) login, user_token A is set in the session and added to all urls as a get variable (check the browser address bar)

tab2
1) go to admin and you will get the login page with a message that the session token is not valid.
This is because you have a user_token A in your session but no user_token get variable in the url (they do not match)
2) login, you get a new user_token B which is stored in the session and added to the urls

tab1
1) click any link and you go to the login page again with the session token error message as your user_token in the session is now B while the user_token in the url is still A (they no longer match)
In other words, you are sharing the session and therefore the user_token in the session but you are not sharing the get variable user_token across tabs.
etc. etc. etc.

So if you make sure that you are also sharing the get variable user_token across your tabs, you can have as many admin tabs as you like.