You are not logged in.
Hello,
I have problem that I cant fix for days, the problem occurs on changing IP address of the server (GLPI v.9.5.4) and I cant login anymore with any account.
The message that occurs is "The action you have requested is not allowed."
From what I had read here in the forum, it seems that it has some relation with CSRF security.
I already tried to disable GLPI_USE_CSRF_CHECK by setting it to 0 in based_config.php, the only think that happens is that I don`t receive "The action you have requested is not allowed.", but I still cant login, only difference is that login page reloads and on address bar the URL have added value "?error=1".
If I change IP address back everything works fine.
Please help me solve that problem, or point me to some direction.
Thank you!
Offline
Hi,
Just to say what was the problem, I disabled session.cookie_* settings in php.ini and now its all fine.
Offline
Thanks for the update :-)
Offline
Great you got it work. Could you please add your title with a [SOLVED]. Thanks
Offline
Hello my friend, I use GLPI 9.4.3. and after migration (after log in) I have the same error: "The action you have requested is not allowed." In the logs I do not see errors and I do not know how to fix it. I tried your solution:
I already tried to disable GLPI_USE_CSRF_CHECK by setting it to 0 in based_config.php
In the based_config.php I do not see GLPI_USE_CSRF_CHECK feature.
Just to say what was the problem, I disabled session.cookie_* settings in php.ini and now its all fine.
In the php.ini session.cookie are disabled by default:
session.cookie_domain no value no value
session.cookie_httponly no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_samesite no value no value
session.cookie_secure 0 0
What can I check?
Offline
Hi,
what happens wen you comment out all the session.cookie lines in the php.ini?
regards
Offline