Revolution: Modx 2.5 "anonymous_sessions" = 0 prevents logging in to the Manager

Just upgraded an installation on SkyToaster, turned off the anonymous_session to test it, no problems, both with my existing user and a new testing user.

2.4.3 -> 2.5.0-pl, SkyToaster CPanel hosting.

@ilyatut thanks for the report. Something that popped into my mind is the user permissions. What are the access permissions set for the users created. I don't know if new Admin users are created with the Admin /Super User with Group/Role still or not, or if this has any bearing at all.

I specifically gave the new user Administrator with SuperUser role. Not sudo.

@sottwell I am curious about @ilyatut's users too. But that definitely helps clarify for sure.

@ilyatut is there any info in the error_log or on your server logs related to errors such as 40X or similar?

I even created another user, using the supplied Editor policy, and that also works fine.

All my users were created with the Admin /Super User access and sudo. No restrictions.
That's strange, but there are no errors in my core/cache/logs/ folder.

No error_log files on the server too. I will try to copy my website on a separate subdomain and run more tests. I have to add that it wasn't an installation-and-update from the clear Modx 2.4.4. It's a working website sequentially updated from Modx 2.3 with all the stops up to 2.5. A lot of addons and custom snippets. Anyway, I'll try to find out the reason of such a behaviour. Because it repeats when I set "anonymous_sessions" = no. I've just tested it again.

Maybe try it with plugins disabled, I don't see how anything else could affect the Manager login.

Could it have anything to do with being already logged in from a previous mgr session, prior to upgrading? Were the upgrades performed on a fresh session and / or a logged out manager user?

That's possible; I use BobRay's UpgradeMODX which automatically logs any user out.

We're pretty sure this is not caused by the MODX 2.5 core, right?

Not yet, @OptimusCrime I'll spin up a fresh 2.5 in Cloud and see.

I couldn't duplicate this at all on a clean, fresh install of 2.5 so I am thinking something else is at play here.

I hadn't logged out the managers before updating the site, that's true. But it didn't cause any troubles later. Everything worked ok, before I changed anonymous_session. And it's still working ok, when I make it 1 again.
I've made a test. Reset all the user permissions and cleared the cache. Then tried login/logout. It works pretty fine with anonymous_sessions = 1 and still doesn't work with anonymous_sessions = 0. But I need more time to study this... I'll submit the results asap.

@ilyatut what Extras do you have installed?

@rthrash Nothing special: Ace, Batcher, Breadcrumbs, Collections, FormIt, Gallery, getPage, getResources, GoogleSiteMap, Inherit Template, Login, MIGX, MultiUploadDialog, phpThumbOf, SimpleSearch, TinyMCE, translit, UltimateParent, Wayfinder. That's all.

I have installed a fresh new Modx 2.5.0-pl on my local machine and it doesn't have the issue described above. Changing "anonymous_sessions" doesn't affect the login process. So, it's definitely not my local machine settings. Most probably, the reason is in my working project itself. Maybe it's something that I've done or installed before. Maybe it's a result of a wrong updating, I don't know.

@illyut are all your Extras up to date and have you tried to disable ALL the Plugins and then logout and in? Another option would be to move the data and assets to a new install and reinstall your extras and then see if this was an issue. But if it's you're environment, this probably should be closed.

@jaygilmore All Extras are updated. I will try to disable them all now...

@jaygilmore Bingo! Disabling all the plugins solved the problem. Now it's loggin in and out even when "anonymous_sessions" if off. Now all I have to do is disabling them one by one till I find the one is messing around.

Guys, it was Gallery... And even more. It is Gallery. I've done the next two things:
1) I uninstalled Gallery on my working project and the mentioned issue disappeared.
2) I installed Gallery on a brand new Modx 2.5.0-pl, turned "anonymous_sessions" off, logged out and got exactly the same trouble trying to log in!
What's next?

Switch to MoreGallery? :P

Sorry that was lame 😁 Gallery does register an extension package IIRC that would be loaded on all MODX requests, so probably the login too, though not sure how that would break the anonymous sessions..

Or switch to msgallery, or build your own with MIGX. The Featherlight jquery plugin has a nice gallery extension.

Oh... I was just wondering if someone wanted to check it too. The extension is pretty popular, according to downloads. So if the trouble exists not on my local machine only, it would be probably better to let them know. I like Modx 2.5, Gallery and the idea of "anonymous_sessions" as well! :) So I would like them to live and work together without such annoing things. As for now, I will keep my "anonymous_sessions" enabled until they update the Gallery.

Nice 🔍 work, team!

Can we close this as it is not a core problem?

@OptimusCrime Sure.
Everybody, thanks for your help! :)

Hi,
Same problem.
Can you tell how to disable Gallery in phpMyAdmin. Do you have to empty cache also?

You have to edit the JSON in modx_system_settings table with the key extension_packages and remove the gallery extension package there. Caution: the JSON has to be valid after removal.

