1 Topic by patp

  • patp
  • Guest

Topic: getting kicked out

Luxcal is fantastic for our Club. A real winner.

But we have issues regarding staying logged in on the Calendar.  Following recent upgrade to V4.6.0 then V4.6.1, sometimes the person logged in for event processing gets 'kicked out' and can't edit event forms. 
When we try and create a new event and then go to save, an error panel pops up (white background...not a luxcal message pop up) and the error message displayed says  "not permitted (CSRF)" followed by "No ST" on the second line.
If we try and open the event form again, either to create a new event or edit and existing event, a luxcal error message pops up and says "no  edit rights (event)".
Relogging in doesn't help.  We have to exit our web site then re-enter our web site then log into the calendar again.

It could be related to having two login systems.  Our luxcal calendar is accessed via a secure website where you have to log in.  This is a simple PHP log in system but does not give login access to the luxcal calendar.  You can only view the calendar under Public Access rights at this stage.  To create/edit the calendar events, you have to log in a second time into the calendar specifically (top right hand side). 

Now this is ok for most of the time, but after a while ....perhaps 10-15mins, you lose logged in privileges where you can't create or edit events.  Luxcal still thinks you are logged in by displaying your login name in top right hand corner.

Is it because the web server is getting confused by two session id's ???  one for the website and the other for the luxcal calendar ??

We are displaying the calendar via an iframe on one our web pages.  I think it also happens if we try and access an event via a mini monthly calendar.

Now I'm not an expert programmer, taught myself, but would like to have one login that can also log into the calendar using the same session id (is that the correct terminology ???)...BUT only for certain people.  That is when logging into the website, this will also  log into the calendar i.e. SSO. 
I've read the 'installation guide' but it's a bit confusing.  I need to pass web site login details into calendar.  How ??... some examples would help.

Basically, asking for example for SSO for some people only.
Others to have Public Access only but could probably handle this via the 'users' and 'user group' setup.

Regards

Patp
West Australia

Quote Post 1

2 Reply by Patp

  • Patp
  • Guest

Re: getting kicked out

Update...

I have managed to institute a SSO (single sign on) for key personnel i..e logging into web site will also log into calendar for some of the users.  This seems to work ok.  Issue was that I have two separate MySQL tables containing log in details....one is 'mycal_users' for calendar and the other is for the website.  The later was created first, prior to installation of luxcal.  I will eventually merge these two but at the moment I have aligned some data between the two such that the login script accesses the correct info to achieve SSO.

I suspect that the "not permitted (CSRF)" / "No ST" issue was related to having two login systems.  If that's true, then the SSO will solve the issue.  If not ...... ????
Time will tell.

Patp
Perth, West Australia

Quote Post 2

3 Reply by Patp

  • Patp
  • Guest

Re: getting kicked out

Further Update ......

Hope, the SSO hasn't solved the problem.
Still got same error issue come up.
Minor change from description above....

When logged on for a while, then when trying to SAVE an event form which was edited i.e. opened an existing event and then trying to save a change.... error comes up.  This comprises of a pop-up with the message "not permitted (CSRF)" / "No ST".  The pop-up is white background so is not luxcal error pop-up.
I then logout of luxcal calendar (but not out of the website) then re-log back into luxcal calendar, I am able to resume normal operation and edit and save changes to existing events.  Note, the original changes were NOT saved when error occurred.

Doing some research on the net, it means 'cross-site request forgery (CSRF)'.  It
seems to be related to the posting of forms.  That would explain the error occurring when trying to save events.

Any ideas ........

Regards

Patp
Perth, West Australia

Quote Post 3