Post by nikos155 » Mon Dec 02, 2019 6:00 pm

The problem is that we are two users, one with admin prioviledges and one as a simple user, and we CAN'T logged in at the same time. So we can't both work at the same time to add new products on our site.

What are we doing wrong? Can we both of us working at the same time to add products on the site?

We are working from different computers with differents browsers, with the same internet IP.

Please heeeelp!!!!!

Newbie

Posts

Joined
Wed Jan 16, 2013 4:52 am

Post by paulfeakins » Mon Dec 02, 2019 8:14 pm

nikos155 wrote:
Mon Dec 02, 2019 6:00 pm
Can we both of us working at the same time to add products on the site?
Yes you should be able to. I don't know what the problem is though.

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Expert Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom

Post by nikos155 » Mon Dec 02, 2019 9:34 pm

When one user log in the system automatically log out the second user.. Do you anyone know what we can do, because we are a business here and 2-3 persons want to work simultaneously and they can't.

It is really a huge problem for us :/

Newbie

Posts

Joined
Wed Jan 16, 2013 4:52 am

Post by paulfeakins » Mon Dec 02, 2019 10:14 pm

nikos155 wrote:
Mon Dec 02, 2019 9:34 pm
It is really a huge problem for us :/
Unless another developer can reply here with an answer you might need to post a paid job in the Commercial Support Forum and pay a developer like ourselves.

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Expert Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom

Post by letxobnav » Tue Dec 03, 2019 4:27 am

admin extensions?

Logged in or out is based on user token, not ip address and it does not matter what user group you are assigned to as that is only relevant for the module (admin sections) authorizations etc.

The user token is stored in your session and passed along from page to page in the GET variables, those two have to be present and match at all times or you will be logged out.
As sessions are browser based you can actually be logged in twice as the very same user on the very same machine as long as you use different browsers.
So my quess is you either have a session/cookie issue or a user token issue or both.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Active Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by nikos155 » Tue Dec 03, 2019 2:06 pm

Thanks for your reply!! I really appreciate it! I have some admin modules active in my site like Admin Full Category Selection, Admin Quick Edit PRO, Admin-Product-Minifier-OCMOD, Como Admin extensions filters and sort, and Admin Product Category Filter but the last one is disabled.

I am totally lost and don't know how i can solve it. It is soo important for us because we need a lot of person to work simultaneously.

Maybe i have to disable the admin extensions one by one to see if something will change?

Newbie

Posts

Joined
Wed Jan 16, 2013 4:52 am

Post by letxobnav » Tue Dec 03, 2019 5:20 pm

well you could do trial and error with the extensions or put some traces in there.
First of all, do you see a message "invalid token session. Please login again." when you are logged out or no message at all?

for tracing you could make some changes in admin/controller/common/login.php

replace

Code: Select all

		if ($this->user->isLogged() && isset($this->request->get['user_token']) && ($this->request->get['user_token'] == $this->session->data['user_token'])) {
			$this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true));
		}

with

Code: Select all

		if ($this->user->isLogged() && isset($this->request->get['user_token']) && ($this->request->get['user_token'] == $this->session->data['user_token'])) {
			$this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true));
		} else {
			// added for login trace start
			$this->log->write('admin re-login required');
			if ($this->user->isLogged()) $this->log->write('User logged in');
			$this->log->write('GV user token: '.(isset($this->request->get['user_token']) ? $this->request->get['user_token'] : ''));
			$this->log->write('SV user token: '.(isset($this->session->data['user_token']) ? $this->session->data['user_token'] : ''));
			// added for login trace end
		}


replace

Code: Select all

		if ((isset($this->session->data['user_token']) && !isset($this->request->get['user_token'])) || ((isset($this->request->get['user_token']) && (isset($this->session->data['user_token']) && ($this->request->get['user_token'] != $this->session->data['user_token']))))) {
			$this->error['warning'] = $this->language->get('error_token');
		}

with

Code: Select all

		if ((isset($this->session->data['user_token']) && !isset($this->request->get['user_token'])) || ((isset($this->request->get['user_token']) && (isset($this->session->data['user_token']) && ($this->request->get['user_token'] != $this->session->data['user_token']))))) {
			$this->error['warning'] = $this->language->get('error_token');
			// added for login trace start
			$this->log->write('admin user token error');
			$this->log->write('GV user token: '.(isset($this->request->get['user_token']) ? $this->request->get['user_token'] : ''));
			$this->log->write('SV user token: '.(isset($this->session->data['user_token']) ? $this->session->data['user_token'] : ''));
			// added for login trace end
		}


That will write entries into your OC error log whenever a login is required and what the GET variable user token (GV) and the session user token (SV) are.
Remember, they both need to exist and match.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Active Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by nikos155 » Wed Dec 04, 2019 11:21 pm

Yew this is exactly the message it says "invalid token session. Please login again"

I am going to add the changes and write again here.

Thanks a lot, you are very useful and kind!!!!

Newbie

Posts

Joined
Wed Jan 16, 2013 4:52 am

Post by letxobnav » Thu Dec 05, 2019 5:43 am

Then it is either the GET variable user_token (in the url query) which is missing or does not match the variable user_token stored in your session.
Could be that one of your extensions forgot that that variable needs to be added from the session to the GET variables on all admin urls or the extension was written for version 2 where that variable is called token, someone thought it necessary to change that name in V3.

