I’m wrestling with an S install, and after I do the initial /admin form population – which certainly appears to work – when I then am redirected to the /login page I get the following error after entering information:
“CSRF: Invalid or missing CSRF token”
A similar case appears here, but with a slightly different (still CSRF related) error message and, as far as I can tell, my session.save_handler is set to files. I am not much of a web person, but I did manage to get the developer’s console to work in Firefox and there does not appear to be a cookie being set at all.
There’s no cookie? That would definitely account for the login not working.
My first guess would be that you have some interesting session setting for PHP somewhere. You looked at session.save_handler, can you show us all the session. settings for your server? A screenshot of the “session” section of phpinfo() would be one easy way.
Double-checking on the cookie front: when you just visit, but don’t fill in, the login page, and you check the console under Storage -> Cookies, there’s nothing listed? Omeka S will pretty much always try to assign you a session cookie, so you should have 1 cookie with a random-looking name listed there.
Those settings look normal, so I guess that’s not the issue.
You’re describing a pretty “normal” setup: I’m not aware of any typical issues or “gotchas” for the normal setup of Ubuntu that cause session storage issues. Are you aware of anything non-standard about your server setup?
That cookie you’re now seeing: if you reload the page, are you getting the same cookie (both the name and value should be remaining constant as you reload). If it changes every time, what’s probably happening is that the server isn’t able to save the session. You could also check your Apache (or PHP-FPM, if you’re using FPM rather than mod_php) logs to see if there’s any session-related errors being reported.
I tried both Firefox and Google Chrome, so yeah, I don’t think it’s a browser issue. I’ll poke around some and report back. Thanks so much for your help!
The only thing that would immediately come to mind related to that setup would be some issue with the proxy dropping the cookie in one direction or another, something along those lines.
