Jump to content
Kipperlenny

Unable to Log In - "You need to enable cookies before you can use Revive Adserver" - another...

Recommended Posts

After upgrading we could not login anymore because of the message "You need to enable cookies before you can use Revive Adserver".

I digged trough github and the board, added https://github.com/revive-adserver/revive-adserver/issues/639 but no luck.

I debugged a bit more and found the problem with 

dirname($_SERVER["SCRIPT_NAME"])

 https://github.com/revive-adserver/revive-adserver/blob/master/www/admin/lib-sessions.inc.php#L70

You cannot be sure, that the SCRIPT_NAME is the same like the directory in the browser (f.e. Aliasdomains in Ispconfig). I could help myself with setting the folder manually - but thats not a good solution :-)

lenny

 

PS: Same Problem with many form actions refering to SCRIPT_NAME... Only SCRIPT_URL and SCRIPT_URI return the correct url/path in my ispconfig aliasdomain (with mod_rewrite) setup...

revive/www/admin/campain-edit.php +283

    $form = new OA_Admin_UI_Component_Form ( "campaignform", "POST",htmlspecialchars($_SERVER["SCRIPT_URL"], ENT_QUOTES)/* $_SERVER ['SCRIPT_NAME']*/ );

 

Edited by Kipperlenny

Share this post


Link to post
Share on other sites

When I clicked on a lnk in an email from my revive ad server installation itself sending my my weekly report I experienced  this message for the first time too.

I noticed it sent me to http://   version of the frontend login page of my revive ad server. rather than the https:// version I had been using hence no problems with this You need to enable cookies before you can use error.

I dont know how to fix the cause which would be for the report to redirect you to https:// version

so I just put the s in the url address bar and it went away and I logged in.

 

Not really a solution but hope it helps someone

 

Share this post


Link to post
Share on other sites

Hi @Struggling with Eververyth ,

If you want to always use HTTPS to access the admin UI, then please ensure that:

1. Revive Adserver is configured to use HTTPS for the admin UI - both in terms of the webserver configuration, and in terms of ensuring that Revive Adserver knows this is what you want (see: https://documentation.revive-adserver.com/display/DOCS/Banner+Delivery+Settings); and

2. Optionally, ensure that your webserver configuration redirects HTTP calls to HTTPS.

Share this post


Link to post
Share on other sites

seriously! Thank you for the link to the documentation it is helpful but for a self taught developer it is very slow going understanding it. So how important is this? What if I don't follow this documentation? How important is it to be https:// ? I thought it was essential when dealing with money. Is this not necessarily so? or am I going to have to do it is just a matter of time?

Share this post


Link to post
Share on other sites
On 9/5/2017 at 9:45 AM, Struggling with Eververyth said:

...and if I don't?

And if you don't what?

Sorry, I don't follow what you are asking.

On 9/5/2017 at 4:34 PM, Struggling with Eververyth said:

seriously! Thank you for the link to the documentation it is helpful but for a self taught developer it is very slow going understanding it. So how important is this? What if I don't follow this documentation? How important is it to be https:// ? I thought it was essential when dealing with money. Is this not necessarily so? or am I going to have to do it is just a matter of time?

"How important is this?" How important is what? 

 

1. How important is it to follow the documentation? 

I would say that if you are experienced in server management, and you know what you are doing, then following the documentation is moderately important, because it will give you a good idea of where you might want to look, if things go wrong, but because you know what you are doing, you will be able to figure it out if you want to deviate from documentation.

If you're not experienced in server management - then following the documentation will be extremely important - assuming you want things to work!

 

2. How important is it to use TLS (aka SSL, https://)?

How important is it to you that your data is secure in transit? How important is it to you that your Revive Adserver logins not be compromised? 

If the answer to either of those is "very important", then using TLS is very important - unless, of course, you are using another appropriate mechanism for your needs.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.




×
×
  • Create New...