Cms: Permissions Screwy after 3.6.6 upgrade

Created on 16 Feb 2021  路  3Comments  路  Source: craftcms/cms

Description

Here's what I've noticed so far:

  • As an admin, I cannot reorder any structure (admin/actions/structures/move-element returns 403 with {"error":"User is not authorized to perform this action"}
  • As an admin, when editing a user, I get "This action may only be performed with an elevated session."

I'll post more as I dig, just wanted to see if others had the same trouble, and if it was related to 3.6.6 upgrade.

bug
Source
picture timkelty

All 3 comments

As hoped/expected, this didn't actually have anything to do with 3.6.6. Unrelated session issue. Carry on!

timkelty picture timkelty on 17 Feb 2021
👍1

What was the session issue? I'm experiencing this as well (3.6.9), and have tried clearing the session.

richardcalahan picture richardcalahan on 16 Mar 2021

@richardcalahan it was infrastructure related, not Craft/app.

In this case, there were multiple docker redis containers running, causing it to function as a load balancer, inadvertently spreading session data between them.

I've also seen this happen, if you don't have a centralized session store (eg redis), and the environment changes from something with 1 container to multiple. This can happen very easily on Heroku, eg.

timkelty picture timkelty on 16 Mar 2021
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

michel-o picture michel-o  路  3Comments
angrybrad picture angrybrad  路  3Comments
leigeber picture leigeber  路  3Comments
lukebailey picture lukebailey  路  3Comments
angrybrad picture angrybrad  路  3Comments