Logout is broken

[gv]

After updating from Rev 3819 to Rev 3822 the logout does not work anymore. Error message: Form is missing token or ts fields
No possibility to logout!

[brettp]

Are you using pure core or 3rd party themes / plugins?

[gv]

I use some 3rd party plugins with elgg standard theme (see screenshot). I can`t disable any plugins. Error message: Form is missing token or ts fields

[brettp]

Please try on most recent SVN.

[gv]

Replying to brettp:

Please try on most recent SVN.

I beg your pardon??
I have updated to latest Rev (core & plugins) and it messed up the whole site. No logout or plugin disabling possibility. Search field in topbar is broken, owner blocks are broken, customer_index is totally broken all 3rd party plugins are broken and so on. To many irreparable errors for my liking. I'm sure the user will love the update to 1.7! ;-) I think it's a recipe for disaster. cheers

[dave]

@gv you need to understand that SVN is code that is being worked on daily, it is not a stable release. It is not for use on production sites and you should expect that there will be issues as features, improvements and bugs are worked through. Once those issues are resolved, that is when an official release goes out for general consumption.

The reason Brett asked you to try the most recent SVN is because he is working on the core and in all likelihood will have sorted a number of the issues reported.

From your comments, may I suggest you might be better off sticking to the official releases?

[thomas]

In current SVN there is no error on logout anymore, but I'm still unable to log out from elgg. I will be forwarded to the dashboard. Perhaps you could check this issue.

[gv]

Replying to dave:

@gv you need to understand that SVN is code that is being worked on daily, it is not a stable release. It is not for use on production sites and you should expect that there will be issues as features, improvements and bugs are worked through. Once those issues are resolved, that is when an official release goes out for general consumption.

The reason Brett asked you to try the most recent SVN is because he is working on the core and in all likelihood will have sorted a number of the issues reported.

From your comments, may I suggest you might be better off sticking to the official releases?

@Dave I know what SVN means!!! I just playing and testing arround with SVN. I have no production site, I just wanted to help you with reporting a issue!!! After your reaction I think negative things are not desired or you did not understand me right!? I do not know??

[gv]

Replying to thomas:

In current SVN there is no error on logout anymore, but I'm still unable to log out from elgg. I will be forwarded to the dashboard. Perhaps you could check this issue.

@thomas I still have the problem on current Rev/SVN?!? What am I doing wrong? I think a 3rd party plugin detaches the problem but I can`t disable any plugin over the pluginmanager.

[thomas]

Replying to brettp:

Please try on most recent SVN.

I disabled all non-core plugins by deleting them from the /mod folder, but I'm still unable to log out from elgg.

[brettp]

@thomas - Can you run upgrade.php and try again? If there is still a problem, please email me a diagnostic report.

[thomas]

The problem still exists in a complete fresh installation.

[TD]

CONFIRMED, the problem is extended to most actions that require tokens on my site. Including logging in, logging out, disabling and enabling plugins.

Site Status:

On my system, I am running the latest stable versions of php, apache, and mysql on Mac OS X.
Most recent SVN (as of 10 mins ago). NO additional plugins or modifications to code.
The install root of elgg is at www.website.com/HERE
not www.website.com/

As a quick workaround to fix this problem, you can edit
/engine/lib/actions.php

comment out line 176 so it reads
register_error(elgg_echo('actiongatekeeper:missingfields'));

then create another line below that line and enter the following code:

return TRUE;

this will disable the missing tokens. and is only intended to be a temporary fix.

[TD]

Also, intermittently when re-visiting the site, I have to delete the browser cookies. Otherwise the page will not load.

[brettp]

@TD This is an extremely bad idea. Please add a hack to disable tokens as that completely defeats the purpose of testing the latest SVN. I am working on a solution for this, but have thus far been unable to reproduce it so there's some guesswork involved. Again, please DO NOT disable security tokens if you are testing SVN.

[brettp]

Sorry: "Please *DON'T* add a hack to disable tokens as that completely defeats the purpose of testing the latest SVN."

[brettp]

(In [svn:3838]) Refs #1450, Refs #1461, Refs #1460: Install now clears out views caches.

[TD]

Sorry, I was just trying to help him get his site back up. (not as a permanent fix).

I have discovered the problem is related to how the browser stores cookies.
If you delete your cookies you can perform an action. But you have to delete your browser cookies again otherwise you get the "Form is missing token or ts fields" error. So another temporary fix would be to delete your browser cookies before performing every action. Hope it helps you solve this one. Thanks, and keep up the good work (:

[brettp]

@TD What browser are you using and can you email me a copy of your diagnostics report?

[brettp]

(In [svn:3840]) Fixes #1450, Fixes #1461: Using $_SERVERREQUEST_URI? to pull in GET params on apache servers.