If you don't want to care about a valid JSON, you shoud remember the current value, empty the value and reinstall all packages that have an extension_package.

Doesn't work :(
Removed extension_packages and anonymous_session=1
Lesson learned: Don't fix it, if it ain't broke = Don't update anything.

I have investigated it a bit further. It is not the extension package but the Gallery plugin. Disabling the GalleryCustomTV and emptying the core/cache folder let me login again.

Interesting side effect: The Ace plugin causes a similar issue. But only once. The first login after enabling the Ace Plugin and emptying the core/cache is not successful, the second one is. Maybe this information helps a bit debugging it.

The difference here is, I get error message when trying to log in:
_The username or password you entered is incorrect._

It looks like an issue with the following command in at least the following 3 extras (Gallery, Image+ and ACE): $modx->controller->addLexiconTopic. Not sure what the real cause is there, maybe an invalid JSON.

There must be an issue in MODX with anonymous_sessions = 0.

The following code leads to login issues with anonymous_sessions = 0 for whatever reason:

        $sources = $this->modx->getCollection('sources.modMediaSource');
        $sourceMap = array();
        foreach ($sources as $source) {
            /** @var modMediaSource $source */
            $source->initialize();
            $sourceMap[$source->get('id')] = new stdClass();
            $sourceMap[$source->get('id')]->url = $source->getBaseUrl();
        };
        return $sourceMap;

Also a call of $modx->controller->addLexiconTopic('imageplus:default'); in OnManagerPageBeforeRender in conjunction with anonymous_sessions = 0 leads to login issues

$modx->controller->addLexiconTopic('imageplus'); works fine.

Using anonymous_sessions = 1 both are fine.

After some discussions on Slack, the conclusion to solve the issue is:

• Don't deactivate anonymous_sessions in MODX system settings. It has to be deactivated for each context.
• The system setting has to be removed in the next version or it has to be locked somehow (if this is possible).

Hi,
I assume that I have the same problem as above as I am unable to transport my site with assets, components, packages and change core config to point to transported database from localhost intranet to my server internet on version 2.5.0 and 2.5.1. It basically just does not let me log back into manager saying that the username or password is invalid. It looks like it is the same issue from the first post here from:
ilyatut commented on 26 Apr • edited
Summary

After updating from my previous Modx 2.4.4 to Modx 2.5, setting the "anonymous_sessions" option to "0" and logging out, I was unable to log in back to the Manager. Newly created users were unable to log in to the Manager too.

I am hoping my issue is the same as above.

We seem to be running into a slightly similar issues. When we try to upgrade a few of our 2.5.1 sites using the Upgrade MODX Extra. We tried first going to 2.5.4 but then tried stepping up to 2.5.2 when we had to restore the site from backup due to the fact that after the initial 2.5.4 upgrade, we could not log into the admin. It would say the password is incorrect every time. No matter if we rset the password via Phpmyadmin or even create a new user in phpmyadmin, it says incorrect user and password.

I checked the anonymous_sessions setting in PHPMYADMIN and it is currently set to 1. I tried changing that to 0 and no avail and then back to 1 and still no avail. Cleared all cache folders. The front end of the site still functions perfectly.

Any ideas?

@mikelannen that doesn't sound related to this. This is about anonymous_sessions being set to 0, not 1 as you indicated it was set in your installation.

Agreed.

I am at a loss as what to try next and this seemed the closest.

Any suggestions what so ever for me? This has happened with two sites recently, both of them 2.5.1 and trying to upgrade them with other the Sotwell index.php installer or the UPGRADE MODX Extra both fail at any attempt to upgrade to any version higher.

--
Best Regards,

Mike Lannen
Founder + Creative Director
Eternity

Office: (802) 865-2000
Direct: (802) 861 0150
182 Main Street Studio 3
Burlington, VT 05401

On Jan 10, 2017, 4:11 PM -0500, Jason Coward notifications@github.com, wrote:

@mikelannen that doesn't sound related to this. This is about anonymous_sessions being set to 0, not 1 as you indicated it was set in your installation.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

Have you tried doing the setup normally?

It is an upgrade of an existing site. So you mean doing a traditional upgrade where we upload the newer files via FTP the manual way?

--
Best Regards,

Mike Lannen
Founder + Creative Director
Eternity

Office: (802) 865-2000
Direct: (802) 861 0150
182 Main Street Studio 3
Burlington, VT 05401

On Jan 10, 2017, 4:23 PM -0500, OptimusCrime notifications@github.com, wrote:

Have you tried doing the setup normally?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

Upload the files overwriting outdated files and rerun the setup on an existing site. That is what your scripts does for you.

Can we close this? The original issue was because of Gallery extra. Second round of problems was explained by @Jako in his comment. Last issue is unrelated(?).

@Jako 's comment should perhaps be opened as an individual issue?