This topic contains 2 replies, has 1 voice, and was last updated by  mttjohnson 1 year, 8 months ago.

  • Creator
  • #24415


    After a fresh local install (OroCRM 1.9 from archive) I went to the site to login for the first time and just keep getting redirected to the login page when submitting the login. There isn’t any error indicated when submitting the login.

    It posts data to /user/login-check but gets a 302 and redirected to

    I check for logs and am not finding any entries.

    I hooked up my IDE to debug the issue and found that orocrm/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php is executing attemptAuthentication() and throwing ‘Invalid CSRF token.’

    I also noticed that the logger is supposed to be logging this to orocrm/app/logs/prod.log but no log file is getting written there for some reason.

    Digging into the ‘Invalid CSRF token’ error I found that the login was sending over a CSRF token in the form submission, but it was failing to retrieve a CSRF token from the session storage to compare it against.

    In my parameters.yml file I have this set for the session_handler
    session_handler: session.handler.native_file

    The default path for session storage is orocrm/app/cache/sessions and I’m seeing files created in the path that match the cookie in my browser, but all the files are 0 bytes.
    -rw——-. 1 501 80 0 Apr 29 23:07 sess_1jp8t2dosb010ruuf8ee01lno6
    -rw——-. 1 501 80 0 Apr 30 23:47 sess_6uh478qgjrk0offu5a6sv50q75
    -rw——-. 1 501 80 0 Apr 30 23:48 sess_duko8tpdcs9nupf8ker0707gk0

    My server environment (CentOS 6, NginX, PHP-FPM PHP 5.6) is running inside a vm using vagrant to share my local files with the vm over an NFS mount.

    At this point I’m thinking that I might have some file permission issues because of the NFS mount. I find it odd though that the application can create the files, but not write to them after it creates them.

    Is there somewhere that define what permissions are set on files that could be causing it to be read/write only for the owner of the file and then preventing any additional writes?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Author
  • #24416


    I’d also like to complain about the forum here, as when I included all the contents in my initial post the submit button would end up getting hidden off to the right when it generated the preview making it really hard to submit stuff on this forum. I basically had to scroll down and hit the submit before it rendered any part of the preview for my entire message to get it submitted.



    I reinstalled under a different path that was not a part of the NFS share where I could control the permissions to match what php-fpm was set to use, and I was able to successfully login. I wrote the session data correctly. It might be beneficial to have some kind of check in place to verify that everything is writeable where it is necessary such as the session storage, otherwise trying to diagnose this on a new install is very difficult.

    For diagnosing this behavior of login page redirects it would be good to make sure that session data is getting written to the session files in app/cache/sessions/

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.