If you would get no error message but just the login screen, then your session is lost or simply expired and the system assumes you are a new user just like you would start to use admin from scratch.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Active Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by nikos155 » Thu Dec 05, 2019 3:35 pm

Thanks a lot, i just did what you said me and the errors logs appears like you suggest :) Here are they:

2019-12-05 7:31:07 - admin re-login required
2019-12-05 7:31:07 - User logged in
2019-12-05 7:31:07 - GV user token:
2019-12-05 7:31:07 - SV user token: fd7b9cr7iWERPUWXOoksTj6WL343QUEp
2019-12-05 7:31:12 - admin re-login required
2019-12-05 7:31:12 - User logged in
2019-12-05 7:31:12 - GV user token: fd7b9cr7iWERPUWXOoksTj6WL343QUEp
2019-12-05 7:31:12 - SV user token: hCIuWsCgzQcbC0uHs6WavzmqzFOfFinU
2019-12-05 7:31:12 - admin user token error
2019-12-05 7:31:12 - GV user token: fd7b9cr7iWERPUWXOoksTj6WL343QUEp
2019-12-05 7:31:12 - SV user token: hCIuWsCgzQcbC0uHs6WavzmqzFOfFinU
2019-12-05 7:31:18 - admin re-login required
2019-12-05 7:31:18 - User logged in
2019-12-05 7:31:18 - GV user token:
2019-12-05 7:31:18 - SV user token: hCIuWsCgzQcbC0uHs6WavzmqzFOfFinU

Newbie

Posts

Joined
Wed Jan 16, 2013 4:52 am

Post by nikos155 » Fri Dec 06, 2019 3:51 am

I also delete ALL the extensions from the site but still the log out exists..

Newbie

Posts

Joined
Wed Jan 16, 2013 4:52 am

Post by sw!tch » Fri Dec 06, 2019 4:32 am

nikos155 wrote:
Thu Dec 05, 2019 3:35 pm
Thanks a lot, i just did what you said me and the errors logs appears like you suggest :) Here are they:
Strange.. well definitely becoming mismatched.

  • Was this a fresh install of OC or did you upgrade from a previous version?
  • Whats your PHP version?
My guess is your PHP setup, maybe session_cookie_lifetime or missing primary key on the session table, who knows..

Might just want to try and setup a fresh install on a sub-domain or something and see if can replicate on that.

Active Member

Posts

Joined
Sat Apr 28, 2012 2:32 pm

Post by letxobnav » Fri Dec 06, 2019 4:41 am

expand the replaced trace sections with:

first one:

Code: Select all

		if ($this->user->isLogged() && isset($this->request->get['user_token']) && ($this->request->get['user_token'] == $this->session->data['user_token'])) {
			$this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true));
		} else {
			// added for login trace start
			$this->log->write('admin re-login required');
			if ($this->user->isLogged()) {
				$this->log->write('User logged in');
				$this->log->write('User: '.$this->user->getUserName());
			}
			$this->log->write('Session: '.$this->session->getId());
			$this->log->write('GV user token: '.(isset($this->request->get['user_token']) ? $this->request->get['user_token'] : ''));
			$this->log->write('SV user token: '.(isset($this->session->data['user_token']) ? $this->session->data['user_token'] : ''));
			// added for login trace end
		}



second:

Code: Select all

		if ((isset($this->session->data['user_token']) && !isset($this->request->get['user_token'])) || ((isset($this->request->get['user_token']) && (isset($this->session->data['user_token']) && ($this->request->get['user_token'] != $this->session->data['user_token']))))) {
			$this->error['warning'] = $this->language->get('error_token');
			// added for login trace start
			$this->log->write('admin user token error');
			$this->log->write('User: '.$this->user->getUserName());
			$this->log->write('Session: '.$this->session->getId());
			$this->log->write('GV user token: '.(isset($this->request->get['user_token']) ? $this->request->get['user_token'] : ''));
			$this->log->write('SV user token: '.(isset($this->session->data['user_token']) ? $this->session->data['user_token'] : ''));
			// added for login trace end
		}


So you can also see which user it involves and which session id is referenced.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Active Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by nikos155 » Fri Dec 06, 2019 2:08 pm

It going to crazy me. I did a lot of research yesterday when i am log in with a different browser from a different computer everything seems correct.
The problem exist when i am trying to log in with the same Chrome, or chromium browser on linux, no matter from what computer i will try, from my laptop, from another desktop, it disconnecting all the other users that are logged in with chrome browesers on other computers.

Newbie

Posts

Joined
Wed Jan 16, 2013 4:52 am

Post by labeshops » Fri Dec 06, 2019 9:21 pm

I have a viritual assistant that is logged in on opencart same time I am with no issues, though she is in another town.

Only thing I can think of is are you using the same chrome account on all computers? Chrome auto-syncs what you do via its account feature so you can move from pc to phone and back using chrome and it remembers what you were doing. Perhaps it is trying to sync the two computers since you say you are on the same internet connection and it is messing up the session id? Try creating a second chrome account for the other person and see if it triggers it when you are logged in on different chrome accounts.

Running Opencart v2.2 with multi-stores from https://www.labeshops.com which has links to all my stores.

Image


User avatar
Expert Member

Posts

Joined
Thu Aug 04, 2011 4:41 am
Location - Florida, USA
Who is online

Users browsing this forum: No registered users and 27 guests